Domain 2:Threats, Vulnerabilities, and Mitigations

Question 1

Nation state

Answer 1

These are government-sponsored entities that engage in cyber operations to further their national interests.

Question 2

Advanced Persistent Threat (APT

Answer 2

APT is a sophisticated and focused cyberattack launched by well-funded and highly skilled opponents, such as nation-backed agents or organized cybercriminal group

Question 3

Unskilled attacker

Answer 3

unskilled attackers lack technical prowess and often resort to using off-the-shelf tools or purchasing tools from the dark web. T

Question 4

Hacktivists

Answer 4

Hacktivists are individuals or groups driven by ideological, political, or social motives.

Question 5

Insider threats

Answer 5

Insider threats originate from within an organization and can be particularly challenging to detect. These threat actors include employees, contractors, or business partners who misuse their access to compromise data, systems, or networks.

Question 6

Organized crime

Answer 6

Their operations are characterized by a hierarchical structure, division of labor, and a focus on monetary gains.

Question 7

Shadow IT

Answer 7

Shadow IT refers to technology used within an organization without proper approval or oversight from the IT department

Question 8

Internal threat actors:

Answer 8

These originate from within an organization’s own ranks, often taking advantage of their familiarity with systems, networks, and processes. They can be employees, contractors, or even business partners. Internal threat actors may exploit their access to data and systems to launch attacks, whether intentionally or inadvertently. These attacks could stem from various motivations, such as financial gain, revenge, or personal grievances.

Question 9

External Threat actors

Answer 9

These come from outside the organization and include a wide range of entities, from individual hackers to organized crime groups and nation states. External threat actors typically lack direct knowledge of the target’s internal systems, which may lead them to rely on reconnaissance and social engineering to gain access. Their attacks can vary greatly and can encompass espionage, data theft, and financial fraud.

Question 10

Well funded threat actors

Answer 10

: These actors have access to substantial resources, which may be in the form of financial backing, advanced technology, or even government support. Nation state and APT threat actors fall into this category, often possessing significant budgets, specialized teams, and cutting-edge tools. Their attacks can be highly sophisticated and involve well-disguised techniques designed to evade detection.

Question 11

Limited resources

Answer 11

Some threat actors, especially small-scale cybercriminals or unskilled attackers, may operate with limited resources. They might rely on readily available hacking tools, social engineering, or other low-cost methods. While their attacks may lack complexity, they can still be effective, particularly when targeting less secure targets. Understanding the level of resources/funding at a threat actor’s disposal provides insight into their potential impact and the scale of their operations.

Question 12

Well-resourced threat actor

Answer 12

These actors possess advanced technical skills and deep knowledge of various attack vectors. Nation states, APT groups, and certain organized crime syndicates often fall into this category. Their attacks involve zero-day vulnerabilities, custom malware, and intricate evasion techniques.

Question 13

Limited resources

Answer 13

Some threat actors, especially small-scale cybercriminals or unskilled attackers, may operate with limited resources. They might rely on readily available hacking tools, social engineering, or other low-cost methods. While their attacks may lack complexity, they can still be effective, particularly when targeting less secure targets. Understanding the level of resources/funding at a threat actor’s disposal provides insight into their potential impact and the scale of their operations.

Question 14

Highly sophisticated threat actors

Answer 14

These actors possess advanced technical skills and deep knowledge of various attack vectors. Nation states, APT groups, and certain organized crime syndicates often fall into this category. Their attacks involve zero-day vulnerabilities, custom malware, and intricate evasion techniques.

Question 15

Less sophisticated threat actors:

Answer 15

Unskilled attackers, script kiddies, and some cybercriminals operate with less advanced technical skills. They might rely on easily accessible tools, pre-made malware, and simpler attack methods. Despite their limited capabilities, their attacks can still cause significant disruptions and data breaches. They may purchase products from the dark web.

Question 16

SSL/TLS downgrade attack

Answer 16

SSL/TLS downgrade attack is where an attacker exploits vulnerabilities in the communication between a client (such as a web browser). The attacker suggests using an older, less secure encryption method instead of the stronger ones that both parties support. The server is thus tricked into using less secure encryption protocols or algorithms, making it easier for the attacker to intercept and decrypt the data being transmitted, thereby compromising the security and confidentiality of the connection

Question 17

Bluesnarfing

Answer 17

g. Bluesnarfing, in contrast, is a malicious act that involves gaining unauthorized access to a Bluetooth-enabled device’s data (such as contacts, messages, or files) without the owner’s knowledge or consent.

Question 18

SNMP Manager

Answer 18

SNMP managers are centralized systems responsible for monitoring and managing network devices. They initiate SNMP requests to gather information from SNMP agents and can also configure and control devices. Managers use SNMP protocol operations such as GET, SET, and GETNEXT to retrieve or modify information stored in the Management Information Base (MIB), which stores information about devices on the network. SNMP managers play a vital role in network monitoring and troubleshooting by polling SNMP agents for data and making decisions based on the collected information.

Question 19

Isolation Duration

Answer 19

Isolation duration determines how long a system should remain in quarantine based on the severity of the alert and the steps taken for remediation.

Question 20

False Negative

Answer 20

A false negative means that there is a vulnerability that has already been patched, but the scanner does not detect it

Question 21

Risk Exemption

Answer 21

Exemption refers to the act of relieving an individual, group, or entity from a specific obligation, rule, or policy that is generally applied across the organization. Exemptions are typically granted when adherence to a specific rule or policy is impractical or unfeasible. They are usually formal and documented and have a specified duration, and they may require approval from regulatory or governing bodies on a case-by-case basis.

Question 22

Risk Exception

Answer 22

Risk exception: An exception in risk management pertains to an approved deviation from a set policy or standard. This deviation is typically temporary and is allowed due to the absence of a viable alternative, often with compensatory controls to mitigate associated risks.

Question 23

Remote desktop protcol number

Answer 23

Remote Desktop Protocol (RDP) 3389 TCP This Windows proprietary protocol that enables remote connections to other computers

Question 24

Whaling

Answer 24

An email attack where the target is the CEO or a high-level executive.

Question 25

On-Path attack

Answer 25

It is an interception attack, examples of which include Man-in-the-Middle and replay attacks

Question 26

hat type of attack uses a tar.gz file extension?

Answer 26

RAT(Remote Access Trojan)

Question 27

Pharming

Answer 27

Pharming is a two-step process that begins with an attacker installing malicious code on a victim’s computer or server. That code sends the victim to a spoofed website, where they may be tricked into offering their personal data or login credentials for a website or online service

Question 28

DNS posining

Answer 28

happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website. DNS poisoning also goes by the terms “DNS spoofing” and “DNS cache poisoning.”

Question 29

SSL

Answer 29

SSL is technology your applications or browsers may have used to create a secure, encrypted communication channel over any network. However, SSL is an older technology that contains some security flaws. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities.

Question 30

DNS

Answer 30

The Internet’s DNS system works much like a phone book by managing the mapping between names and numbers. DNS servers translate requests for names into IP addresses, controlling which server an end user will reach when they type a domain name into their web browser.

Question 31

Salting

Answer 31

In the context of cybersecurity, “salting” refers to the technique of adding random data (or a “salt”) to passwords before they are hashed and stored.

Question 32

DSA

Answer 32

Ays The Digital Signature Algorithm (DSA) is a public-key cryptosystem and Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem

Question 33

ECDSA

Answer 33

ECDSA (Elliptic Curve Digital Signature Algorithm)

•	Purpose: Used for digital signatures.
•	Function: Provides authentication by ensuring the integrity and authenticity of data. It generates a digital signature using a private key, which can be verified using the corresponding public key.
•	Performance: Generally faster and more efficient than traditional algorithms like RSA for the same level of security.
•	Usage: Commonly used in SSL/TLS certificates to verify the identity of servers.

Question 34

What is the difference between ECDH and ECDSA?

Answer 34

• ECDSA is about ensuring the authenticity and integrity of data through digital signatures.
  
  • ECDHE is about securely negotiating and exchanging encryption keys to keep your communications confidential.

Question 35

Registration Authority

Answer 35

A Registration Authority (RA) is a function for certificate enrollment used in public key infrastructures. RA, Acceptes requests for digital certificates ,Authenticating the entity making the request

Question 36

HMAC

Answer 36

Hash-based message authentication code (or HMAC) is a cryptographic authentication technique that uses a hash function and a secret key. With HMAC, you can achieve authentication and verify that data is correct and authentic with shared secrets, as opposed to approaches that use signatures and asymmetric cryptography

Question 37

Which of the following defines a file format for storing and exchanging personal identity information, including private keys and digital certificates?

Answer 37

P12

Question 38

http port number

Answer 38

80
By default, these two protocols are on their standard port number of 80 for HTTP and 443 for HTTPS.

Question 39

Directive Controls

Answer 39

Directive controls involve providing specific instructions or guidelines to ensure compliance with policies, procedures, or regulations. They establish a clear framework for employees to follow. Examples of directive controls include a code of conduct or ethical guidelines that outline acceptable behavior within an organization, standard operating procedures (SOPs) that detail step-by-step instructions for completing tasks, and regulatory requirements that mandate specific reporting procedures for financial institutions.

Question 40

TPM VS HSM

Answer 40

TPM is a hardware-based security component integrated into computers and devices. It generates, stores, and manages cryptographic keys in a secure environment. An HSM is a physical device designed to manage cryptographic keys and perform encryption and decryption operations