Final Exam 2

Question 1

What is a vulnerability

Answer 1

A flaw in a system that can be taken advantage of to impact the confidentiality, integrity, or availability of the system

Question 2

What is an exploit

Answer 2

An attack taking advantage of a vulnerability

Question 3

What is a zero-day

Answer 3

An exploit for a vulnerability that has no fix

Question 4

What is a virus vs a worm

Answer 4

Virus - malware that replicates locally, often infecting files
Worm - malware that spreads from system to system automatically

Question 5

What is adware

Answer 5

Malware making money through advertising manipulation

Question 6

What is spyware

Answer 6

Malware collecting private info

Question 7

What is scareware

Answer 7

Malware scaring users with threats to coerce actions

Question 8

How does a credential stealer steal credentials?

Answer 8

Accesses memory, temporary internet files, keylogging

Question 9

What is a rootkit?

Answer 9

Malware with admin privileges allowing persistent access to a compromised system

Question 10

What is RAT?

Answer 10

Remote Admin Tool, allows remote access to a system

Question 11

Biggest email threat and how it propagates

Answer 11

Virus (or worm) sets up a backdoor; propagates via sending spam e-mails that turn systems into “spambots”

Question 12

What is phishing?

Answer 12

An attempt to gather sensitive info by masquerading a trustworthy entity

Question 13

Ways of identifying phishing threats/protecting yourself from malware

Answer 13

• incorrect grammar
• email links
• email attachments
• asking for credentials

Question 14

What is spearphishing

Answer 14

Phishing aimed at specific individuals or companies

Question 15

What is SMShing

Answer 15

Act of sending fraudulent URL or phone # via SMS

Question 16

What is OWASP

Answer 16

Open Web Application Security Project

Question 17

What is an SQL injection

Answer 17

An attack manipulating input and server-side scripts to send malicious SQL commands

Question 18

What is XSS and two types?

Answer 18

A cyber attack utilizing web vulnerabilities to send malicious code to a diff end user
Stored and reflected XSS

Question 19

What is social engineering?

Answer 19

the science of manipulating human beings to take an action or divulge info

Question 20

What are the types of info processing

Answer 20

“Top down - knowledge driven, based on prev exp, goals/expectations drive perception

Bottom up - used when knowledge is lacking, recognition by components, info driven”

Question 21

Basic Human Tendencies

Answer 21

Reciprocity, social proof, consistency, scarcity, liking, authority

Question 22

Telltale signs of social engineering

Answer 22

• pretending to know publicly available info
• warnings or inducements of fear/concern
• unrealistic promises
• time urgency
• unverified but “official” info

Question 23

Steps of a social engineering attack

Answer 23

Research, hook, play, exit

Research - gather info
Hook - contact victim
Play - build trust
Exit

Question 24

What are rings of trust

Answer 24

Security architecture in which outer rings possess a lower level of security and systems requiring a higher level of security are found in the inner ring

Question 25

What are ACLs

Answer 25

Access Control Lists controlling intercommunication btwn lvls of trust

Question 26

What are the key principles of Zero Trust

Answer 26

• Assume breach of other components
• Explicit validation of trust
• Least privilege access
• Constant and comprehensive monitoring and defense

Question 27

Describe the typical secure topology

Answer 27

1. Perimeter firewall (lies between the public internet and the organization, allows hosts outside to access public facing services such as web, email, and DNS)
2. Perimeter network (also called DMZ – the area between the perimeter firewall and the internal firewall, hosts providing external services such as web, email, and DNS)
3. Internal firewall (limits access to internal network)
4. Internal network (rest of info assets)

Question 28

What is PAM

Answer 28

Priviliged Access Management; emphasis on managing and monitoring user access when they request access

Question 29

What is PIM

Answer 29

Privileged Identity Management; emphasis on the access a user or application (the “identity”) is granted and what they’re authorized to request

Question 30

What is JIT

Answer 30

Just-in-Time Access (Part of a PAM/PIM solution, emphasis on requesting access only when needed, only for the duration of the business need)

Question 31

What might we secure in a business environment

Answer 31

• Disable USB/CD devices and/or booting
• Enforce password policies
• Set up server and network device logging
• Content filter
• App whitelist
• BYOD

Question 32

What is DLP

Answer 32

Data loss prevention software; detects potential data breaches and prevents unauthorized attempts to copy or send sensitive data, intentionally or unintentionally, even if the person is authorized to access the information

Question 33

How are companies and users worried about BYOD

Answer 33

Companies:
- insecure devices on their network hold sensitive data
- controlling and monitoring data on the device
- securing data if device lost

Users:
- personal data loss
- privacy

Question 34

Corporate BYOD Recommendations

Answer 34

• clear, comprehensive policy
• don’t assume one policy fits all users
• deploy the right IT infrastructure

Question 35

What is digital forensics?

Answer 35

Using court approved methods to acquire, investigate, and present evidence which allows decision makers to act on knowledge

Question 36

What is best evidence

Answer 36

An exact copy made of the original digital media

Question 37

What are the Federal Rules of Evidence

Answer 37

Government regulations for the admission or exclusion of evidence in most US court proceedings

Question 38

What is the Lockheed Martin Kill Chain

Answer 38

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command & Control
7. Actions on Objectives

Question 39

What is intentional evidence and its limitations?

Answer 39

Sets of evidence (usually logs) designed to record data for later review
Limitations: log rollover, log configurations, timezones

Question 40

What is unintential evidence and its limitations?

Answer 40

Program functionality or behavior designed for another purpose, but from which we can infer or derive relevant data (e.g. jumplists)
Limitations: absence of data not always significant, info can be incomplete

Question 41

What are jump lists?

Answer 41

A view of recently accessed or used files and programs

Question 42

What is a breach and how long does it take to detect and contain?

Answer 42

A security incident in which unauthorized parties gained access to confidential info; 207 days to detect, 70 days to contain

Question 43

Reasons Info Sec Management is formed later on by companies

Answer 43

• Gov’t req
• Audit team rec
• Management thought necessary

Question 44

What is Info Sec Management?

Answer 44

Activities relating to protection of info/info assets against risk of loss, misuse, disclosure, or damage and describes controls that org needs to implement to ensure risks are managed

Question 45

Explain why spending more on securing an asset than the intrinsic value of the asset is a waste of resources

Answer 45

Security is not concerned with eliminating all threats, but
with eliminating known threats and minimizing losses if an attacker succeeds.

Question 46

What are the 3 stages of an attack?

Answer 46

Before, during, after

Before: discover, enforce
During: Detect, defend
After: scope, contain

Question 47

Why implement risk management?

Answer 47

Eliminate known threats and minimize losses in case of a successful attack

Question 48

What are some protection mechanisms to secure a network

Answer 48

• Firewalls
• IDS/IPS
• Secure passwords
• MFA

Question 48

What are the types of contingency planning

Answer 48

“Incident response - procedure for when infosec incident occurs

Disaster recovery - procedure for when natural/manmade disaster occurs”

Question 49

What is policy

Answer 49

Rules setting boundaries of acceptability and consequences in an org

NOT procedure

Question 50

What is Common Law and who uses it

Answer 50

legal system developed through decisions of courts and tribunals (case law), rather than through legislative or executive action; used by US, Canada, UK, etc

Question 51

What is US Criminal Code

Answer 51

Gov’t is the plaintiff filing a litigious action against a company or individual

Question 52

What is US civil code

Answer 52

Wrongs against individuals or companies that result in damages or loss

Question 53

What are the 3 potential roles of computers in an investigation

Answer 53

• Assisted
• Targeted
• Incidental

Question 54

What are ethics and their importance

Answer 54

Standards of right/wrong behavior; helps distinguish good from harmful, respect, guiding decision making