Module 1 - Analyzing the Cyber Security Environment

Question 1

What is Cybersecurity?

Answer 1

Cybersecurity is the ongoing effort to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm.

Question 2

What is Personal Level Cybersecurity?

Answer 2

Personal cybersecurity involves the techniques and best practices used to protect your privacy, data, and devices from unauthorized access and malicious cyberattacks.

Question 3

What is Organizational Level Cybersecurity?

Answer 3

Organizational level cybersecurity is the implementation of cybersecurity policies, processes, and technologies to protect an organization’s data, systems, and networks from cyber threats. At an organizational level, it is everyone’s responsibility to protect the organization’s reputation, data and customers.

Question 4

What is Government Level Cybersecurity?

Answer 4

Government-level cybersecurity refers to the practices and technologies that governments use to protect their critical infrastructure, sensitive data, and citizens from cyber threats.

Question 5

What is Identity-based Security?

Answer 5

Identity-based security is a type of security that focuses on access to digital information or services based on the authenticated identity of an entity. It ensures that the users and services of these digital resources are entitled to what they receive. The most common form of identity-based security involves the login of an account with a username and password. However, recent technology has evolved into fingerprinting or facial recognition.

Question 6

What is Identity Theft?

Answer 6

Identity theft, identity piracy or identity infringement occurs when someone uses another’s personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes.

Question 7

What is Traditional Data?

Answer 7

Traditional data is structured data that has been collected and stored in formats like databases, spreadsheets, etc. It is organized in a predefined manner, such as tables, columns, and rows. Traditional data is typically easy to manipulate and can be managed with conventional data processing software.

Question 8

What is Transactional Data?

Answer 8

Transactional data is data that is generated by business transactions. It is the data that is captured when a customer buys a product or service, when a supplier delivers goods, or when an employee completes a task. Transactional data is typically stored in databases and is used to track business performance, manage inventory, and make informed decisions.

Question 9

What is Intellectual Property?

Answer 9

Intellectual property (IP) is a category of property that includes intangible creations of the human intellect. It includes inventions, literary and artistic works, designs, and symbols, names and images used in commerce. IP is protected by law through patents, copyrights, trademarks, and trade secrets.

Question 10

What is Financial Data?

Answer 10

Financial data is quantitative information about the financial performance and health of a company or other organization. Financial data include: statement of financial position, statement of comprehensive income, statement of changes in equity, and statement of cash flows.

Question 11

What is Cyberwarfare?

Answer 11

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

Question 12

What is Compromised Information?

Answer 12

Compromised information is any sensitive information that has been accessed, used, or disclosed without authorization. This can include personal information, financial information, intellectual property, and trade secrets.

Question 13

What are Defense Secrets?

Answer 13

Defense secrets are classified information related to national security and defense capabilities. They can include information about military plans, operations, weapons systems, and intelligence gathering. Defense secrets are typically classified by governments and militaries to protect them from falling into the hands of adversaries.

Question 14

What is Stuxnet?

Answer 14

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran.

Question 15

What is Information Security?

Answer 15

Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information.

Question 16

What is CIA Triad?

Answer 16

Information security’s primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the “CIA” triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.

Question 17

What is Confidentiality in CIA Triad?

Answer 17

Confidentiality in the CIA Triad is the principle that information should only be accessible to authorized individuals. This means that unauthorized individuals should not be able to read, modify, or destroy information.

Question 18

What is Integrity in CIA Triad?

Answer 18

Integrity in the CIA Triad is the principle that information should be accurate and complete, and has not been tampered with. This means that unauthorized individuals should not be able to modify or destroy information without authorization.

Question 19

What is Availability in CIA Triad?

Answer 19

Availability in the CIA Triad is the principle that information and systems should be accessible to authorized users when they need them. This means that systems should be up and running, and data should be accessible.

Question 20

What is DAD Triad?

Answer 20

The DAD Triad is a complementary model to the CIA Triad. While the CIA Triad focuses on the goals of confidentiality, integrity, and availability, the DAD Triad focuses on the risks that can prevent these goals from being achieved.

Question 21

What is Disclosure in DAD Triad?

Answer 21

Disclosure is the exposure of sensitive information to unauthorized individuals, otherwise known as data loss. It is a violation of the principle of confidentiality.

Question 22

What is Alteration in DAD Triad?

Answer 22

Alteration is the unauthorized modification of information and is a violation of the principle of integrity.

Question 23

What is Destruction in DAD Triad?

Answer 23

Denial is the unintended disruption of an authorized user’s legitimate access to information. Denial events violate the principle of availability.

Question 24

What are Security Controls?

Answer 24

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. n the field of information security, such controls protect the confidentiality, integrity and availability of information.

Question 25

What are Physical Security Controls?

Answer 25

Physical controls are anything that physically limits or prevents access to IT systems. Fences, guards, dogs, and CCTV systems and the like.

Question 26

What are Procedural/Administrative/Managerial Security Controls?

Answer 26

Procedural/Administrative/Managerial controls are organization’s policies and procedures. Their purpose is to ensure that there is proper guidance available in regard to security and that regulations are met. They include things such as hiring practices, data handling procedures, and security requirements.

Question 27

What are Technical/Logical Security Controls?

Answer 27

Technical/Logical controls are hardware or software whose purpose is to protect systems and resources. Examples of technical controls would be disk encryption, File integrity software, and authentication. Hardware technical controls differ from physical controls in that they prevent access to the contents of a system, but not the physical systems themselves.

Question 28

What are Operations Security Controls?

Answer 28

Operational controls include the processes that we put in place to manage technology in a secure manner. These include user access reviews, log monitoring, and vulnerability management.

Question 29

What are Legal/Regulatory Security Compliance Controls?

Answer 29

Legal/Regulatory security compliance controls are measures that organizations implement to meet their obligations under applicable laws and regulations. These controls can help organizations to protect sensitive information, prevent cyberattacks, and reduce the risk of regulatory fines and penalties.

Question 30

What are Preventive Security Controls?

Answer 30

Preventive security controls are security measures that are designed to prevent security incidents from happening in the first place.

Question 31

What are Detective Security Controls?

Answer 31

Detective security controls are security measures that are designed to detect security incidents after they have occurred.

Question 32

What are Corrective Security Controls?

Answer 32

Corrective security controls are security measures that are designed to respond to security incidents and remediate any damage that has been caused.

Question 33

What is Data Protection?

Answer 33

Data protection is the process of safeguarding important information from corruption, compromise, or loss.

Question 34

What is Data at Rest?

Answer 34

Data at rest in information technology means data that is housed physically on computer data storage in any digital form.

Question 35

What is Data in Transit/Motion/Flight?

Answer 35

Data in transit/motion/flight is data that is being transmitted over a network.

Question 36

What is Data in Processing?

Answer 36

Data in processing is data that is being manipulated or transformed in some way.

Question 37

What is data loss prevention (DLP)?

Answer 37

Data loss prevention (DLP) is a set of tools and technologies that organizations use to prevent the loss, theft, or unauthorized access to sensitive data.

Question 38

What is Host-based DLP?

Answer 38

Host-based DLP is a security solution that is installed on individual computers or devices to monitor and protect sensitive data. It can detect and prevent data exfiltration by blocking unauthorized access to data, copying of data to unauthorized devices, and transmission of data over unauthorized networks.

Question 39

What is Network-based DLP?

Answer 39

Network-based DLP (data loss prevention) is a security solution that monitors and protects data as it travels across a network. It is typically deployed as a proxy server or inline device that intercepts all network traffic and inspects it for sensitive data, such as credit card numbers, social security numbers, and trade secrets.

Question 40

Who are Cybersecurity Threat Actors?

Answer 40

Cybersecurity threat actors are individuals or groups that intentionally cause harm to digital devices or systems. Cybersecurity threat actors exploit vulnerabilities in computer systems, networks, and software to perpetuate a variety of cyberattacks, including phishing, ransomware, and malware attacks.

Question 41

Who are Black Hat Hackers?

Answer 41

Black hat hackers are criminals who intentionally enter computer networks with malicious intent are known as “black hat hackers”.

Question 42

Who are White Hat Hackers?

Answer 42

White hat hackers (or a white-hat hacker, a whitehat) are an ethical security hackers.

Question 43

Who are Gray Hat Hackers?

Answer 43

Grey hat hackers (greyhat or gray hat) are computer hackers or computer security experts who may sometimes violate laws or typical ethical standards, but usually do not have the malicious intent typical of black hat hackers.

Question 44

Who are Red Hat Hackers?

Answer 44

Red hat hackers hackers who take aggressive steps to stop black hat hackers. While red hat hackers are not inherently evil, they do everything they can to stop the bad guys, including taking matters into their own hands. They go to the lengths of launching full-scale attacks to take down cybercriminals’ or cyber attackers’ servers and destroy their resources.

Question 45

Who are Green Hat Hackers?

Answer 45

Green hat hacker are newbies in the hacking world. As such, green hat hackers may not be as familiar with all the security mechanisms companies or individuals may be using. Unlike the other hacker categories, they may not be as well-versed with the inner workings of the web.

Question 46

Who are Blue Hat Hackers?

Answer 46

Blue hat hackers closely resemble white hat hackers, but instead of breaking into systems or software that a business is already using, a business will give the blue hacker access beforehand to test it for flaws.

Question 47

Who are Script Kiddies?

Answer 47

Script kiddies, skiddies, kiddies, or skids are unskilled individuals who use scripts or programs developed by others, primarily for malicious purposes.

Question 48

Who are Hacktivists?

Answer 48

Hacktivists are individuals or groups who use hacking techniques to promote social, political, or ideological causes. They carry out unauthorized activities, such as website defacements or data breaches, to raise awareness or challenge institutions.

Question 49

Who are Criminal Syndicates?

Answer 49

Criminal syndicates are highly organized groups of criminals who engage in a variety of illegal activities, including drug trafficking, human trafficking, arms trafficking, money laundering, and extortion.

Question 50

What are Advanced Persistent Threats (ATPs)?

Answer 50

Advanced persistent threats (ATPs) are highly sophisticated cyberattacks that are designed to gain unauthorized access to a computer system or network and remain undetected for a prolonged period of time. ATPs are typically carried out by well-resourced and highly skilled adversaries, such as nation-state actors or organized crime syndicates.

Question 51

What is a Zero-day Attack?

Answer 51

A zero-day attack is a cyberattack that exploits a software vulnerability that is previously unknown to the vendor or developer. This means that there is no patch available to fix the vulnerability, and attackers can exploit it freely.

Question 52

What is a Malware?

Answer 52

Malware, or malicious software, is any software program or code that is designed to damage or disable computer systems and networks. Malware can take many forms, including viruses, worms, Trojan horses, ransomware, and spyware.

Question 53

What is Computer Virus?

Answer 53

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be “infected” with a computer virus, a metaphor derived from biological viruses.

Question 54

What is a Computer Worm?

Answer 54

A computer worm is a type of malware that can self-replicate and spread to other computers over networks. Unlike a virus, a worm does not need to attach itself to a host file to spread. Instead, it exploits parts of an operating system that are automatic and invisible to the user.

Question 55

What is a Trojan Horse?

Answer 55

A Trojan horse is a type of malware that disguises itself as a legitimate program or file in order to trick users into installing it on their computer systems. Once installed, Trojans can perform a variety of malicious tasks, such as stealing personal information, installing other malware, or disrupting computer operations.

Question 56

What is Ransomware?

Answer 56

Ransomware is a type of malware that encrypts a user’s files and demands a ransom payment in exchange for the decryption key. Ransomware is often spread through email attachments, infected websites, or peer-to-peer file sharing networks. Once installed on a computer, ransomware can quickly encrypt all of the user’s files, making them inaccessible.

Question 57

What is a Spyware?

Answer 57

Spyware is a type of malware that is designed to collect information about a user’s computer activities or personal data without their consent. Spyware can be used to track a user’s internet browsing habits, steal passwords and credit card numbers, or even monitor their online communications

Question 58

What are Rootkits?

Answer 58

A rootkit is a type of malware that is designed to gain unauthorized access to a computer system and remain hidden from the user and other programs. Rootkits can be used to steal data, install other malware, or disrupt computer operations.

Question 59

What is a Backdoor?

Answer 59

A backdoor in computing is a method of bypassing normal authentication or encryption controls on a computer system or network.

Question 60

What are Bots?

Answer 60

Bots are remotely controlled systems or devices that have a malware infection. Groups of bots are known as botnets, and botnets are used by attackers who control them to perform various actions, ranging from additional compromises and infection, to denial-of-service attacks or acting as spam relays. Large botnets may have hundreds of thousands of bots involved in them, and some have had millions of bots in total.

Question 61

What is a Keylogger?

Answer 61

A keylogger is a software program or hardware device that records the keys that a user types on their keyboard. Keyloggers can be used for both legitimate and malicious purposes.

Question 62

What is a Logic Bomb?

Answer 62

A logic bomb is a malicious piece of code that is intentionally inserted into a software system or program. It is designed to trigger a malicious function when specific conditions are met. These conditions can be anything from a specific date and time to a certain event occurring within the system. Once triggered, the logic bomb can cause a variety of damage, such as deleting files, corrupting data, or disabling the system altogether.

Question 63

What is Adware?

Answer 63

Adware is a type of malware that displays unwanted advertisements on a user’s computer or mobile device. Adware is typically distributed through free software downloads, such as peer-to-peer file-sharing programs and toolbars. Once installed on a user’s device, adware can display pop-up ads, redirect web searches, and collect personal information.

Question 64

What is Offensive Security?

Answer 64

Offensive Security (also known as OffSec) is a proactive approach to cybersecurity that uses the same tactics and techniques as attackers to identify and remediate security vulnerabilities before they can be exploited.

Question 65

What is Defensive Security?

Answer 65

Defensive security is a reactive approach to cybersecurity that focuses on preventing, detecting, and responding to cyberattacks.

Question 66

What is Information Security?

Answer 66

Information security (InfoSec) is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. It is a critical part of any organization’s risk management strategy, as it helps to protect valuable assets such as customer data, intellectual property, and financial information.

Question 67

What is Defense in Depth?

Answer 67

Defense in depth (DiD) is a cybersecurity strategy that uses multiple layers of security controls to protect an organization’s assets. The goal of DiD is to make it more difficult and costly for attackers to succeed, even if they are able to breach one layer of security.

Question 68

What is Privileged Identity Management?

Answer 68

Privileged Identity Management (PIM) is a cybersecurity practice that helps organizations to manage and control access to privileged accounts. Privileged accounts are accounts that have elevated access to systems and data, and they can be used to perform a variety of sensitive tasks, such as changing system settings, creating new user accounts, and accessing sensitive data.

Question 69

What is Privileged Access Management?

Answer 69

Privileged Access Management (PAM) is a cybersecurity strategy that combines people, processes, and technology to control, monitor, secure, and audit all human and non-human privileged identities and activities across an enterprise IT environment. PAM helps organizations protect against the threats posed by credential theft and privilege misuse, both from external attackers and from malicious insiders.

Question 70

What is the Bell-LaPadula Model?

Answer 70

The Bell–LaPadula Model (BLP) is a model used for enforcing access control in government and military applications. It was developed to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g., “Top Secret”), down to the least sensitive (e.g., “Unclassified” or “Public”).

Question 71

What is Biba Model?

Answer 71

The Biba Model or Biba Integrity Model is a policy describing a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

Question 72

What is Threat Modeling?

Answer 72

Threat modeling is a process for identifying and assessing security threats to a system, and determining the appropriate countermeasures to mitigate those threats. It is a proactive approach to security that helps organizations to identify and fix vulnerabilities before they are exploited by attackers.

Question 73

What is DOS?

Answer 73

DOS is a family of disk-based operating systems for IBM PC compatible computers.

Question 74

What is Security Awareness?

Answer 74

Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization.

Question 75

What is a Brute-force Attack?

Answer 75

A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.

Question 76

What is Password Spraying?

Answer 76

A password spraying attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. This is effective because many users use simple, predictable passwords.

Question 77

What is a Dictionary Attack?

Answer 77

A dictionary attack is a type of brute-force attack that attempts to gain unauthorized access to a system or account by systematically trying a list of common words, phrases, and combinations as passwords.

Question 78

What is a Rainbow Table?

Answer 78

A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for reversing the hash function. This makes it possible to quickly crack passwords that have been stored using a hash function.

Question 79

What is a Hash Function?

Answer 79

A hash function is a mathematical algorithm that maps data of any length to a fixed-size output called a hash value or hash code.

Question 80

What is Salting?

Answer 80

Salting is the process of adding random data to a password before it is hashed. This helps to protect against rainbow table attacks, which are a type of precomputed attack that can be used to quickly crack passwords that have been hashed using a common salt.

Question 81

What is Social Engineering?

Answer 81

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.