Introduction to Cybersecurity Tools and Cyber Attacks Week One Flashcards
Jeff Crume described five challenges in security today. Which three of these are challenges because their numbers are increasing rapidly?
Alerts, Needed Knowledge, Threats
About how many unfilled cybersecurity jobs are expected by the year 2022?
1.8 million
What is the National Institute of Standards’ (NIST) definition of cybersecurity?
The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Which three are components of the CIA Triad?
Confidentiality, Availability, and Integrity
‘A flaw, loophole, oversight, or error that can be exploited to violate system security policy’ is the definition of which key cybersecurity term?
Vulnerability
‘An event, natural or man-made, able to cause a negative impact to an organization’ is the definition of which key cybersecurity term?
Threat
Most cyber attacks come from which one of the following sources?
Internal factors, such as current and former employees.
Question 6
Vulnerabilities are weaknesses in a system that can be exploited. Which are the two most common ways in which vulnerabilities are introduced to a system?
Many vulnerabilities occur as a result of misconfiguration by the system administraton
AND
Many systems are shipped with known and unknown security holes, such as insecure default settings.
Which security role would be responsible for conducting information security assessments for organizations, including analyzing events, alerts and alarms?
Information Security Analyst
Which American president first recognized the need for a national policy on cybersecurity?
Ronald Regan
In addition to specific events, what other factor has led to an enhanced need for strong cybersecurity?
Computing devices like PCs and smartphones are now used by a large majority of people
Between 2010 and 2016 the number of new software vulnerabilities discovered during this 7-year period was in what range?
7000 to 10,000
An example of weaponizing a cyber vulnerability is the use of the Stuxnet virus. Which attack by a government actor successfully used this virus?
Stuxnet was used to disable uranium processing equipment in an Iranian nuclear facility
Which three factors make cybersecurity far more difficult now than it was in the past when you only needed to protect the computer?
Multiple different vendors, each supporting different technology and protocols
Mobile technology - everyone has a smartphone
Data protection - your data is everywhere
Which aspect of a comprehensive approach to cybersecurity includes these items: classification, implementation steps, asset control and documentation?
Asset Management
Which aspect of a comprehensive approach to cybersecurity includes these items: policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security?
Administrative Controls
Which aspect of a comprehensive approach to cybersecurity includes these items: network infrastructure, endpoints, servers, identity management, vulnerability management, monitoring and logging?
Technical Controls
Which three security challenges face today’s organizations?
Solutions can be attacked themselves
Protection of enforcement structure can complicate solutions
Security is not as simple as it seems
In John’s example of friends and enemies, what is the name used to refer to the intruder?
Trudy
Only the sender and intended receiver of a message can “understand” the message contents is an example of which basic security concept?
Confidentiality
The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept?
Authentication
Which is the presenter, Kristin Dahl’s definition of Critical Thinking?
Critical thinking is the controlled, purposeful thinking directed toward a goal
The Critical Thinking Model presented places critical thinking at the overlap of which four competencies?
Technical and experimental knowledge, intellectual skills and competencies.
Interpersonal skills and competencies.
Technical skills and competencies.
Critical thinking characteristics (attitudes & behaviors).
‘Put yourself in others’ shoes - reframe the problem’ is an example of which of the 5 Key Skills of Critical Thinking?
Understand Context
What was shown in the movie War Games that concerned President Reagan?
A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons.
In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent?
9/11
What were the three (3) main cybersecurity concerns arising from the 9/11 attacks?
How did this happen?
Could an attack like this happen in the virtual world too?
Who wrote the malware that took control of the four airplanes navigation systems?
According to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much?
$100B
Who are Alice, Bob and Trudy?
They are fictional characters used to illustrate how cryptography works.
Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution?
Security practices are viewed as being “in the way”.
Security architectures require constant effort.
Security is often an after-thought; something that is added at the end of a project rather than baked into the project from the start.
Jeff Crume described five challenges in security today. Which two (2) of these are challenges because their numbers are decreasing?
Available analysts, and time
‘A defined way to breach the security of an IT system through a vulnerability’ is the definition of which key cybersecurity term?
Exploit
‘A situation involving exposure to a danger.’ Is the definition of which key cybersecurity term?
Risk
Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements?
Security Program
According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter?
Every One Minute
In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated?
The security of communication between Alice and Bob that risks interception by Trudy.
Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated?
Confidentiality
Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated?
Avaliability
Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated?
Integrity
A major metropolitan police department gets a warrant from a judge to hack into the computer of a suspected crime boss. A skilled penetration tester working for the department conducts the hack and retrieves incriminating evidence. What color hat does this officer wear?
A Gray Hat
Which three are resources that are available to help guide penetration testing efforts by cybersecurity specialists?
NIST SP 800-42 Guidelines on Network Security Testing.
Federal Financial Institutions Examination Council (EFIEC) Information Technology Examination.
Open Source Security Testing Methodology Manual (OSSTMM).
According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors?
Potential Impacts and Adaptive Capacity