Lesson 1

Question 1

What is SOC

Answer 1

Security Operations Center

Question 2

The cost of mitigating risk should never _________ the potential loss.

Answer 2

Meet/Exceed

Question 3

True or False
It’s impossible to mitigate all risk.

Answer 3

True
Residual risk is the left over risk after all mitigation and controls have been applied.

Question 4

NIST

Answer 4

National Institute of Standards & Technology

Question 5

NIST Cyber Security Framework

Answer 5

A voluntary set of guidelines, standards and best practices

Question 6

5 Components of Cybersecurity Framework

Answer 6

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover
6. Govern (newest)

Question 7

Incident Response Activities

Answer 7

1. Report Attack
2. Prepare Options
3. Respond
4. Identify Threat
5. Coordinate
6. Validate

Question 8

Cybersecurity Framework Identify Stage

Answer 8

Understands your systems, assets, data and the risk they face.

Question 9

Cybersecurity Framework Protect Stage

Answer 9

Implement safeguards and controls to prevent attacks

Question 10

Cybersecurity Framework Detect Stage

Answer 10

Continuously monitor your systems for suspicious activity.

Question 11

Cybersecurity Framework Respond Stage

Answer 11

Have a plan to address and contain security incidents.

Question 12

Cybersecurity Framework Recover Stage

Answer 12

Restore your systems and data after a security incident.

Question 13

Cybersecurity Framework Govern Stage

Answer 13

Establish and monitor the organizations cybersecurity risk management strategy, expectations and policy.

Question 14

NIST RMF

Answer 14

National Institute of Standards & Technology Risk Management Framework

Question 15

NIST RMF Stages

Answer 15

1. Prepare
2. Categorize
3. Select
4. Implement
5. Assess
6. Authorize
7. Monitor

Question 16

What is CIA

Answer 16

CIA Triad
Confidentiality
Integrity
Availability

Question 17

The C in CIA

Answer 17

Confidentiality - Data is only shared with authorized personnel

Question 18

The I in CIA

Answer 18

Integrity - Ensures that information or data regains unchanged.

Question 19

The A in CIA

Answer 19

Availability - Ensures timely and reliable access to and use of information.

Question 20

Asset

Answer 20

Person or property owned by a person or company, regarded as having value.

Question 21

Threat

Answer 21

Acts performed by individuals with harmful intent, whose goal is to steal data, cause damage to or disrupt computing systems.

Question 22

Types of Threats

Answer 22

1. Malware
2. Social Engineering
3. Supply Chain Attacks
4. Man-In-The- Middle Attacks (On-Path)
5. DoS/DDoS Attacks
6. SQL Injeftion Attacks
7. APTs
8. MITRE ATT&CK

Question 23

Risk

Answer 23

The potential for exposure or loss resulting from a cyberattack or data breach in your organization.

Question 24

Types of Risk

Answer 24

1. Malware Attacks
2. Randomware Attacks
3. Insider Threats
4. Phishing Attacks
5. Poor Compliance Management

Question 25

Vulnerability

Answer 25

A weakness in an IT that can be exploited by an attacker to deliver a successful attack.

Question 26

Exploit

Answer 26

The successful attack of a computer system.

Question 27

Types of Exploits

Answer 27

1. SQL Injection
2. XSS - Cross-Site Scripting
3. CSRF - Cross-Site Request Forgery
4. Abuse of Broken Authentication Code
5. Security Misconfigurations

Question 28

Types of Social Engineering

Answer 28

1. Phishing
2. Smishing (SMS/Mobile)
3. Vishing (Voice)
4. Spear Phishing (Specific Individual)
5. Whaling (C Suite companies)

Question 29

IoC

Answer 29

Indicator of Compromise

Question 30

IoA

Answer 30

Indicator of Attack

Question 31

What are IoCs

Answer 31

1. A means of collecting forensic data in relation to breach or attack
2. Are valid threats
3. Present after an attack has happened
   Example: Burglar successfully entered your home.

Question 32

What are IoAs

Answer 32

1. Early warnings or clues that reveal suspicious activities
2. Become a threat based on the situation and what it means in that situation
3. Present before an attack occurs
   Example: Stakinhbout a home you plan to rob.

Question 33

Types of Malware

Answer 33

1. Worms
2. Rookies
3. Keyloggers
4. Bots
5. Mobile malware

Question 34

Worms

Answer 34

Spreads thru a network by replicating itself.

Question 35

Rootkits

Answer 35

Gives hackers remote control of a victims device.

Question 36

Keyloggers

Answer 36

Monitors users keystrokes

Question 37

Bots

Answer 37

Launches a broad floor of attacks.

Question 38

Attacks Malware

Answer 38

Infects mobile devices.

Question 39

Ethical Hackers

Answer 39

Experts who is their abilities for ethical and legal purposes.

Question 40

Hacktivist

Answer 40

Hackers who often use their abilities to support a political or ideological agenda. Actions are typically illegal but not motivated by personal gain.

Question 41

Unethical Hacker

Answer 41

Hackers who are out for personal gain, seeking money or causing damage; operate illegally, without authorization

Question 42

Macine Learning (ML)

Answer 42

A subset of AI that allows systems to learn from data and make decisions without being explicitly programed.

Question 43

Computer Vision

Answer 43

A field of AI that trains computers to interpret and make decisions based on visual data from the world, like photos or videos.

Question 44

Robotics

Answer 44

A field of AI that focuses on the design, construction Ave operation of robots, enabling then to interact autonomous with their environment.

Question 45

Types of Artificial Intelligence

Answer 45

1. Artificial Narrow Intelligence - perform specific tasks w/in limited week- defined problems
2. Artificial General Intelligence - possess human-like intermittent abs can understand, learn and apply knowledge across various tasks.
3. Artificial Super Intelligence - surpass human intelligence across all cognitive abilities and capabilities.

Question 46

Generative AI

Answer 46

A branch of AI that focuses on creating content from existing data.

Question 47

Generative AI

Answer 47

A branch of AI that focuses on creating content from existing data.