Introduction to Security Terminology Flashcards
Your manager, Wayne, is concerned about malicious users who might compromise servers and remain undetected for a period of time. What type of threat is Wayne concerned about?
Insider threat
Hacktivist
Advanced persistent threat
Advanced persistent threat
An advanced persistent threat (APT) implies a compromised network or device, whereby malicious actors, such as competitors or hacking groups, retain control of the compromised system for a period time before being detected
Which type of malicious users or groups attempt to promote a political or ideological view?
Hacktivist
Advanced persistent threat
State actor
Hacktivist
Hacktivists exploit vulnerable systems with the intention of promoting awareness of social, political, or ideological views
Your organization has begun quarterly lunch-and-learn sessions to educate employees about current scams and computer security threats to increase their awareness and help prevent security issues such as data leaks. To which of the following items does this initiative best apply?
Hacktivist
State actor
Insider threat
Insider threat
Insider threats result from an actor within the organization who has knowledge of internal procedures, configurations, or details that would be unknown to external users. Internal user training and awareness help protect digital assets from unintentional security breaches
Which type of malicious entity is most likely to launder the proceeds of illegal activities through online gambling sites?
State actor
Criminal syndicate
Hacktivists
Criminal syndicate
A criminal syndicate is related to organized crime, which is likely to profit through illegal means and therefore must “clean” the proceeds through laundering
You are part of a team that has been hired to conduct penetration tests. Which term best describes your team?
Unauthorized hackers
Semi-authorized hackers
Authorized hackers
Authorized hackers
Authorized hackers are the “good guys”; they are hired to perform penetration tests to identify exploitable security weaknesses
You are an IT technician responsible for defining and implementing IT solutions throughout the organization. You have discovered that users in a remote branch office have configured a Wi-Fi network for use only in their location without approval from headquarters. Which term best describes this scenario?
Hacktivists
Hardening
Shadow IT
Shadow IT
The term “shadow IT” refers to non-IT staff who install or configure networked devices without central approval from the IT department; this would include adding a Wi-Fi router to a network without approval
Which type of malicious actor is the most likely to have the most resources and funding?
Hacktivist
Criminal syndicate
State actor
State actor
State actors are likely to have ample funding for their activities. These hacking groups are supported by nations for the purposes of intelligence gathering or computer system disruption of other nations
You have enabled firewall rules to allow only HTTPS connections to a web server that resides in your company’s server room. The company’s web site stores sensitive customer data in a backend database stored on the same host. Which types of potential security problems do company IT technicians present in this scenario? (Choose two.)
On-path attacks
Direct physical access
Phishing
Insider threat
Direct physical access
Insider threat
Technicians who can gain access to the server room have direct access to the physical server and storage arrays, and physical access bypasses firewall rules. This is considered a potential insider threat
Your organization has deployed mission-critical applications to a public cloud service provider (CSP) platform. The CSP recently disclosed a security flaw in the underlying network switches that was exploited by malicious users. The network switches were missing a firmware update that addressed security vulnerabilities. From your organization’s perspective, what is the source of this security issue?
Update management
Network switch vendor
Supply chain
Supply chain
In this case, the cloud service provider (CSP) is a part of the supply chain, or service delivery platform (SDP), in the sense that the CSP supplies the IT services infrastructure used by the cloud customer
You manage an air-gapped secure network named NET1 for a utility provider. NET1 does not connect in any way to any other network. You have scheduled the automatic scanning of the network for unauthorized network devices. Recently, new malware that is active on the Internet was discovered on NET1. What is the most likely explanation for how the malware made its way to NET1?
A rogue Wi-Fi router introduced the malware.
Users on NET1 downloaded infected files from the Internet.
Removable media was infected.
Removable media was infected.
Since NET1 has no connections to other networks, the most likely explanation is that the malware was transmitted through infected files on removable media
After running a vulnerability scan of your entire network because of newly reported vulnerabilities on the Internet, you notice that Linux-based honeypots on your network that are intentionally configured to appear vulnerable were not reported as vulnerable. What is the most likely cause of this behavior?
A credentialed scan was not run.
The honeypots have an OS-level firewall enabled.
The vulnerability database is not up-to-date.
The vulnerability database is not up-to-date.
Vulnerability scanning tools use a database of known vulnerabilities as a comparison mechanism when scanning hosts and apps. Scanning tools can be configured to subscribe to vulnerability and threat feeds for automatic updating. If this database is not kept up-to-date, newer vulnerabilities may not be detected during scanning
You are reviewing network analysis reports for signs that could suggest malicious activity. What are you looking for?
Threat map
Automated indicator sharing (AIS)
Indicators of compromise
Indicators of compromise
Indicators of compromise (IoCs) suggest that malicious activity may be taking place or has taken place
You are researching potential vulnerabilities with the way that Session Initiation Protocol (SIP) Voice over IP (VoIP) calls are established over the network. Which documentation source explains the standardized inner workings of SIP VoIP calls?
Open source intelligence
RFCs
Vendor documentation
RFCs
Requests for comment (RFCs) are publicly available technical standardization documents stemming from various international technical bodies that detail how specific types of technologies such as HTTP, DNS, or the ASCII character set work. Vendors building software and hardware products generally adhere to RFCs
What is the primary purpose of the Tor web browser?
Accessing media content in foreign countries
Web application vulnerability scanning
Accessing the Web anonymously
Accessing the Web anonymously
The Tor web browser enables anonymous connectivity to the Web
Which role is responsible for managing data in alignment with policies set forth by data owners?
Data owner
Data custodian
Data analyst
Data custodian
The data custodian, or data steward, role involves managing data assets in accordance with policies set forth by data owners. An example of a data custodian is a file server administrator that can set file system permissions