ICS 3

Question 1

Goal of Cyber Security Program

Answer 1

manages cybersecurity risks by securing and enhancing confidentiality, data integrity and availablity

Question 2

Types of data breaches

Answer 2

ransomeware, phising, malware, compromised passwords

Question 3

Causes of service disruptions

Answer 3

malware, distributed denial of service attacks, SQL injections, password attacks

Question 4

adversary

Answer 4

actors w/ interest in conflict with organization- incentivized to perform malicious actions against org.

Question 5

Gov’t sponsored/state-sponsord actor

Answer 5

funded , directed or sponsored by nations- steal/exfiltrate intellectual property, sensative info, funds

Question 6

Hacktivist

Answer 6

act to promote social causes or are moral based and stay away from things like churches/hospitals, etc.

Question 7

Network based attacks

Answer 7

targe infrastructure of a network, including switches, routers, servers, and cabling, with intent to gain unauthorized access or disrupt operations for users.

Question 8

Backdoor and Trapdoors

Answer 8

Network based attack
- methods to bypass security procedures by creating an entry/exit point that is undocumented.Trapdoors - intential, backdoors - intential or product defect

Question 9

Covert Channels

Answer 9

used to transmit data using methods not intended- voilate security policy but don’t exceed access auth, they can communicate data in small parts based on hiding info somwhere. - storage channel - put it somehwere to access by lower level, timring channel - gap/delay is used to hide.

Question 10

Buffer overflows

Answer 10

overload temp storage - may cause program to overwrite the memoy of an application or crash to allow injection of malicious code or taking control of system.

Question 11

Denial of Service

Answer 11

Floods network by congesting with large volumes of traffic greater than bandwidth, making the network unable to respond to service requests, leaving it vulnerable.

Question 12

Distributed denial of service

Answer 12

mulitple are working in unison- more powerful than traditional

Question 13

Man in the Middle Attacks

Answer 13

attacker acts as intermediary between two parties intercepting communications, acting as litgitimage entity. Attacker can read or redirect traffic.

Question 14

Port scanning

Answer 14

scan network for open ports to gain access - logical ports used for protocols (TCP), common vulnerabilities include unsecured protocols, unpatched protools, poor login, poorly configured firewalls

Question 15

Ransomeware

Answer 15

in the form of malware that locks systems

Question 16

Reverse Shell

Answer 16

akak connect back shells - vicitm initiates communication w/ attacker behind firewall

Question 17

Replay attacks

Answer 17

man in th emiddle attack - eavesdrop on network communication, intercept it, and replaysat a later timeto gain access

Question 18

Return Oriented attacks

Answer 18

sophisticated techniues that utiilize pieces of ligitame original system code in a sequence to perform operations useful to the attacker. Each gadget ends with return instructions, causing next gadget to execte

Question 19

spoofing

Answer 19

impersonating someone/thing to get access

Question 20

address resolution spoofing

Answer 20

falsfying mapping of media access control addresses on a network to IP addresses- channel messages to other destinations

Question 21

DNS spoofing

Answer 21

modify the domain name to IP address mapping (DNS) - redirect to another IP leads to mimiced website

Question 22

Application based attacks

Answer 22

target specific software/apps such as databaess or website to gain access or disrupt functionality

Question 23

SQL Injection

Answer 23

Attacker injects malicious sql code into exisitng code on website to gain access to data

Question 24

Cross-Site Scraping

Answer 24

Inject code website attcks visitors of website

Question 25

race condition

Answer 25

exploits system/app that relies on specific sequence of operations - but forcing to perform 2 or more out of order or at the same time

Question 26

mobile code

Answer 26

software program designed to move from compter to computer to infect other applications by altering to icnlude code- VIRUS

Question 27

Host based attacks

Answer 27

attack single host - laptop, mobile device or server to disrupt fucntionaity or obtain access.

Question 28

Brute force

Answer 28

password hacking

Question 29

malware

Answer 29

software or firmware intended to perform an unauthroized process that has adverse impact on confidentilality integrity or availability of info systems. - virus, worm, trojan horse adware, spyware

Question 30

rouge mobile apps

Answer 30

use of malicious apps that appear legititate

Question 31

Phising

Answer 31

digital social engineering uses email that requests users or direct them to fake websites

Question 32

Spear Phising

Answer 32

poses as employee - HR/IT to try and get username/passwords or personal datahat can used for explotation

Question 33

Business Email Compromise

Answer 33

targets exec and high ranking- transfer money via wire transfer, pay fake foreign survivors, send sensative data aka whaling

Question 34

Pretexting

Answer 34

creating fake identity/scenario so there is a sense of urgency to act

Question 35

Pharming

Answer 35

used in combo w/ phising - entering personal info into website/portal that imitates a legititate site

Question 36

Vishing

Answer 36

telphonic system voice over internet protocol- spoofed/fraudlent callder ID that is tied to a ligitate business/person

Question 37

Supply Chain Attack - Embedded Software Code

Answer 37

inserting code into prepackage software/firmware being sold to a companny that later insalls it

Question 38

Foreign sourced attack

Answer 38

govt use produces to conduct surveillanceor deliver malicious code

Question 39

pre-intalled malware or hardware

Answer 39

installing malware on devices that will be used by companies in the supply chain (USB,cameras, or phones)

Question 40

water hole attacks

Answer 40

identify websites of suppliers, customers or regular entitites that are known to be used by several companies - look for weakness

Question 41

esclated cyberattack

Answer 41

Internet of Things devices used as an attack base to infect more machines or as an entry point for access to connected network

Question 42

treat modeling

Answer 42

process of identifying, analyzing and mitigating threats to a network, system or application

Question 43

Perform Reduction Analysis

Answer 43

decomposing asset being protected from threat w/ inten tot gain a greater understanding of how assets interact w/ potential threats. Decomposition process - involves understanding trust and security changes, flow of data, where input can be received, security clearance, and related P&P

Question 44

Process for Attack Simulation and Threat Analysis

Answer 44

threat model - 7 stages that focus on risks and countermeasures that are prioritized by the value of the asset being protected. :
1. definition of objectives for analysis of risk
2. definition of technical steps
3. application decomposition and analysis
4. threat analsysi
5. weakness/vulnerablity analysis
6. attaching and modeling simulation
7. risk analysis and management.

Question 45

Visual, Agile, and Simple Threat Analysis

Answer 45

based on agile project mgmt - goal to integrate threat mgmt into programming enviornment on a scalable basis.

Question 46

STRIDE

Answer 46

developed by microsoft used for assessing threats related to applications and operating systems.

Question 47

COSO Framework - Operational Objective

Answer 47

Performance measures and safegaurds help increase likehood that IT assets are protected-focus on effectivness and efficiency of business operations

Question 48

COSO Framework - Reporting Objective

Answer 48

Increaseing likelyhood that cybersecurity controls are in place so that they do not affect the interanl/external financia land non financial reporting. Focus on transparency, reliablity, timeliness, and trustworthyness as determined by standard setting bodies, regulators, policies

Question 49

COSO Framework - Compliance Objective

Answer 49

adhearnce to laws and regs = NIST, HIPPA, GDPR

Question 50

Five compenents of COSO framework

Answer 50

Control Env., RA, Control Activities, Infor/Communication, Monitoring

Question 51

COSO Control Env.

Answer 51

tone at the top, ethical values, - sr. mgmt should raise awareness, guide/develop IT p&P, incident response mgmt, educate workfoce on roles of safegaurding

Question 52

COSO Risk Assessment

Answer 52

evaluate internal/external factors

Question 53

Security policies

Answer 53

foundation for security framework - comprehensive guide for implemenation. Clear terms, roles/responsibilties, acceptbale levels of risk.

Question 54

acceptable use policy

Answer 54

control document to regulate and protect technology resources by assigning various levels of responsiblities to job roles, listing acceptable behavrio, and consequences for violations.

Question 55

security standards

Answer 55

organizational requirements that are either mandatory by law or adopted by company guidelines for best practices. Serve as course of action to achieve security policies- NIST, GDPR, PCI

Question 56

security standard operating procedures

Answer 56

lower level of documention that provides detailed instructionson how to perform specific security tasks or controls

Question 57

access point

Answer 57

wireless connection point to allow users to connect to wired network.

Question 58

bidge

Answer 58

connects separate networks that use the same protocol - operates as the data link level.

Question 59

hubs

Answer 59

connection points that link multiple systems and devices using the same protocol within a single network.

Question 60

proxies

Answer 60

form of gateway that doesn’t translate protocols but acts as a mediator that performs functions on behalf of another network using the same protocol

Question 61

Service Set Identifier

Answer 61

name assigned to wireless network

Question 62

zero trsut

Answer 62

assumes always at risk - continusous validation of users interaction with a network, designed to prevent data breaches by implementing a set of system design principals and coordidated cybersecuirty and system management

Question 63

least privledge

Answer 63

users and systems are graned the minimum authorization and system resources needed to perform function

Question 64

need to know

Answer 64

employees are only given what theymust know to perofrm their job.

Question 65

whitlisting

Answer 65

identifying list of appliations that are authorized to run on a system and only allowing those to execute

Question 66

context aware authentication

Answer 66

idetnify mobile device users by using contextual data poitns such as time, geographic lcoation, point of access, IP address

Question 67

digital signature

Answer 67

electronic stamp of auth encrypted and attached to a message

Question 68

NIST recommended password

Answer 68

8 characters

Question 69

vulneratbilty management

Answer 69

proactive security practice designed to prevent the explotation of IT vulnerabiities that could potentially harm a system or organization. ID, classifying, mitigating, and fixing known vulnerablities.

Question 70

common vulnerabilities and exposure dictionary

Answer 70

database of security vulnerabilities that provide unique identifiers for different vulnerablities and risk exposures.

Question 71

layered security

Answer 71

using a diversified set of security tactics so single event does not compromise entire system.

Question 72

defense in depth

Answer 72

multilayered that does not rely on technology alone, but combines people, policies, technology, and physical/logical access controls.

Question 73

redudnacy can be administered through

Answer 73

layering, isolating, concealing data, segmenting hardware

Question 74

layering

Answer 74

add redunancy by breaking up an operation into smaller chunck that can be manage by different people, performed by a machine/computer, or complely isolated.

Question 75

abstraction

Answer 75

process of hiding the complexity of certain tasks so that only the relevant info to a specific person perforing the function is presented. - primary intention is to simplfy complex tasks but also limits user access to level of detail they need to know

Question 76

concealment

Answer 76

hiding data - asign users to same security level of data they will access

Question 77

discreationay access control

Answer 77

decentralized control that allowes data owners, custodians, or creators to manager their own access

Question 78

access control list

Answer 78

list of rules that outlines which users have permission to access certain resources, administers account restrictions (type of action)

Question 79

NIST RM Framework

Answer 79

defining or framing the enviornment in which risk based decisions are made - assess, respond and monitor risk

Question 80

what does the NIST RM Framework require to be identified?

Answer 80

Risk assumptions, contraints, tolerance, prorities and trade-offs

Question 81

NIST RM FW - Goal of assessing risk?

Answer 81

Identify risks to nations, orgs individuals, assets or operations, vulnerablities internal and external, harm, likehoood of harm