Domaine 2 : Menaces, vulnérabilités et atténuations

Question 1

What are Script Kiddies?

Answer 1

Inexperienced individuals using existing tools to exploit vulnerabilities without understanding the underlying systems.

Script Kiddies often rely on user-friendly hacking tools created by others.

Question 2

What is the primary motivation of Hacktivists?

Answer 2

Promoting political agendas through unauthorized access or disruption of systems.

Hacktivism often involves activism or protest against perceived injustices.

Question 3

What distinguishes Organized Crime in the context of cyber threats?

Answer 3

Groups engaging in cybercrime for financial gain, often employing sophisticated techniques.

Organized Crime can include activities like identity theft, credit card fraud, and ransomware attacks.

Question 4

Who are Nation-State Actors?

Answer 4

Government-sponsored entities conducting cyber-espionage or cyber-attacks to achieve national objectives.

Nation-State Actors often target critical infrastructure and sensitive data.

Question 5

What role do Insiders play in cybersecurity threats?

Answer 5

Employees or associates with authorized access who intentionally or unintentionally compromise security.

Insider threats can be particularly challenging to detect and mitigate.

Question 6

How can Competitors exploit cyber vulnerabilities?

Answer 6

By seeking to gain an advantage through unauthorized access to proprietary information.

This can include industrial espionage and data theft.

Question 7

What does the motivation of a threat actor indicate?

Answer 7

Understanding the intent behind an attack helps in anticipating and mitigating threats.

Motivations can range from financial gain to ideology.

Question 8

Why are resources important in assessing threat actors?

Answer 8

The level of funding and tools available to the threat actor influences the sophistication of attacks.

More resources can lead to more advanced and damaging cyber attacks.

Question 9

What do capabilities refer to in the context of threat actors?

Answer 9

Technical skills and knowledge determine the potential impact of the threat actor.

Capabilities can include programming skills, access to hacking tools, and experience.

Question 10

What does intent clarify regarding threat actors?

Answer 10

Whether the actor aims to disrupt, steal, or damage assets.

Understanding intent can help organizations tailor their defenses.

Question 11

What is meant by opportunity in assessing threat actors?

Answer 11

Access to systems or vulnerabilities that can be exploited.

Opportunity can arise from poor security practices or unpatched software.

Question 12

How should organizations assess potential threat actors?

Answer 12

By analyzing their motivations, resources, capabilities, intent, and opportunity.

This assessment helps in prioritizing and implementing effective security measures.

Question 13

What are common messaging systems exploited by attackers?

Answer 13

Email, SMS, and instant messaging

Attackers use these systems to deliver malicious links or attachments.

Question 14

What techniques do attackers use in messaging systems?

Answer 14

Phishing, smishing, vishing

Phishing is via email, smishing via SMS, and vishing via voice.

Question 15

What types of files can contain embedded malware?

Answer 15

PDFs, documents, spreadsheets, executables

These file types often use macros and scripts to initiate attacks.

Question 16

What is a common method for initiating attacks in files?

Answer 16

Macros and scripts

These can be embedded within various file formats.

Question 17

How can images pose a threat?

Answer 17

Images, particularly SVG files, can include malicious code

This code executes when the image is viewed.

Question 18

What risk do USB drives pose in terms of malware?

Answer 18

USB drives can introduce malware, especially as HIDs

Configured as keyboards, they can automate malicious actions.

Question 19

What are air-gapped systems vulnerable to?

Answer 19

Physical security compromise

If physical access is gained, air-gapped systems can be infected.

Question 20

What is a common issue with default credentials?

Answer 20

Many systems are deployed with default usernames and passwords

These can be easily exploited by attackers.

Question 21

What do misconfigured services and open ports provide?

Answer 21

Avenues for unauthorized access

Misconfigurations can lead to security vulnerabilities.

Question 22

How can supply chain vulnerabilities be exploited?

Answer 22

Compromising third-party software or hardware components

Trusting unverified sources can lead to widespread vulnerabilities.

Question 23

What is the risk of unpatched software?

Answer 23

May contain known vulnerabilities

Regular updates and patch management are crucial for security.

Question 24

What can open or poorly secured network ports lead to?

Answer 24

Unauthorized access

Proper firewall configurations and network segmentation help mitigate these risks.

Question 25

Fill in the blank: Attackers exploit _______ to deliver malicious links or attachments.

Answer 25

messaging systems

Question 26

True or False: All USB drives are safe from malware.

Answer 26

False ## Footnote USB drives can introduce malware, especially when misconfigured.

Question 27

What are some examples of techniques used by attackers in messaging?

Answer 27

* Phishing * Smishing * Vishing ## Footnote Each technique targets different communication methods.

Question 28

What is the purpose of patch management?

Answer 28

Regularly update systems and applications to fix known vulnerabilities ## Footnote It is crucial for maintaining the security and functionality of software.

Question 29

What should be implemented to ensure timely updates in patch management?

Answer 29

Automated patching processes ## Footnote Automation helps reduce the risk of human error and delays.

Question 30

What is the role of encryption in data protection?

Answer 30

Protect data at rest and in transit ## Footnote Encryption secures sensitive information from unauthorized access.

Question 31

What should be employed to safeguard sensitive information?

Answer 31

Strong encryption protocols ## Footnote Using robust encryption algorithms is essential for security.

Question 32

What is the importance of monitoring and logging in security?

Answer 32

Continuously monitor systems for unusual activities or potential threats ## Footnote This helps in early detection of security incidents.

Question 33

What should be maintained to assist in incident detection and response?

Answer 33

Comprehensive logs ## Footnote Logs provide critical information during investigations.

Question 34

What does the least privilege principle entail?

Answer 34

Grant users only the access necessary to perform their job functions ## Footnote This minimizes the risk of misuse of privileges.

Question 35

Why is it essential to regularly review and adjust permissions?

Answer 35

To minimize potential abuse ## Footnote Regular reviews help ensure that only necessary access is granted.

Question 36

What is network segmentation?

Answer 36

Divide networks into segments to contain potential breaches ## Footnote Segmentation limits the spread of attacks within a network.

Question 37

What should be implemented between network segments to enhance security?

Answer 37

Firewalls and access controls ## Footnote These tools help regulate traffic and protect sensitive areas of the network.

Question 38

What is the goal of security awareness training?

Answer 38

Educate employees about common threats like phishing and social engineering ## Footnote Training reduces the likelihood of successful attacks exploiting human vulnerabilities.

Question 39

What is important for promoting a culture of security awareness?

Answer 39

Reducing human-related vulnerabilities ## Footnote A security-aware culture encourages proactive behavior among employees.

Question 40

What should be developed and regularly updated as part of incident response?

Answer 40

An incident response plan ## Footnote This ensures organizations are prepared for various security incidents.

Question 41

What is the purpose of conducting drills in incident response planning?

Answer 41

Ensure preparedness for potential security incidents ## Footnote Drills help identify weaknesses in the response plan.

Question 42

What is the importance of implementing regular backup procedures?

Answer 42

Protect against data loss ## Footnote Regular backups are essential for data integrity and recovery.

Question 43

What should be tested to ensure data can be restored effectively?

Answer 43

Recovery processes ## Footnote Testing recovery ensures that backups are functional and reliable.