Introduction to Security Terminology Flashcards

1
Q

Your manager, Wayne, is concerned about malicious users who might compromise servers and remain undetected for a period of time. What type of threat is Wayne concerned about?

Insider threat

Hacktivist

Advanced persistent threat

A

Advanced persistent threat

An advanced persistent threat (APT) implies a compromised network or device, whereby malicious actors, such as competitors or hacking groups, retain control of the compromised system for a period time before being detected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of malicious users or groups attempt to promote a political or ideological view?

Hacktivist

Advanced persistent threat

State actor

A

Hacktivist

Hacktivists exploit vulnerable systems with the intention of promoting awareness of social, political, or ideological views

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your organization has begun quarterly lunch-and-learn sessions to educate employees about current scams and computer security threats to increase their awareness and help prevent security issues such as data leaks. To which of the following items does this initiative best apply?

Hacktivist

State actor

Insider threat

A

Insider threat

Insider threats result from an actor within the organization who has knowledge of internal procedures, configurations, or details that would be unknown to external users. Internal user training and awareness help protect digital assets from unintentional security breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of malicious entity is most likely to launder the proceeds of illegal activities through online gambling sites?

State actor

Criminal syndicate

Hacktivists

A

Criminal syndicate

A criminal syndicate is related to organized crime, which is likely to profit through illegal means and therefore must “clean” the proceeds through laundering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are part of a team that has been hired to conduct penetration tests. Which term best describes your team?

Unauthorized hackers

Semi-authorized hackers

Authorized hackers

A

Authorized hackers

Authorized hackers are the “good guys”; they are hired to perform penetration tests to identify exploitable security weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You are an IT technician responsible for defining and implementing IT solutions throughout the organization. You have discovered that users in a remote branch office have configured a Wi-Fi network for use only in their location without approval from headquarters. Which term best describes this scenario?

Hacktivists

Hardening

Shadow IT

A

Shadow IT

The term “shadow IT” refers to non-IT staff who install or configure networked devices without central approval from the IT department; this would include adding a Wi-Fi router to a network without approval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of malicious actor is the most likely to have the most resources and funding?

Hacktivist

Criminal syndicate

State actor

A

State actor

State actors are likely to have ample funding for their activities. These hacking groups are supported by nations for the purposes of intelligence gathering or computer system disruption of other nations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have enabled firewall rules to allow only HTTPS connections to a web server that resides in your company’s server room. The company’s web site stores sensitive customer data in a backend database stored on the same host. Which types of potential security problems do company IT technicians present in this scenario? (Choose two.)

On-path attacks

Direct physical access

Phishing

Insider threat

A

Direct physical access

Insider threat

Technicians who can gain access to the server room have direct access to the physical server and storage arrays, and physical access bypasses firewall rules. This is considered a potential insider threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your organization has deployed mission-critical applications to a public cloud service provider (CSP) platform. The CSP recently disclosed a security flaw in the underlying network switches that was exploited by malicious users. The network switches were missing a firmware update that addressed security vulnerabilities. From your organization’s perspective, what is the source of this security issue?

Update management

Network switch vendor

Supply chain

A

Supply chain

In this case, the cloud service provider (CSP) is a part of the supply chain, or service delivery platform (SDP), in the sense that the CSP supplies the IT services infrastructure used by the cloud customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You manage an air-gapped secure network named NET1 for a utility provider. NET1 does not connect in any way to any other network. You have scheduled the automatic scanning of the network for unauthorized network devices. Recently, new malware that is active on the Internet was discovered on NET1. What is the most likely explanation for how the malware made its way to NET1?

A rogue Wi-Fi router introduced the malware.

Users on NET1 downloaded infected files from the Internet.

Removable media was infected.

A

Removable media was infected.

Since NET1 has no connections to other networks, the most likely explanation is that the malware was transmitted through infected files on removable media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

After running a vulnerability scan of your entire network because of newly reported vulnerabilities on the Internet, you notice that Linux-based honeypots on your network that are intentionally configured to appear vulnerable were not reported as vulnerable. What is the most likely cause of this behavior?

A credentialed scan was not run.

The honeypots have an OS-level firewall enabled.

The vulnerability database is not up-to-date.

A

The vulnerability database is not up-to-date.

Vulnerability scanning tools use a database of known vulnerabilities as a comparison mechanism when scanning hosts and apps. Scanning tools can be configured to subscribe to vulnerability and threat feeds for automatic updating. If this database is not kept up-to-date, newer vulnerabilities may not be detected during scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are reviewing network analysis reports for signs that could suggest malicious activity. What are you looking for?

Threat map

Automated indicator sharing (AIS)

Indicators of compromise

A

Indicators of compromise

Indicators of compromise (IoCs) suggest that malicious activity may be taking place or has taken place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are researching potential vulnerabilities with the way that Session Initiation Protocol (SIP) Voice over IP (VoIP) calls are established over the network. Which documentation source explains the standardized inner workings of SIP VoIP calls?

Open source intelligence

RFCs

Vendor documentation

A

RFCs

Requests for comment (RFCs) are publicly available technical standardization documents stemming from various international technical bodies that detail how specific types of technologies such as HTTP, DNS, or the ASCII character set work. Vendors building software and hardware products generally adhere to RFCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the primary purpose of the Tor web browser?

Accessing media content in foreign countries

Web application vulnerability scanning

Accessing the Web anonymously

A

Accessing the Web anonymously

The Tor web browser enables anonymous connectivity to the Web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which role is responsible for managing data in alignment with policies set forth by data owners?

Data owner

Data custodian

Data analyst

A

Data custodian

The data custodian, or data steward, role involves managing data assets in accordance with policies set forth by data owners. An example of a data custodian is a file server administrator that can set file system permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which role is ultimately responsible for a data asset?

Data owner

Data custodian

Data analyst

A

Data owner

Data owners set policies on how data will be managed; they are ultimately responsible for the data

17
Q

Your organization collects, processes, and stores EU customer data. As a result, a Data Privacy Officer (DPO) role has been established to ensure regulatory compliance. To which European digital privacy legislation does this role apply?

HIPAA

PIPEDA

GDPR

A

GDPR

The EU GDPR is an act of legislation designed to protect sensitive EU citizen data. A data privacy officer ensures compliance with regulations such as the GDPR

18
Q

An online retailer legally collects and stores sensitive customer data that it then sells to marketing firms. Which data role is the online retailer partaking in?

Data processor

Data custodian

Data controller

A

Data controller

The data controller determines how data can be used, such as providing it to other parties

19
Q

A marketing firm legally purchases sensitive customer data from a data collection agency. Which data role is the marketing firm partaking in?

Data processor

Data privacy officer

Data custodian

A

Data processor

The data processor role, in this example, is assumed by the marketing firm that purchases data for processing purposes, such as to enhance targeted marketing campaigns

20
Q

Which phrase best encompasses the mapping out of specific malicious user activity from beginning to end?

Automated indicator sharing

Adversary tactics, techniques, and procedures

Indicator of compromise

A

Adversary tactics, techniques, and procedures

Adversary tactics, techniques, and procedures (TTP) is used to define how malicious attacks are carried out

21
Q

You are researching the potential of an employee e-mail account breach. You suspect these accounts may have been used to sign up to a variety of social media sites. After searching and viewing multiple web pages related to this issue, you become overwhelmed with information. What type of public-sourced security intelligence tool should you use to facilitate further testing of your suspicions?

Open source intelligence

Academic journals

File and code repositories

A

Open source intelligence

Open source intelligence (OSINT) tools ingest cybersecurity intelligence data from various public sources to facilitate cybersecurity activities

22
Q

Which of the following are standards related to the sharing of threat intelligence information? (Choose two.)

TAXII

OSINT

STIX

RFC

A

TAXII

STIX

The Trusted Automated Exchange of Indicator Information (TAXII) standard defines how cybersecurity intelligence information is shared among entities. The Structured Threat Information eXpression (STIX) standard defines the data exchange format for cybersecurity information

23
Q

Which statements regarding the usage of the Tor web browser are correct? (Choose two.)

The Tor network is an Internet overlay network.

The Tor network requires the use of IPv6 addresses.

The Tor browser host IP address is hidden.

Usage of the Tor network requires signing up with an account.

A

The Tor network is an Internet overlay network.

The Tor browser host IP address is hidden.

The Tor network is considered an overlay network in that it sits on the existing public Internet infrastructure; it is designed to use encryption and multiple global relay points to protect user activity from traffic analysis. As a result, using the Tor web browser for Tor network connectivity hides the IP address of the machine running the Tor web browser

24
Q

Which of the following are normally considered potential insider threats? (Choose two.)

Port scanning of firewall interfaces

Contractors

Infected e-mail file attachments

Brute-force username and password web site attacks

A

Contractors

Infected e-mail file attachments

Contractors working for an organization may have knowledge of or access to company processes and systems. Users opening infected file attachments from e-mail messages means the infection would then be on the inside. Both of these present potential insider threats

25
Q

Which type of hacker may discover and exploit vulnerabilities, yet lacks malicious intent?

Authorized

Red hat

Semi-authorized

A

Semi-authorized

Semi-authorized hackers discover vulnerabilities and can compromise systems, which could cross legal or ethical boundaries, but their intent is not malicious. Often Semi-authorized hackers will compromise systems and let the system owners know about the vulnerabilities

26
Q

Which type of hacker has malicious intent and attempts to discover and exploit vulnerabilities?

Authorized

Semi-authorized

Unauthorized

A

Unauthorized

Unauthorized hackers are individuals with malicious intent that attempt to exploit systems

27
Q

Which type of active security testing attempts to exploit discovered vulnerabilities?

Penetration testing

Vulnerability scanning

Port scanning

A

Penetration testing

Penetration tests (pen tests) identify and attempt to exploit vulnerabilities

28
Q

Which of the following wireless cryptographic protocols are the most vulnerable? (Choose two.)

WEP

WPA

WPA2

Default Wi-Fi router credentials

A

WEP

Default Wi-Fi router credentials

Wired Equivalent Privacy (WEP) is an older, deprecated wireless encryption protocol and should not be used, because many freely available tools can compromise WEP. Using default credentials always presents a security risk because these are widely known