Introduction to Cybersecurity Tools and Cyber Attacks Week One

Question 1

Jeff Crume described five challenges in security today. Which three of these are challenges because their numbers are increasing rapidly?

Answer 1

Alerts, Needed Knowledge, Threats

Question 2

About how many unfilled cybersecurity jobs are expected by the year 2022?

Answer 2

1.8 million

Question 3

What is the National Institute of Standards’ (NIST) definition of cybersecurity?

Answer 3

The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Question 4

Which three are components of the CIA Triad?

Answer 4

Confidentiality, Availability, and Integrity

Question 5

‘A flaw, loophole, oversight, or error that can be exploited to violate system security policy’ is the definition of which key cybersecurity term?

Answer 5

Vulnerability

Question 6

‘An event, natural or man-made, able to cause a negative impact to an organization’ is the definition of which key cybersecurity term?

Answer 6

Threat

Question 7

Most cyber attacks come from which one of the following sources?

Answer 7

Internal factors, such as current and former employees.

Question 8

Question 6
Vulnerabilities are weaknesses in a system that can be exploited. Which are the two most common ways in which vulnerabilities are introduced to a system?

Answer 8

Many vulnerabilities occur as a result of misconfiguration by the system administraton

AND

Many systems are shipped with known and unknown security holes, such as insecure default settings.

Question 9

Which security role would be responsible for conducting information security assessments for organizations, including analyzing events, alerts and alarms?

Answer 9

Information Security Analyst

Question 10

Which American president first recognized the need for a national policy on cybersecurity?

Answer 10

Ronald Regan

Question 11

In addition to specific events, what other factor has led to an enhanced need for strong cybersecurity?

Answer 11

Computing devices like PCs and smartphones are now used by a large majority of people

Question 12

Between 2010 and 2016 the number of new software vulnerabilities discovered during this 7-year period was in what range?

Answer 12

7000 to 10,000

Question 13

An example of weaponizing a cyber vulnerability is the use of the Stuxnet virus. Which attack by a government actor successfully used this virus?

Answer 13

Stuxnet was used to disable uranium processing equipment in an Iranian nuclear facility

Question 14

Which three factors make cybersecurity far more difficult now than it was in the past when you only needed to protect the computer?

Answer 14

Multiple different vendors, each supporting different technology and protocols

Mobile technology - everyone has a smartphone

Data protection - your data is everywhere

Question 15

Which aspect of a comprehensive approach to cybersecurity includes these items: classification, implementation steps, asset control and documentation?

Answer 15

Asset Management

Question 16

Which aspect of a comprehensive approach to cybersecurity includes these items: policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security?

Answer 16

Administrative Controls

Question 17

Which aspect of a comprehensive approach to cybersecurity includes these items: network infrastructure, endpoints, servers, identity management, vulnerability management, monitoring and logging?

Answer 17

Technical Controls

Question 18

Which three security challenges face today’s organizations?

Answer 18

Solutions can be attacked themselves

Protection of enforcement structure can complicate solutions

Security is not as simple as it seems

Question 19

In John’s example of friends and enemies, what is the name used to refer to the intruder?

Answer 19

Trudy

Question 20

Only the sender and intended receiver of a message can “understand” the message contents is an example of which basic security concept?

Answer 20

Confidentiality

Question 21

The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept?

Answer 21

Authentication

Question 22

Which is the presenter, Kristin Dahl’s definition of Critical Thinking?

Answer 22

Critical thinking is the controlled, purposeful thinking directed toward a goal

Question 23

The Critical Thinking Model presented places critical thinking at the overlap of which four competencies?

Answer 23

Technical and experimental knowledge, intellectual skills and competencies.

Interpersonal skills and competencies.

Technical skills and competencies.

Critical thinking characteristics (attitudes & behaviors).

Question 24

‘Put yourself in others’ shoes - reframe the problem’ is an example of which of the 5 Key Skills of Critical Thinking?

Answer 24

Understand Context

Question 25

What was shown in the movie War Games that concerned President Reagan?

Answer 25

A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons.

Question 26

In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent?

Answer 26

9/11

Question 27

What were the three (3) main cybersecurity concerns arising from the 9/11 attacks?

Answer 27

How did this happen?

Could an attack like this happen in the virtual world too?

Who wrote the malware that took control of the four airplanes navigation systems?

Question 28

According to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much?

Answer 28

$100B

Question 29

Who are Alice, Bob and Trudy?

Answer 29

They are fictional characters used to illustrate how cryptography works.

Question 30

Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution?

Answer 30

Security practices are viewed as being “in the way”.

Security architectures require constant effort.

Security is often an after-thought; something that is added at the end of a project rather than baked into the project from the start.

Question 31

Jeff Crume described five challenges in security today. Which two (2) of these are challenges because their numbers are decreasing?

Answer 31

Available analysts, and time

Question 32

‘A defined way to breach the security of an IT system through a vulnerability’ is the definition of which key cybersecurity term?

Answer 32

Exploit

Question 33

‘A situation involving exposure to a danger.’ Is the definition of which key cybersecurity term?

Answer 33

Risk

Question 34

Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements?

Answer 34

Security Program

Question 35

According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter?

Answer 35

Every One Minute

Question 36

In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated?

Answer 36

The security of communication between Alice and Bob that risks interception by Trudy.

Question 37

Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated?

Answer 37

Confidentiality

Question 38

Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated?

Answer 38

Avaliability

Question 39

Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated?

Answer 39

Integrity

Question 40

A major metropolitan police department gets a warrant from a judge to hack into the computer of a suspected crime boss. A skilled penetration tester working for the department conducts the hack and retrieves incriminating evidence. What color hat does this officer wear?

Answer 40

A Gray Hat

Question 41

Which three are resources that are available to help guide penetration testing efforts by cybersecurity specialists?

Answer 41

NIST SP 800-42 Guidelines on Network Security Testing.

Federal Financial Institutions Examination Council (EFIEC) Information Technology Examination.

Open Source Security Testing Methodology Manual (OSSTMM).

Question 42

According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors?

Answer 42

Potential Impacts and Adaptive Capacity