Exam Study Material

Question 1

What is the cyber kill chain model?

Answer 1

The cyber kill chain model is a series of processes that show the various steps of a cyber attack. From the early stages of gathering information about potential victim to successfully having hands on keyboard extent control over the victim. The model helps us to determine and prevent against attacks

Question 2

What are the 7 steps of the cyber kill chain model

Answer 2

Recconaissance
Weaponisation
Delivery
Exploitation
Installation
Control and command
Action on Objective

Question 3

What is reconnaissance?

Answer 3

Selecting the victim, Information gathering, doing your homework on the victim, learning and analysing the network and systems and finding vulnerabilities and loopholes.

Question 4

What is weaponisation?

Answer 4

Crafting the attack based on the loopholes and vulnerabilities discovered

Question 5

What is delivery?

Answer 5

Delivering payload to the target via email, usb, phishing etc.

Question 6

What is installation?

Answer 6

Installing malware on the targets system eg remote access trojan or backdoor loophole

Question 7

What is exploitation?

Answer 7

Exploiting a vulnerability to execute the malicious code on the victims system

Question 8

What is command and control?

Answer 8

Gives the attacker remote access to manipulate the victims system

Question 9

What is action on objective?

Answer 9

The attacker has accomplished his goal and successfully carried out the attack to an extent he has so much control over the system that he’s basically got his “hands on keyboard” of the victim. He can now get collect, encrypt and disrupt services as he pleases.

Question 10

What are the 5 pillars of information security?

Answer 10

C
I
A
Authentication
Non-repudiation

Question 11

What is the Diamond Model Intrusion Analysis?

Answer 11

This model emphasises the relationships and characteristics of four basic components: the adversary, capabilities, infrastructure, and victims. The main axiom of this models states, “For every intrusion event, there exists an adversary taking a step toward an intended goal by using a capability over infrastructure against a victim to produce a result.”

Question 12

What are the 4 components of the Diamond Model?

Answer 12

Adversary, Capability, Infrastructure and Victim

Question 13

In regards to the diamond model, what is adversary?

Answer 13

This can be simply put as the person behind the malicious actions. Theres the adversary operator and adversary customer. The operator is the person carrying out the intrusion whereas the customer is someone who benefits from the intrusion.

Question 14

In regards to the diamond model, what is capability?

Answer 14

Capability focuses on the describing and defining the tools and techniques employed by the adversary.

Question 15

In regards to the diamond model, what is infrastructure?

Answer 15

Ip address, domain, email address, technology, product

type 1: infrastructure owned by intruder
type2: not owned, but used by intruder eg email account.

Question 16

In regards to the diamond model, what is victim?

Answer 16

it is the targets resources such as network, ip address, emails, social accounts etc that the adversary targets.

Question 17

What are the 6 meta features of the diamond model?

Answer 17

1. Time stamp - each event is noted with its own date/time.
2. Phase - malicious activity happens in a chain of events not a single event.
3. Result - what was the result of the adversary’s operation. Did they succeed or fail and why and how.
4. Direction - the direction of the events that occurred are important when considering the placement for detection when it comes to mitigation.
5. Methodology - used to describe the general class of the activity eg. phising, port scan, syn flooding etc.
6. Resources - one or more resources the event requires eg. software, hardware, funds.

Question 18

What is the CIA Triad?

Answer 18

Confidentiality - is all about making sure data/information stays private and only is accessed by an authorised person. It works on the basis of least privilege or need to know basis. The goal is to ensure people who don’t have access to classified information can not get their hands on this data/info, while the people who have the clearance for this can access it. An example of this is using user ID’s and passwords, ACL’s and policy based security

Integrity - Is making sure that data is not changed or altered all the while staying accurate and consistent. There are ways to ensure that data maintains its integrity, using things such as data encryption hashing algorithms etc.

Availability - Availability is the guarantee of reliable and constant access to your sensitive data by authorised people. Eg. having a disaster recovery plan or backup to ensure data isn’t lost and is available to authorised people.

Question 19

What are the Five Pillars of Information Assurance?

Answer 19

Confidentiality
Integrity
Availability

Authentication - is basically ensuring that something is legitimate or someone is really who they say they are. Eg, doing a 2 step verification to log into a social media account verifies its you. or even biometrics, passwords etc.

Non-Repudiation - is the assurance that someone cannot deny something. Eg when someone signs a contract or sends a message they cannot deny that it wasn’t them due to their signature or cannot say they didn’t send the message.

Question 20

What is penetration testing? its processes and two tools

Answer 20

pen testing is basically testing systems, networks and applications for vulnerabilites and loopholes that can be exploited.

The process involves gathering information, identifying vulnerabilities, attempting exploitation and reporting findings.

Question 21

Two penetration testing tools and what what they do?

Answer 21

Armitage - a tool from metasploit that scans and visualises the target and recommends a list of exploits that can be carried out.

Necromancer - its a vm that has a capture the flag environment used to analyse network traffic

Question 22

What is CVE and CVSS?

Answer 22

CVE is a list of common vulnerabilities and exposures and CVSS is common vulnerability scoring system which is a system that ranks security vulnerabilities based on their severity.

Question 23

What is CVSS composed off?

Answer 23

Its composed of three metrics

1. Base - this is the characteristics of a vulnerability that are constant over time and user environment.
2. Temporal - represents the characteristics of a vulnerability that change over time but not among user environment.
3. Environmental - represents the characteristics of a vulnerability that

Question 24

Waht are the levels of severity and scaling?

Answer 24

Low severity - 0 - 3.9
medium severity - 3.9-6.9
high severity - 7.0 - 8.9
critical severity - 9.0-10

Question 25

What is NZISM?

Answer 25

New Zealand Information Security Manual is the nz governments manual on information assurance and information systems security. its based on risk management, governance, assurance and other technical standards.

Question 26

What is the ISO 27001?

Answer 26

The focus of ISO 27001 is the CIA of the information in a company.

Question 27

What is the NIST SP 800-53

Answer 27

NIST SP 800-53 is a guideline and standards document produced by NIST to help federal organisations comply with the Federal Information Security Management Act.