Introduction to Cybersecurity

Question 1

Assets

Answer 1

An asset is any object(tangible or intangible) that is considered valuable to an individual or group of individuals.

Question 2

Critical Infrastructure
Blue Team

Answer 2

Will constantly perform tests and analysis using security monitoring programs, such as SIEM, and methods such as threat hunting, to identify security flaws and verify that the most effective security measures have been deployed.

Question 3

Critical Infrastructure
Red Team

Answer 3

Will constantly evaluate security levels of the infrastructure by trying to exploit the many security measures that are implemented in the organization, including using Social Engineering.

Question 4

Incidence Response

Answer 4

Also known as the Blue Team, will create a playbook that contains many scenarios, each scenario will have the best way to approach the situation with the attempt to limit damages to an infrastructure.

Question 5

What is SOC

Answer 5

Security Operation Center is a facility responsible for monitoring, preventing, detecting, investigating, and responding to cyber threats 24/7 to maintain safety.

Question 6

Security Operation Center goals

Answer 6

> Detect the signs of a cyberattack
prevent before it happens
isolate an attack
Once isolated perform the Incident Response.

Question 7

Security Operation Centers within an Organization

Answer 7

Organizations need SOC teams to prevent, identify, and remedy attacks as quickly as possible and limit damages.

Question 8

Security Operation Center:
Blue Team Aspects

Answer 8

Cybersecurity experts that aim to safeguard an organization against cyberattack.

Question 9

Security Operations Center:
Red Team Aspects

Answer 9

Responsible for performing penetration testing in an organization. Tests try to avoid Security Operations Center detection and perform stealthy maneuvers that simulate how actual cybercriminals launch attacks.

Question 10

Security Operations Center:
Purple Team

Answer 10

When Red and Blue teams in an organization are integrated, their cybersecurity experts can more efficiently test and improve an organizations defenses.

Question 11

What are Viruses?

Answer 11

A computer virus is a type of malware designed to perform damaging and illegal operations on a host computer, primarily by deleting critical systems files.

Question 12

How do viruses spread?

Answer 12

Viruses spread from file to file, it attempts to achieve higher privilege along the way.

Question 13

How do viruses impact a computer?

Answer 13

Performance issues- OS frequently freezes or crashes, or there is prolonged boot-up, a drop in performance, or an unusual amount of resource usage.
File System Changes- Missing or corrupt computer files.
Abnormal Behavior- Applications and programs are executed without user interaction.
Program Changes- Unusual program activities and changes to the machine, such as the appearance of new files or a changed default homepage.

Question 14

Significance in Cybersecurity:
IT Aspect

Answer 14

An important IT team task is the Installation and maintenance of updated protection and identification measures. Usually includes antiviruses on all endpoints and network components of the organization, to detect and prevent the presence of the viruses in organization computers.

Question 15

What is Cybersecurity

Answer 15

Cybersecurity refers to any activity that aims to protect devices and systems from both internal and external threats.

Question 16

Red Team

Answer 16

Tests software, system, websites, tools, vulnerabilities, and more from the attacker’s perspective.

Question 17

Blue Team

Answer 17

Defends against potential threats by monitoring systems, implementing patches, closing security holes, providing real-time protection against attacks.

Question 18

Purple Team

Answer 18

Combines some aspects of Blue Team and Red Team, purple team will test and attack a system, resolve any issues that are discovered on their own.

Question 19

Yellow Team

Answer 19

A rarely employed team that consists of the developers who are also knowledgeable in the areas of cybersecurity, and are able to design code that can thwart software related attacks.

Question 20

Anti Virus

Answer 20

An endpoint protection application that inspects and detects viruses and malware. If a program is determined to be malicious, the anti-virus will handle the threat by, for example, removing it, deactivating it, or isolating it.

Question 21

Two Elements of antivirus

Answer 21

Database are lists of strings and actions that may indicate malware activity,
Rules are sets of definition that together can be used to profile various types of malware.

Question 22

File Signature

Answer 22

A type of AV that identifies malware based on raw data, name, size, has, bits, address, author, and magic bytes.

Question 23

Heuristics

Answer 23

A type of AV that analyzes malware behavior, including the memory it uses and communication with the kernel, system, and network via DDLs.

Question 24

Penetration Testing

Answer 24

An authorized simulated cyberattack on a computer system or network designed to check for exploitable vulnerabilities.

Question 25

Penetration Testing Types

Answer 25

Internal- a penetration tester will assume the role of an intruder in an internal network. External- the pen tester will examine publicly available information about the organization or any publicly facing assets, such as cloud-based application, mails servers, and websites, and attempt to breach them remotely. Web application- the pentester will gather information about the target web application, find exploits, and exploit them. Mobile Application- the pen tester will use various techniques to understand the application's logic and methods of an operation via tools used for static and dynamic analysis.

Question 26

Penetration Testing Types

Answer 26

Internal- a penetration tester will assume the role of an intruder in an internal network. External- the pen tester will examine publicly available information about the organization or any publicly facing assets, such as cloud-based application, mails servers, and websites, and attempt to breach them remotely. Web application- the pentester will gather information about the target web application, find exploits, and exploit them. Mobile Application- the pen tester will use various techniques to understand the application's logic and methods of an operation via tools used for static and dynamic analysis.

Question 27

Significance in Cybersecurity: Red Team Aspects

Answer 27

Red Team Aspects- the cybersecurity firm performs penetration tests. From start to finish, the red team will use a wide array of real-time techniques in response to their findings, including the use of automatic testing tools, to save time often spent on tedious tasks and common vulnerabilities.

Question 28

Significance in Cybersecurity: Blue Team Aspects

Answer 28

Two roles are performed by the blue team during penetration testing. The first role is to act as part of the organization's defenses and negate any attempt to breach it. The second role is to apply mitigations and recommendations passed on by the red team during their evaluation of the organization's security level.

Question 29

Red Team

Answer 29

The Red Team is a group of security professionals who are hired by an organization to perform Penetration Testing on it's systems, including software applications, websites, and operating systems.

Question 30

Threats

Answer 30

In cybersecurity, threats refer to malicious actions that can damage the cyber systems of individuals or corporations. Threat assessment and risk analysis are methods used to measure threat levels within an organization.

Question 31

Risk Evaluation Matrix

Answer 31

A risk matrix is a table that categorizes threats according to their likelihood and security levels. The table helps organizations formulate risk management plans, policies, rules, services, and lessons.

Question 32

Threats in Cybersecurity

Answer 32

Cyberthreats are key elements in most security platforms, including antivirus programs, payment systems, and anti-injection and anti-crack protection software.

Question 33

The following threats are classified as "extreme" risks that frequently impact organizations:

Answer 33

Ransomware- Malware designed to capture or encrypt data stored on the victim's computer. The data can be encrypted only in exchange for a given cryptocurrency payment. Phishing- Hackers commonly employ various phishing techniques since they are relatively easy to use and simple to perform. Denial-of-Services- classified as an extreme threat to company operations. It targets corporate servers and prevents legitimate users from accessing critical network resources, information systems, and devices.