Module 1-6 Flashcards
What is the goal of a SQL injection attack?
The goal of a SQL injection attack is to exfiltrate data from a SQL database.
What is Modbus?
A network communication protocol for transmitting information between devices on a SCADA system.
What is supervisory control and data acquisition (SCADA)?
A system for managing multiple ICSs.
system on a chip (SoC)
A chip that combines all the required electronic circuits of the various computer components on a single IC chip.
Industrial control systems (ICSs)
A system that controls devices locally or at remote locations by collecting, monitoring, and processing real-time data so that machines can directly control devices such as valves, pumps, and motors without the need for human intervention.
Ricardo is reviewing the different types of XSS attacks. Which attack only impacts the user who entered the text on the website?
In a Reflected XSS attack, the user enters input into a web application that is then immediately displayed back (“reflected”) to that user to initiate the attack.
Which area of computer memory is dynamic memory for the programmer to allocate as necessary?
The heap
What is Somewhere you are and Something you are?
Restricted military base
Fingerprint reader
What is Something you have and Someone you know?
RFID card
Adriano knows Li
What is Something you exhibit, Something you can do, and Something you know ?
Red hair
Signature
Keys pressed on a keypad
Persistent XSS
A threat actor enters input into a blog post or forum that is stored (“persistent”) and an unsuspecting user later displays it to initiate the attack.
Document Object Model XSS
A web application writes data to the Document Object Model on the web server without proper sanitization and the attacker manipulates this data to include XSS content on the webpage.
Aiko has been asked by her friend if she should download and install an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called?
Rooting
What is the network used in vehicles for communications?
The controller area network (CAN) bus network is used for sending and receiving data in vehicles.
Why is credential stuffing effective?
Because users repeat their passwords on multiple accounts, attackers use these passwords in their attacks with a high probability of success and this is known as credential stuffing.
What is tethering?
A mobile device with an active Internet connection can be used to share that connection with other mobile devices through Bluetooth or Wi-Fi.
What is USB On-the-Go (OTG)?
An OTG mobile device with a USB connection can function as either a host (to which other devices may be connected such as a USB flash drive) for external media access or as a peripheral (such as a mass storage device) to another host.
What is pretexting?
Obtaining private info via impersonation
An ____ _______ is computer hardware and software contained within a larger system designed for a specific function.
embedded system
_____ ______ ______ enables the exchange of cyber threat indicators between parties through computer-to-computer communication, not email communication.
Automated Indicator Sharing
This Principle of Influence is enacted to persuade a target by mentioning people we ___
like.
What is MITRE ATT&CK?
MITRE ATT&CK is a knowledge base of attacker techniques that have been broken down and contain classification in detail.
What is Shadow IT?
Shadow IT is when employees start installing their own equipment or resources without consulting the IT department. Sometimes this may be personal technology while other times it may include a department purchasing software or cloud-based solutions.
Bernard is a security administrator for a large company that uses certain network statistics to determine whether malicious activity is occurring. In which of the following is there evidence of when these network statistics point to malicious activity occurring?
When key risk indicators (KRIs) fall below or surge above certain thresholds, these are evidence of an indicator of compromise (IoC).
Diamond Model of Intrusion Analysis
A framework for examining network intrusion events.
Cyber Kill Chain™
A framework that outlines the steps of an attack.
attack frameworks
Models of the thinking and actions of today’s threat actors.
What source of Threat Intelligence consists of a location where victims of an attack can upload malicious files and software code that can then be examined by others to learn more about these attacks and craft their defenses?
File and code repositories
What are the four Diamond Model of Intrusion Analysis components?
adversary, capabilities, infrastructure, and victims.
What is a KRI (key risk indicator)?
A key risk indicator (KRI) is a metric of the upper and lower bounds of specific indicators of normal network activity.
What is Cybersecurity Information Sharing Act (CISA)
requires a non-federal entity to remove any information from a cyber threat indicator that it knows at the time of sharing to be personal information of a specific individual or information that identifies a specific individual that is not directly related to a cybersecurity threat.
What is Freedom of Information Act (FOIA)
Although federal agencies are required to disclose any information requested, there are nine exemptions, one of which protects interests such as personal privacy.
What is Traffic-Light Protocol (TLP)
uses four colors (red, amber, green, and white) to indicate the expected sharing limitations to be applied by the recipients.
What is Protected Critical Infrastructure Information (PCII)?
To qualify for these protections, information must be related to the security of the critical infrastructure, voluntarily submitted, and not submitted in place of compliance with a regulatory requirement.
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
The threat modeling methodology is designed for assessing non-technical organizational risks that may result from compromised data.
Trike
An open-source threat modeling process that is designed to satisfy the security auditing process from a cyber risk management perspective.
Process for Attack Simulation and Threat Analysis (PASTA)
The threat modeling provides a seven-step process for risk analysis that does not depend upon which platform is being used.
Spoofing Tampering Repudiation Information Message Disclosure Denial of Service and Elevation of Privilege (STRIDE)
The goal of this threat modeling is to ensure that an application meets the security properties of Confidentiality, Integrity, and Availability (CIA), along with Authorization, Authentication, and Non-Repudiation.
Visual, Agile, and Simple Threat modeling (VAST)
The founding principle is that threat modeling must scale across the infrastructure and entire application development (DevOps) library and provide actionable, accurate, and consistent outputs for developers, security teams, and senior executives.
what is an internal function of the programming language C that can be used to copy a string to a destination buffer without checking the length of the destination buffer
strcpy
What is a memorandum of understanding?
describes an agreement between two or more parties. It demonstrates a “convergence of will” between the parties so that they can work together. Not legal, but formal.
What is NIPS?
Detects network intrusions in real time.
What is a service level agreement?
a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service.
The ____of a vulnerability scan defines the target devices to be scanned.
scope
Race condition
occurs when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
What are the data classification levels?
Public- Data that is the least sensitive and would cause only a small amount of harm if disclosed, such as the number of current employees
Proprietary- Data that is disclosed outside the company on only a limited basis to trusted third parties; an unexpected disclosure could reduce the company’s competitive advantage, such as the nontechnical specifications for a new product
Private- Data that, while it may not harm the company itself, could cause damage to others, such as human resources data of employees
Confidential- Data that is used internally within the company, but a public disclosure would cause significant harm to the organization, such as an impending merger or acquisition
Sensitive- Data that could cause catastrophic harm to the company if disclosed, such as the technical specifications for a new product
Loide is a cybersecurity analyst and is looking for a vulnerability scanner that will pull updates from a web-based feed so that it constantly has the latest information about new vulnerabilities as they’re discovered. Which of the following might be a good source of data for the scanner?
National Vulnerability Database
insecure object reference
A condition that occurs when an application externally exposes a reference to an internal object.
What is an NDA?
a legal contract between parties that specifies how confidential material will be shared between the parties but restricted to others.
Kiah, a cybersecurity analyst for the government, is setting up a new Linux server and needs to configure the data classification labels to be used for the new application. What are valid labels for U.S. government systems?
Confidential, secret, top secret
Extracting data on an asset to be used in a vulnerability scan.
enumeration
Building a picture of an endpoint and network through enumeration.
mapping
legacy systems
Older systems with specialized software that cannot be easily replaced.
What is a serverless infrastructure?
A serverless infrastructure is one in which the capacity planning, installation, setup, and management are all invisible to the user because they are handled by the cloud provider.
What provides random input to a program to attempt to trigger exceptions, such as memory corruption, program crashes, or security breaches?
fuzzing
A popular and highly regarded infrastructure vulnerability scanning tool.
Nessus
A full-featured vulnerability scanner that currently includes more than 50,000 vulnerability tests.
OpenVAS
A scanner that can detect vulnerabilities on virtually any networked assets, including servers; network devices such as routers, switches, and firewalls; peripherals, and endpoints.
Qualys
In cybersecurity, _____ is the process of extracting a list of usernames, machine names, network resources, shares, and services from a network system.
enumeration
A third-party network tool that is a command-line TCP/IP packet assembler and analyzer.
hping
A tool for capturing wireless packets and attacking wireless networks.
Aircrack-ng
A tool that can be used to crack password hashes.
Hashcat
A third-party network tool that can manipulate name resolution services to uncover sensitive information.
responder
A tool for cracking Wi-Fi Protected Setup (WPS) PINs.
Reaver
A cloud computing model of hosted software environment.
Software as a Service (SaaS)
A cloud computing model of a software platform on which the enterprise or users can build their own applications and then host them.
Correct: Platform as a Service (PaaS)
A cloud computing model that provides unlimited “raw” computing, storage, and network resources that the enterprise can use to build its own virtual infrastructure in the cloud.
Correct: Infrastructure as a Service (IaaS)
A serverless approach to executing modular pieces of code.
Correct: Function as a Service (FaaS)
Nikto
Correct: A web application vulnerability diagnostic tool that is a command-line open source tool.
What process enables software developers to order the needed infrastructure from the cloud service provider by executing a script?
Infrastructure as Code (IaC)
decompiler
A decompiler creates source code from machine language.
A command-line tool for diagnosing vulnerabilities in services using the AWS cloud. It looks at cloud configurations and compares them with more than 150 cloud security best practices.
Prowler
What would an administrator use to access a server in a DMZ?
A jump box | this is a minimally configured administrator server (either physical or virtual) within the DMZ. Running only essential protocols and ports.
Vince wants to configure a firewall on the perimeter of his organization’s network to block all unsolicited incoming traffic. However, he still needs servers behind the firewall to be able to access the Internet for patching purposes. Which of the following types of firewalls might he decide to install?
Stateful firewall
What is subnetting?
A method of subdividing a larger network into smaller subnetworks that will not be able to communicate without a specifically configured route between them.
What is a publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate?
A certificate repository (CR)
What is a list of preapproved applications?
Whitelisting
What is the process of dividing a network into small elements to provide the controls of separation and quarantining.
system isolation
Mandatory Access Control (MAC)
Assigning users’ access controls strictly according to the data custodian’s desires.
Role-Based Access Control (RBAC)
Assigning users’ access controls based on job roles.
A hardware security module (HSM) provides what?
cryptographic services and is external to the device
Boot mode that verifies parts of the process with another trusted sever.
Measured Boot
Which model uses a sequential design process?
waterfall model, after each stage is fully completed, the developers move on to the next stage.
What is UEFI (Unified Extensible Firmware Interface)?
An improved version of the firmware interface developed to replace the BIOS.
parameterized query
Using predefined variables or prepared statements as placeholders for parameters
Marilla is creating an application that will be installed on all client computers in her organization. Which of the following processes involves examining the application for bugs and vulnerabilities before the software is compiled?
Static code analysis is the close examination and testing of software before the source code is compiled.
What is atomic execution?
permits a processor to read from a memory location or write to a location during the same data operation.
