Domain 2

Question 1

Nation State

Answer 1

Country’s Government that uses cyber attacks to disrupt or steal information from another country. High Skill. Motivation Espionage, Disruption, Power. Example - Stealing intellectual property from a foreign competitor

Question 2

Unskilled Attacker

Answer 2

Someone with limited technical knowledge who may launch attacks out of curiosity or malice. Low. Malice, Curiosity. Launching a phishing campaign against random email addresses

Question 3

Hacktivist

Answer 3

To promote a political or social cause. Varies skill. Values (Political/Social). Example leaking sensitive data from a corporation they believe is unethical

Question 4

Insider Threat

Answer 4

Authorised Internal user who intentionally or unintentionally misuses their access to harm a system or organisation. Varies (Financial Gain, Espionage, Disgruntled employee). Selling customer data

Question 5

Organised Crime

Answer 5

A criminal syndicate that uses cyberattacks for financial gain, such as stealing money or data. High Sill. Financial Gain (Extortion or Fraud). Example Ransomware attack on a major hospital chain

Question 6

Shadow IT

Answer 6

Employees leveraging unauthorised or unmanaged IT resources used within an organisation, which can create security vulnerabilities. Varies. Productivity

Question 7

Data Exfiltration’s

Answer 7

Unauthorised removal of sensitive or proprietary information from computer system

Question 8

Espionage

Answer 8

Goal of stealing confidential information from another organisation

Question 9

Service Disrption

Answer 9

Causing Outages

Question 10

Blackmail

Answer 10

Threat to expose sensitive information

Question 11

Financial Gain

Answer 11

Steal money or valuables

Question 12

Political belief

Answer 12

Driven by ideological or political motivations

Question 13

Ethical Hacking

Answer 13

Authorised Stimulated attacks

Question 14

Revenge

Answer 14

Retaliate against previous activity

Question 15

Disruption/Chaos

Answer 15

Aimed at causing widespread disruption

Question 16

War

Answer 16

Disrupt Enemy military operations

Question 17

Threat Vector

Answer 17

Method or Combination of methods that attacker use to gain unauthorised access to a computer system, network or data

Question 18

Attack Surface

Answer 18

Sum total of all the possible entry points.

Question 19

Authority

Answer 19

Citing Position, Responsibility or affiliation that grants the attacker the authority to make the request

Question 20

Intimidation

Answer 20

Suggesting you may face negative outcomes

Question 21

Consensus

Answer 21

Claiming that someone is in a similar position

Question 22

Famililarity

Answer 22

Attempting personal connection

Question 23

Trust

Answer 23

Citing Knowledge and experience

Question 24

Urgency

Answer 24

Time sensitivity that demands immediate action

Question 25

Spear Phishing

Answer 25

Targets Specific group of users

Question 26

Whaling

Answer 26

Targets high level executives

Question 27

Vishing

Answer 27

Voice based Phishing

Question 28

Smishing

Answer 28

SMS based messaging

Question 29

Pretexting

Answer 29

Attacker tries to convince a victim to give up information of value, or access to a service or system

Question 30

Watering Hole

Answer 30

Attackers compromise a legitimate website frequently visited by a target grou

Question 31

Brand Impersonation

Answer 31

Attacker creates websites, social media accounts, or email that closely resemble those of a legitimate brand

Question 32

Typosquatting

Answer 32

Typing incorrect website address. URL Hijacking

Question 33

Vulnerability

Answer 33

Weakness in system

Question 34

Threat

Answer 34

Potential event that could exploit the vulnerability

Question 35

Exploit

Answer 35

Specific Method/tool used to take advantage of a vulnerability

Question 36

Attack

Answer 36

Actual attempt

Question 37

Buffer Overflow

Answer 37

Exist when a developer writes code that does not validate user input to ensure it does not allow input that is too large. Prevent this with Input Validation and Prevent this by software training.

Question 38

Memory Injection

Answer 38

Maliciously inserting information into memory is known as memory injection. This is primary goal of buffer overflow

Question 39

Integer Overflow

Answer 39

Putting too much information into small space

Question 40

Race Condition

Answer 40

Systems behaviour is based on sequence or timing of uncontrollable events

Question 41

Time of Check

Answer 41

Moment a system verifies access permission or other security controls

Question 42

Time of Use

Answer 42

Moment when the system accesses the resources or uses granted permission

Question 43

SQL Injection

Answer 43

Use unexpected input to a web application to gain unauthorised access to an uderlying database

Question 44

Cross Site Scripting

Answer 44

Malicious scripts are injected into otherwise benign and trusted websites through input field

Question 45

Firmware

Answer 45

Firmware attacks can occur through the update process or one of malicious downloads, impacting the boot process

Question 46

End of life

Answer 46

Aging equipment that has some usable lifespan left

Question 47

Legacy

Answer 47

Hardware, Software that are unsupported

Question 48

Server Virtualisation

Answer 48

Is the process of dividing a physical server into multiple unique and isolated virtual servers by means of software applications (hypervisor)

Question 49

Resource Reuse

Answer 49

When cloud providers take hardware resources originally assigned to one customer and reuse them with another customer

Question 50

Rooting and Jailbreaking

Answer 50

Remove the vendor restrictions on a mobile device

Question 51

Zero day

Answer 51

Attack that uses a vulnerability that is either unknown to everyone

Question 52

Trojan

Answer 52

A software program that appears good and harmless but carries a malicious, hidden payload that has the potential to wreak havoc on a system or network

Question 53

Spyware

Answer 53

Software designed to monitor and steal a users activity without their knowledge

Question 54

Worm

Answer 54

Self replicating program that spreads itself across network, infecting other computers

Question 55

Bloatware

Answer 55

Unnecessary software pre-installed on a device

Question 56

Keylogger

Answer 56

Software or hardware that records every keystroke typed on a computer

Question 57

Multipartite virus

Answer 57

Use more than one propagation technique

Question 58

Stealth Viruses

Answer 58

Hide themselves by actually tampering

Question 59

Polymorphic Viruses

Answer 59

Modify their own code as they travel

Question 60

Logic Bomb

Answer 60

Malicious code designed to trigger a specific action at a predetermined time or even

Question 61

Rootkit

Answer 61

Provides attacker Privileged Access

Question 62

Denial of Service

Answer 62

Is a resource consumption attack intended to prevent legitimate activity on a victimised system

Question 63

DDOS

Answer 63

DOS attack multiple compromised computers

Question 64

Reflected DDOS

Answer 64

Attacker sending request to third party server with a spoofed source IP address

Question 65

Amplified DDOS

Answer 65

Reflection techniques in combination with amplification

Question 66

DNS Poisoning

Answer 66

Attacker alters the domain name to IP address mappings in DNS system. May direct traffic to a rogue system or perform Denial of service

Question 67

DNS Spoofing

Answer 67

Attacker sends false replies to a requesting system beating real repy from valid DNS server

Question 68

Domain Hijacking

Answer 68

Change the registration of a domain through technical means

Question 69

Bluejacking

Answer 69

Push unsolicited message

Question 70

Bluesnarfing

Answer 70

Data theft using Bluetooth

Question 71

Blue bugging

Answer 71

Backdoor attack before returning control of the phone to its owner

Question 72

Evil Twin

Answer 72

Malicious Access point set up to appear to be legitimate trusted network

Question 73

Rogue Access Points

Answer 73

Access Points added to your network either intentionally or unintentionally.

Question 74

On Path attack (Man in the Middle Attack)

Answer 74

Attacker between 2 endpoints and is able to intercept traffic

Question 75

Credential Replay

Answer 75

Stealing or Capturing legitimate login credentials

Question 76

Directory Traversal

Answer 76

Gain access to restricted directories . Command Injection attack is used to carry Directory traversal

Question 77

Collision Attack

Answer 77

Two inputs that produce the same hash value. MD5 is known for collision

Question 78

Downgrade Attack

Answer 78

Protocol that is downgraded from higher mode to lower mode

Question 79

Birthday attack

Answer 79

Attempt to find collision in hash function. Targets Digital Signature

Question 80

Password Spraying

Answer 80

Single password for many different accounts

Question 81

Mobile App Management (MAM

Answer 81

keep personal and business data separate

Question 82

Mandatory Access Control

Answer 82

Determined by the system and not the object owner

Question 83

Discretionary Access Control

Answer 83

Permits the owner or creator of an object to control and define accessibility. NTFS file permission

Question 84

Non discretionary access control

Answer 84

Enables the enforcement of system wide restrictions that override object specific access control

Question 85

Rule based Access control

Answer 85

Rules define the traffic

Question 86

Role Based Access control

Answer 86

Well defined collection of name job control

Question 87

Application Allow lst

Answer 87

Explicitly allowed application

Question 88

Application Deny

Answer 88

Not restricted will be allowed

Question 89

Hardware Root of Trust

Answer 89

A line of defence against executing unauthorised firmware. It verifies keys match before the secure boot process

Question 90

Trusted Platform Module

Answer 90

Chip on the motherhood. Multipurpose for securing keys and FDE

Question 91

Extended Detection and Response

Answer 91

Includes Network devices, cloud infrastructure, IoT devices

Question 92

HIPS - Host based intrusion prevention system