Module 1 - 02-2

Question 1

Define Asset

Answer 1

An item perceived as having value to an organization

Question 2

Define Threat

Answer 2

Any circumstance or event that can negatively impact assets

Question 3

Define Social Engineering

Answer 3

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 4

Define Phishing

Answer 4

A technique that is used to acquire sensitive data, such as user names, passwords, or banking information

Question 5

True or False?
Phishing exploits human error to acquire sensitive data and private information.

Answer 5

True

Phishing exploits human error to acquire sensitive data and private information. It is one method of social engineering.

Question 6

Define Risk

Answer 6

Anything that can impact the confidentiality, integrity, or availability of an asset

A basic formula for determining the level of risk is that risk equals the likelihood of a threat.

Question 7

How would an organization rate risks at different levels (3)?

Answer 7

• Low
• Medium
• High

depending on possible threats and the value of an asset

Question 8

Define Low-Risk Asset

Answer 8

Information that would not harm the organization’s reputation or ongoing operations, and would not cause financial damage if compromised

Question 9

What are examples of Low-Risk Asset (2)?

Answer 9

• Public information such as website content
• Published research data

Question 10

Define Medium-Risk Asset

Answer 10

Information that’s not available to the public and may cause some damage to the organization’s finances, reputation, or ongoing operations

Question 11

What is an example of Medium-Risk Asset?

Answer 11

The early release of a company’s quarterly earnings could impact the value of their stock

Question 12

Define High-Risk Asset

Answer 12

Information protected by regulations or laws, which if compromised, would have a severe negative impact on an organization’s finances, ongoing operations, or reputation

Question 13

What are examples of High-Risk Asset (3)?

Answer 13

This could include leaked assets with SPII, PII, or intellectual property

Question 14

Define Vulnerability

Answer 14

A weakness that can be exploited by a threat

Question 15

What two factors must be present for there to be a risk?

Answer 15

Both a Vulnerability and a Threat must be present for there to be a Risk

Question 16

What are examples of Vulnerabilities (4)?

Answer 16

• An outdated firewall, software, or application
• Weak passwords
• Unprotected confidential data
• People

Question 17

Define Ransomware

Answer 17

A malicious attack where threat actors encrypt an organization’s data then demand payment to restore access

Question 18

What are the Layers of the Web (3)?

Answer 18

• Surface Web
• Deep Web
• Dark Web

Question 19

What is the Top Layer of the Web?

Answer 19

Surface Web

Question 20

What is the Middle Layer of the Web?

Answer 20

Deep Web

Question 21

What is the Bottom Layer of the Web?

Answer 21

Dark Web

Question 22

Define Surface Web

Answer 22

The surface web is the layer that most people use.
It contains content that can be accessed using a web browser.

Question 23

Define Deep Web

Answer 23

The deep web generally requires authorization to access it.
An organization’s intranet is an example of the deep web, since it can only be accessed by employees or others who have been granted access.

Question 24

Define Dark Web

Answer 24

Lastly, the dark web can only be accessed by using special software.
The dark web generally carries a negative connotation since it is the preferred web layer for criminals because of the secrecy that it provides.

Question 25

What are the three key impacts of threats, risks, and vulnerabilities?

Answer 25

1. Financial
2. Identity theft
3. Reputation

Question 26

Explain the Financial Impact on how it relates to threats, risks, and vulnerabilities

Answer 26

o When an organization’s assets are compromised by an attack, such as the use of malware, the financial consequences can be significant for a variety of reasons.
o These can include interrupted production and services, the cost to correct the issue, and fines if assets are compromised because of non-compliance with laws and regulations.

Question 27

Explain the impact on how Identity Theft relates to threats, risks, and vulnerabilities

Answer 27

o Organizations must decide whether to store private customer, employee, and outside vendor data, and for how long.
o Storing any type of sensitive data presents a risk to the organization.
o Sensitive data can include personally identifiable information, or PII, which can be sold or leaked through the dark web.
o That’s because the dark web provides a sense of secrecy and threat actors may have the ability to sell data there without facing legal consequences.

Question 28

Explain the impact on how Reputation relates to threats, risks, and vulnerabilities

Answer 28

o A solid customer base supports an organization’s mission, vision, and financial goals.
o An exploited vulnerability can lead customers to seek new business relationships with competitors or create bad press that causes permanent damage to an organization’s reputation.
o The loss of customer data doesn’t only affect an organization’s reputation and financials, it may also result in legal penalties and fines.

Question 29

What does NIST stand for?

Answer 29

National Institute of Standards and Technology (NIST)

Question 30

What is does National Institute of Standards and Technology (NIST) provide?

Answer 30

Frameworks that are used by security professionals to manage risks, threats, and vulnerabilities

Question 31

What does RMF stand for?

Answer 31

Risk Management Framework (RMF)

Question 32

What does NIST RMF stand for?

Answer 32

National Institute of Standards and Technology’s Risk Management Framework (NIST RMF)W

Question 33

What are the seven (7) steps in the NIST RMF?

Answer 33

1. Prepare
2. Categorize
3. Select
4. Implement
5. Assess
6. Authorize
7. Monitor

Question 34

What is the first (1st) step in the NIST RMF?

Answer 34

1. Prepare

Question 35

What is the second (2nd) step in the NIST RMF?

Answer 35

2. Categorize

Question 36

What is the third (3rd) step in the NIST RMF?

Answer 36

3. Select

Question 37

What is the fourth (4th) step in the NIST RMF?

Answer 37

4. Implement

Question 38

What is the fifth (5th) step in the NIST RMF?

Answer 38

5. Assess

Question 39

What is the sixth (6th) step in the NIST RMF?

Answer 39

6. Authorize

Question 40

What is the seventh (7th) step in the NIST RMF?

Answer 40

7. Monitor

Question 41

Define the NIST RMF Step 1: Prepare

Answer 41

Activities that are necessary to manage security and privacy risks before a breach occurs.

As an entry-level analyst, you’ll likely use this step to monitor for risks and identify controls that can be used to reduce those risks.

Question 42

Define the NIST RMF Step 2: Categorize

Answer 42

Used to develop risk management processes and tasks.

Security professionals then use those processes and develop tasks by thinking about how the confidentiality, integrity, and availability of systems and information can be impacted by risk.

As an entry-level analyst, you’ll need to be able to understand how to follow the processes established by your organization to reduce risks to critical assets, such as private customer information.

Question 43

Define the NIST RMF Step 3: Select

Answer 43

Choose, customize, and capture documentation of the controls that protect an organization.

An example of the select step would be keeping a playbook up-to-date or helping to manage other documentation that allows you and your team to address issues more efficiently.

Question 44

Define the NIST RMF Step 4: Implement

Answer 44

Implement security and privacy plans for the organization.

Having good plans in place is essential for minimizing the impact of ongoing security risks.

For example, if you notice a pattern of employees constantly needing password resets, implementing a change to password requirements may help solve this issue.

Question 45

Define the NIST RMF Step 5: Assess

Answer 45

Determine if established controls are implemented correctly.

An organization always wants to operate as efficiently as possible.

So it’s essential to take the time to analyze whether the implemented protocols, procedures, and controls that are in place are meeting organizational needs.

During this step, analysts identify potential weaknesses and determine whether the organization’s tools, procedures, controls, and protocols should be changed to better manage potential risks.

Question 46

Define the NIST RMF Step 6: Authorize

Answer 46

Being accountable for the security and privacy risks that may exist in an organization.

As an analyst, the authorization step could involve generating reports, developing plans of action, and establishing project milestones that are aligned to your organization’s security goals.

Question 47

Define the NIST RMF Step 7: Monitor

Answer 47

Be aware of how systems are operating.

Assessing and maintaining technical operations are tasks that analysts complete daily.

Part of maintaining a low level of risk for an organization is knowing how the current systems support the organization’s security goals.

If the systems in place don’t meet those goals, changes may be needed.

Question 48

What are some common strategies used to manage risks (4)?

Answer 48

• Acceptance
• Avoidance
• Transference
• Mitigation

Question 49

Define the strategy of Acceptance to manage risk

Answer 49

Accepting a risk to avoid disrupting business

Question 50

Define the strategy of Avoidance to manage risk

Answer 50

Creating a plan to avoid the risk altogether

Question 51

Define the strategy of Transference to manage risk

Answer 51

Transferring risk to a third party to manage

Question 52

Define the strategy of Mitigation to manage risk

Answer 52

Lessening the impact of a known risk

Question 53

What does HITRUST stand for?

Answer 53

Health Information Trust Alliance

Question 54

What are two common threats?

Answer 54

• Insider threats
• Advanced persistent threats (APTs)

Question 55

Define Insider Threats

Answer 55

Staff members or vendors abuse their authorized access to obtain data that may harm an organization.

Question 56

What does APTs stand for?

Answer 56

Advanced Persistent Threats (APTs)

Question 57

Define Advanced persistent threats (APTs)

Answer 57

A threat actor maintains unauthorized access to a system for an extended period of time

Question 58

What different factors can affect the likelihood of a risk to an organization’s assets (5)?

Answer 58

• External risk
• Internal risk
• Legacy systems
• Multiparty risk
• Software compliance/licensing

Question 59

Define External Risk

Answer 59

Anything outside the organization that has the potential to harm organizational assets, such as threat actors attempting to gain access to private information

Question 60

Define Internal Risk

Answer 60

A current or former employee, vendor, or trusted partner who poses a security risk

Question 61

Define Legacy systems

Answer 61

Old systems that might not be accounted for or updated, but can still impact assets, such as workstations or old mainframe systems.

For example, an organization might have an old vending machine that takes credit card payments or a workstation that is still connected to the legacy accounting system.

Question 62

Define Multiparty Risk

Answer 62

Outsourcing work to third-party vendors can give them access to intellectual property, such as trade secrets, software designs, and inventions.

Question 63

Define Software Compliance/Licensing

Answer 63

Software that is not updated or in compliance, or patches that are not installed in a timely manner

Question 64

What does OWASP stand for?

Answer 64

Open Web Application Security Project (OWASP)

Open Worldwide Application Security Project (OWASP)

Question 65

Define OWASP

Answer 65

A non-profit organization that aims to improve the security of web applications and software

It does this by providing guidance on how to develop, purchase and maintain trustworthy and secure software applications

Question 66

What are some vulnerabilities that organizations need to regularly inspect for within their systems (6)?

Answer 66

• ProxyLogon
• ZeroLogon
• Log4Shell
• PetitPotam
• Security logging and monitoring failures
• Server-side request forgery

Question 67

Define ProxyLogon

Answer 67

A pre-authenticated vulnerability that affects the Microsoft Exchange server.
This means a threat actor can complete a user authentication process to deploy malicious code from a remote location.

Question 68

Define ZeroLogon

Answer 68

A vulnerability in Microsoft’s Netlogon authentication protocol.
An authentication protocol is a way to verify a person’s identity.
Netlogon is a service that ensures a user’s identity before allowing access to a website’s location.

Question 69

Define Netlogon

Answer 69

A service that ensures a user’s identity before allowing access to a website’s location.

Question 70

Define Log4Shell

Answer 70

Allows attackers to run Java code on someone else’s computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.

Question 71

Define PetitPotam

Answer 71

Affects Windows New Technology Local Area Network (LAN) Manager (NTLM).
It is a theft technique that allows a LAN-based attacker to initiate an authentication request.

Question 72

What does NTLM stand for?

Answer 72

New Technology LAN Manager (NTLM)

Question 73

Define NTLM

Answer 73

A suite of security protocols developed by Microsoft to authenticate users and protect their activity

A suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users

Question 74

Define Security logging and monitoring failures

Answer 74

Insufficient logging and monitoring capabilities that result in attackers exploiting vulnerabilities without the organization knowing it

Question 75

Define Server-side request forgery

Answer 75

Allows attackers to manipulate a server-side application into accessing and updating backend resources. It can also allow threat actors to steal data.

Question 76

What is a vulnerability?

• Any circumstance or event that can negatively impact assets
• An organization’s ability to manage its defense of critical assets and data and react to change
• A weakness that can be exploited by a threat
• Anything that can impact the confidentiality, integrity, or availability of an asset

Answer 76

A vulnerability is a weakness that can be exploited by a threat.

Question 77

Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.

• high-risk asset
• low-risk asset
• medium-risk asset
• new-risk asset

Answer 77

high-risk asset

Question 78

What are the key impacts of threats, risks, and vulnerabilities? Select three answers.

• Employee retention
• Financial damage
• Identity theft
• Damage to reputation

Answer 78

• Financial damage
• Identity theft
• Damage to reputation

Question 79

The steps in the Risk Management Framework (RMF) are prepare, _____, select, implement, assess, authorize, and monitor.

• reflect
• categorize
• communicate
• produce

Answer 79

• categorize