Module 1 Introduction to Cybersecurity

Question 1

Rogue access point

Answer 1

Is an unauthorized access point connected to a network. Ransomware disables the victim’s access to data until a ransom is paid. (e.g., Ryuk). Fileless malware changes files native to the OS (e.g., Astaroth).

Question 2

Spyware

Answer 2

Collects user activity data without the user’s knowledge (e.g., DarkHotel).

Question 3

Adware

Answer 3

Serves unwanted advertisements (e.g., Fireball types of malware and their characteristics).

Question 4

Trojans

Answer 4

Disguise themselves as desirable code (e.g., Emotet).

Question 5

Worms

Answer 5

Spread through a network by replicating themselves (e.g., Stuxnet).

Question 6

Rootkits

Answer 6

Gives hackers remote control of a victim’s device (e.g., Zacinlo).

Question 7

Keyloggers

Answer 7

Monitor a user’s keystrokes (e.g., Olympic Vision).

Question 8

Bots

Answer 8

Launch a broad flood of attacks (e.g., Echobot).

Question 9

Mobile malware

Answer 9

Infects mobile devices (e.g., Triada).

Question 10

Malware

Answer 10

Broad term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that installs risky software.

Question 11

Phishing

Answer 11

Involves sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.

Question 12

On-Path

Answer 12

Attacks are also known as eavesdropping attacks, which occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.

Question 13

Denial of Service

Answer 13

Attacks flood systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this type of attack. It may also be known as a Distributed Denial of Service (DDoS) attack.

Question 14

Distributed Denial of Service (DDOS)

Answer 14

Attack is executed from multiole synchronized computers to disable or deny one or more services on a targeted machine

Question 15

SQL injection

Answer 15

Is a Structured Query Language (SQL) injection that occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker may carry out a SQL injection by simply submitting malicious code into a vulnerable website search box. Learn how to defend against SQL injection attacks.

Question 16

Zero-day exploits

Answer 16

Hit after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.

Question 17

DNS tunneling

Answer 17

Utilizes the Domain Name System (DNS) protocol to communicate non-DNS traffic over port 53. DNS tunneling sends HTTP and other protocol traffic over DNS. There are various legitimate reasons to utilize DNS tunneling. However, there are also malicious motivations for using DNS tunneling virtual private network (VPN) services. This tactic is used to disguise outbound traffic like DNS, concealing data typically shared through an internet connection. DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure for malicious use. It can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system.

Question 18

File Signature based anti-virus

Answer 18

Identifies malware based on raw data, name, size, hash,bits, address, author and magic bits. Cannot detect code change

Question 19

Heuristics based malware

Answer 19

Analyzes malware behavior, including the memory it uses and communication with the kernal, system, and network via DDLs.

Question 20

Confidentiality

Answer 20

Confidentiality preserves authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Question 21

Integrity

Answer 21

Guards against improper information modification or destruction, ensuring information nonrepudiation and authenticity.

Question 22

Availability

Answer 22

Ensures timely and reliable access to and use of information.

Question 23

What are the 5 Steps of NIST Cybersecurity Framework

Answer 23

Identify, Protect, Detect, Respond, Recover

Question 24

Identify

Answer 24

Asset management, business environment, governance, risk assessment, risk management strategy

Question 25

Protect

Answer 25

Access control, awareness training, data security, information protection processes and procedures, maintenance, protective technology

Question 26

Detect

Answer 26

Anomalies and events, security continuous monitoring, detection processes

Question 27

Respond

Answer 27

Response planning, communications, analysis, mitigation, improvements

Question 28

Recover

Answer 28

Recovery planning, improvements, communications

Question 29

What are the 6 Phases of Risk Management Lifecycle

Answer 29

Categorize, Select, Implement, Assess, Authorize, Monitor, Focus

Question 30

Incident

Answer 30

Is a security event that compromises an information asset's integrity, confidentiality, or availability.

Question 31

Breach

Answer 31

Is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.

Question 32

Assets

Answer 32

Depend on the type of organization; for example, a bank’s asset is its money while the assets of a software company are in its computer code.

Question 33

Vulnerabilities

Answer 33

Exist in both software and hardware. The discovery of such vulnerabilities is only a matter of time.

Question 34

Exploitation

Answer 34

Exploits are the means through which a vulnerability can be leveraged for malicious activity by hackers; these include pieces of software, sequences of commands, or even open-source exploit kits.

Question 35

Risk

Answer 35

Risk is the level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring.

Question 36

Threat

Answer 36

Is any circumstance or event that can adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and denial of service; also, the potential for a threat source to successfully exploit a particular information system vulnerability.

Question 37

Pen-test

Answer 37

Is the method of employing hacker tools and techniques to evaluate security and implemented controls. Another way of understanding a pen test is to discover both known and unknown vulnerabilities.

Question 38

Defense-in-Depth

Answer 38

Is an information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization.

Question 39

Security controls

Answer 39

Include safeguards, measures, or steps taken to avoid, transfer, mitigate, reduce, or share the risks to organizational assets

Question 40

Penetration Testing

Answer 40

Authorized simulated cyberattack on a computer system or network designed to check for exploitable vulnerabilities, Purposes is to test simulate a cyber attack on an orgainizatins infursture and services, devices and any vector that can be expoited.

Question 41

4 Types of penetration testing

Answer 41

Internal, External Web Application and mobile application

Question 42

Internal pen test

Answer 42

A Penetration tester will assume the role of an ontruder in an internal network

Question 43

External pen test

Answer 43

A Penetration tester will examine publicly available information about the organization or any publicly facing assets, such as cloud servers, mail servers and websites and attempt to breach remotely

Question 44

Web Application pen test

Answer 44

A penetration tester will gather information abou the target web applications, fid exploits, and exploit them

Question 45

Mobile appliction pen test

Answer 45

The tester will use various techniques to understand the applications clogic and methods of an operation via tools used for static and dynamic analysis. Siphon information or change the app's behavior

Question 46

Local Area Network (LAN)

Answer 46

Connects users and end devices located in a small geographical area

Question 47

Metropolitan Area Networking (MAN)

Answer 47

Spans across a city or a metropolitan area

Question 48

Wide Area Network (WAN)

Answer 48

A collection of LANs spread over a large geographical area

Question 49

Cybersecurity threats and attacks against the network aim to compromise the

Answer 49

confidentiality, integrity, and availability of network communication

Question 50

Confidentiality

Answer 50

Ensures that only intended recipients can read the data

Question 51

Integrity

Answer 51

Assures that the data has not been altered during transmission

Question 52

Availability

Answer 52

Assures that authorized users maintain timely and reliable access to data

Question 53

Network Attacks

Answer 53

They aim is to manipulate or damage network infrastructure

Question 54

Data in transit

Answer 54

"Moving from one location to another. Confidentiality, integrity, and availability must be maintained when data is being transmitted. Considered less secure due to transmission exposure across public or private networks Data in transit is secured by means of encryption. Transmission media also impacts the security of data in transit (fiber vs. copper vs. wireless)."

Question 55

Data at Rest

Answer 55

Inactive data - Potentially less vulnerable than data in transit . Data that is being stored or archived

Question 56

Data in Use

Answer 56

Data that is being actively processed

Question 57

How can you secure Data in Transit

Answer 57

Use a VPN to provide both data privacy and integrity. Implement secure protocols to reduce the risk of data tampering or loss. Automate detection of unintended data access

Question 58

Segmentation

Answer 58

Dividing networks into multiple segments or zones

Question 59

Segregation

Answer 59

Implementing rules to control communication between specific hosts, services, or subnets

Question 60

Firewalls

Answer 60

Bidirectionally implementing both segmentation and segregation. Secures traffic coming into the network. Build rules to block. s a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

Question 61

Physical Segmentation

Answer 61

Involves placing devices in a separate, physical location

Question 62

Logical Segmentation

Answer 62

Involves using virtual local area networks (VLANS) to group devices regardless of physical location

Question 63

Segmentation for Network Security benefits

Answer 63

Ability to control who has access to the network and its resources. Prevent security attacks or exploits from spreading throughout the network

Question 64

Demilitarized Zone (DMZ)

Answer 64

Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.

Question 65

Zero Trust

Answer 65

Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Question 66

Security Control Categories

Answer 66

Administrative – guidance rules, Technical – Hardware and software implemented as security controls, Physical – Protects personnel, data, hardware from physical threats

Question 67

Administrative

Answer 67

Guidance, rules, and implementation procedures; also includes operational controls

Question 68

Technical

Answer 68

Hardware and software that are implemented as security controls

Question 69

Physical

Answer 69

Protects personnel, data, and hardware from physical threats

Question 70

Wireless Network

Answer 70

Uses radio frequencies rather than cables or wires Advantages access easy to install. Disadvantages Security, Bandwidth, Speed and Interference

Question 71

Wireless Attacks

Answer 71

DOS, Rogue Access Points, Evil Twin

Question 72

Closed source

Answer 72

Describes software that gives the end user little to no access to the source code and limited freedom to change and implement that software based on a very restrictive license compared to open-source licenses. Examples: Microsoft, UNIX, IBM z/OS

Question 73

Linux kernel

Answer 73

 Foundational Linux component responsible for the low-level interface between an operating system and hardware

Question 74

Bootloader

Answer 74

Code run by a computer after it starts. The bootloader can then be pointed to the Linux kernel on storage/disk to start the Linux kernel (i.e., bootstrapping).

Question 75

Drivers

Answer 75

Software that makes computer devices available for use by applications. File system drivers “present” the filesystem to applications that save files.

Question 76

Network

Answer 76

Allows applications to communicate from a computer to other computers over wired (Ethernet) and wireless networks (IEEE 802.11)

Question 77

Linux Security Modules (LSM)

Answer 77

Primarily designed as enhanced access control mechanisms called mandatory access control (MAC); includes AppArmor, SELinux, Smack, and TOMOYO. Do not confuse this MAC with the layer 2 media access control addresses in Ethernet. 

Question 78

Processes, instances, and threads

Answer 78

Hardware resources and “time” to run (i.e., an instance) allocated by an operating system when code is run. This process can perform multiple activities, which are known as threads.

Question 79

Sessions

Answer 79

Consists of a group of processes. When users log in, applications and services (known as daemons) are instantiated and grouped into process groups.

Question 80

tty, pty

Answer 80

Teletype and pseudo-teletype; terminal types used for interactive CLI and GUI applications

Question 81

Service (daemon)

Answer 81

A process that involves no interaction with a user

Question 82

Applications

Answer 82

Any process that the user can interact with

Question 83

Password

Answer 83

A series of characters known by a user and used in conjunction with user accounts to assure a user’s identity

Question 84

Login prompt

Answer 84

Triggers applications and services (daemons) to instantiate and group into process groups when a user logs in

Question 85

Command-line interface (CLI)

Answer 85

A user interface that allows for typing commands within a Linux system; starts on bootup or launches from the graphical user interface (GUI) via the terminal emulator application

Question 86

Graphical user interface (GUI)

Answer 86

A user interface that provides interaction with a windowed environment to launch applications with a pointing device (e.g., a mouse); generally starts on bootup

Question 87

GNU Core Utilities (coreutils)

Answer 87

A foundational Linux component that provides common commands integrated with the command-line interface (CLI). The coreutils package contains many common commands that include but are not limited to ls, mv, cp, touch, cat, and pwd

Question 88

X server

Answer 88

 A foundational Linux distro component that provides a graphical user interface (GUI)

Question 89

Package management

Answer 89

A foundational component that provides software and service installation, updates, and removal

Question 90

Client

Answer 90

Requests resources or services from a server

Question 91

Server

Answer 91

Provides resources or services for a client

Question 92

Protocols

Answer 92

Used by computer systems to agree on how to communicate with one another over a network

Question 93

Vulnerabilities

Answer 93

Weakness in software or a system

Question 94

Threats

Answer 94

Actor that seeks to exploit vulnerabilities

Question 95

Exploits

Answer 95

An action taken by an actor to compromise a system by using vulnerabilities

Question 96

Ransomware

Answer 96

Malware used to deprive organizations of access to their information until they pay a ransom

Question 97

C&C

Answer 97

Command and control or C2; refers to systems that control already infected systems (bots) to launch various attacks (e.g., a DDoS or a coin-mining operation)

Question 98

Bot

Answer 98

 A system infected by malware that allows for remote command and control (C&C) of the infected systems

Question 99

Worms

Answer 99

(self replicate) Malware that propagates by detecting other systems on a network with specific vulnerabilities and then by replicating its code on the system to exploit those vulnerabilities

Question 100

Shellshock

Answer 100

A vulnerability that existed for 30 years before being noticed in 2014; remains an enterprise threat. Shellshock exploits a BASH vulnerability to provide an attacker with elevated privileges that they would not have otherwise. BASH (Bourne Again Shell)

Question 101

Distributed Denial of Service (DDoS)

Answer 101

An attack that uses C&C and bots to send traffic to systems that overwhelm those systems

Question 102

Access Control

Answer 102

Weak passwords, users and superuser access, and a lack of limits on who can log on to Linux systems and services,

Question 103

Permissions

Answer 103

Unauthorized users with access to sensitive files, information, system areas

Question 104

Vulnerability

Answer 104

Unintended weakness or flaws that could be exploited or triggered through a variety of means.

Question 105

Linux file system

Answer 105

A collection of organized files on a hard drive or partition. A partition is a memory section containing specialized data. The memory may be partitioned in several ways on a computer.

Question 106

ext4

Answer 106

(extended file system) is a file system for the Linux kernel.

Question 107

JFS

Answer 107

A journaling file system (JFS) is a file system created by IBM for Unix. It was actually created as a replacement for the ext file system. It is a valuable file system when minimal CPU power is available.

Question 108

XFS

Answer 108

The XFS file system was created as a high-speed JFS for simultaneous I/O processing. NASA still uses this file system for its vast storage servers, which contain more than 300/terabyte servers.

Question 109

Regular Files

Answer 109

The regular file is one of the most frequent file types on Linux. It manages all file types, including text files, pictures, binary files, etc.

Question 110

Directories

Answer 110

The directory is the second most used file type in Linux. These files contain conventional files/folders and particular files.

Question 111

Ifconfig

Answer 111

ifconfig is a command line interface tool for network interface configuration. It is also used to initialize an interface at system boot time. Once a server is up and running, it can be used to assign an IP address to an interface and enable or disable the interface on demand.

Question 112

Ping

Answer 112

The ping command sends data packets to a particular IP address (or domain) on a network and measures how long it takes to receive a response.

Question 113

Traceroute

Answer 113

It traces the route of a data packet as it travels over the Internet between one computer to its destination. Traceroute reveals the locations where the connection is slow or unavailable.

Question 114

Netstat

Answer 114

Display networking statistics (TCP/IP). It displays active TCP connections, Ethernet statistics, ports on which the computer is listening, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols).

Question 115

Host

Answer 115

Print or set a host name or address. The host command finds the name for an IP or the IP for a name in IPv4 or IPv6. It also queries DNS records.

Question 116

Application

Answer 116

A program built to allow a user to perform a specific function or set of functions on a computer including mobile devices, desktops, tablets, smart devices, automobiles, manufacturing systems, etc.

Question 117

Process

Answer 117

A computer program is a passive collection of instructions, whereas a process is the execution of those instructions. The process is what makes the application perform something.

Question 118

Service

Answer 118

A service is a local implementation in software. A service is typically built into the operating system and not intended for user interaction.

Question 119

Application

Answer 119

A program built to allow a user to perform a specific function or set of functions on a computer including mobile devices, desktops, tablets, smart devices, automobiles, manufacturing systems, etc.

Question 120

Burp Suite

Answer 120

A proxy tool created by PortSwigger that is used extensively in application penetration testing

Question 121

Desktop Application

Answer 121

Usually designed for more significant tasks compared to mobile applications, with more processing resource needs and options for outputs and interactions within the system and for external programs or application processing interfaces (APIs)

Question 122

Mobile Application

Answer 122

Software optimized for use on a mobile device, often with functionalities specific to a handheld device (GPS location/motion, camera, voice). It can be run only on a desktop computer through an emulator

Question 123

OWASP

Answer 123

The Open Web Application Security Project is a nonprofit, community-driven organization dedicated to training, research, and improvements in application security.

Question 124

OWASP Top 10

Answer 124

A list of the top 10 vulnerabilities published by OWASP every few years, which combines data from actual breaches, alerts, reports, and community feedback

Question 125

Progressive Web Application

Answer 125

A desktop application coded to work in both mobile and desktop formats from a single code base, adjusting visually when interacting on a mobile device

Question 126

Server-Side Request Forgery

Answer 126

An SSRF attack that uses malformed URLs to access, read, and possibly impact server resources