Module 1 - Introduction to Security

Question 1

What are the 3 reasons that a legacy platform has not been updated?

Answer 1

1) limited hardware capacity
2) an application only operates on a specific OS version
3) neglect

Question 2

What category of threat actors use advanced persistent threats (APTs)?

Answer 2

state actors

typically governments are increasingly employing their own state-sponsored attackers for launching cyber attacks against their foes, state actors are often involved in multiyear intrusion campaigns targeting highly sensitive economic, proprietary, or national security information

Question 3

What category of threat actors have the lowest level of technical knowledge?

Answer 3

script kiddies

are individuals who want to perform attacks yet lack the technical knowledge to carry them out; they do their work by downloading freely available automated attack software (scripts) and use it to perform malicious acts

Question 4

Complete this definition of information security: that which protects the integrity, confientiality, and availability of information….

Answer 4

through products, people and procedures on the devices that store, manipulate, and transmit the information

information security is first protection; secondly information security is intended to protect information that provides value to people and enterprises; thirdly information security is to protect the integrity, confidentiality, and availability of information on devices that store, manipulate, and transmit information

Question 5

Which type of attacker will probe a system for weaknesses and then privately provide that information back to the organization?

Answer 5

white hat hackers

Question 6

Which component of the CIA triad ensures that only authorized parties can view protected information?

Answer 6

availability

information has value if the authorized parties who are assured of its integrity can access the information; availability ensures that data is accessible to only authorized users and not to unapproved individuals

Question 7

The first cyber attacks were mainly performed for what purpose?

Answer 7

Fame

the very first cyber attacks were mainly for the threat actors to show off their technology skills; however that soon gave way to threat actors with the focused goal of financial gain (fortune)

Question 8

What is NOT true regarding the goal/outcome of security?

Answer 8

security is a war that must be won at all costs

the goal is not achieving complete victory but instead maintaining equilibrium as attackers take advantage of a weakness in a defense; defenders must respond with an improved defense; information security is an endless cycle between attacker and defender

Question 9

What term is not used to describe those who attack computer systems?

Answer 9

hacker

in the past, hacker referred to a person who used advanced computer skills to attack computers; because that title often carried a negative connotation, it has been qualified in an attempt to distinguish between different types of attackers

Question 10

Which component of the CIA triad ensures that information is correct and no unauthorized person has altered it?

Answer 10

integrity

integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data

Question 11

What is true regarding the relationship between security and convenience?

Answer 11

security and convenience are inversely proportional

the more secure something is, the less convenient something may become to use

Question 12

After Bella earned her security certification, she was offered a promotion. She saw that in this position she will report to the CISO and supervise a group of security technicians. Which security position has she been offered?

Answer 12

security manager

the security manager reports to the CISO and supervises techs, admins, and security staff; typically a security manager works on tasks identified by the CISO and resolves issues identified by technicians; this position requires an understanding of configuration and operation but not necessarily technical mastery

Question 13

What is the term used to describe the connectivity between an organization and a third party?

Answer 13

system integration

typically part of third party where a company needs to connect with a separate company’s network in order to perform business functions/transactions; some of the time the two company’s networks do not integrate seamlessly and require “work-arounds” which can lead to vulnerabilities

Question 14

How do vendors decide which should be the default settings on a system?

Answer 14

those settings that provide the means by which the user can immediately begin to use the product

Question 15

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?

Answer 15

brokers

individuals who uncover weaknesses do not report it to the software company but instead sell the vulnerability to the highest bidder

Question 16

List some recognized attack vectors.

Answer 16

1) email - 94% of all malware is delivered via email
2) wireless - can be intercepted
3) removable media - plugging in random thumb drive embedded with malware
4) direct access
5) social media
6) supply chain - very difficult to defend given the nature of the global economy

Question 17

What is typically not an issue with patching?

Answer 17

patches addressing zero-day vulnerabilities

1) firmware is difficult to patch, if at all
2) outside of major OS updates, patches for apps are uncommon
3) delays in patching - when an update is available the update may cause an app to not run properly so a business delays updating until it can tweak the business app to work with the new update

Question 18

What are vulnerabilities associated with legacy platforms?

Answer 18

a legacy platform is no longer in widespread use, often because it has been replaced by a updated version of the earlier technology; although legacy hardware introduces some vulnerabilities, more often vulnerabilities result from legacy software, such as an OS or program

for a variety of reasons - limited hardware capacity, an application that only operates on a specific OS version or even neglect - an OS may not be updated, thus depriving it of these security fixes

Question 19

What are vulnerabilities associated with improper or weak patch management?

Answer 19

as important as patches are they can create vulnerabilities

• difficulty patching firmware (software embedded into hardware); updating firmware can often be difficult and requires specialized steps
• few patches for application software outside of major OS updates apps are not updated after
• delays in patching OS - companies with system apps will delay deploying a patch if the patch causes the app to not function properly

Question 20

What are vulnerabilities associated with data storage?

Answer 20

data storage can be considered a 3rd party vulnerability because many organizations rely on 3rd party data storage; this helps to reduce the capital expenditures associated with purchasing, installing and managing new storage hardware and software but also can provide remote access to employees from almost any location

Question 21

What are vulnerabilities associated with outsourced code?

Answer 21

outsourced code development serves as a 3rd party vulnerability because organization who outsource code development cannot closely monitor the code development and/or do not have the required technical knowledge to identify potential malware in the delivered code

Question 22

What are some vulnerabilities associated with supply chain?

Answer 22

supply chains serves as 3rd party vulnerabilities; the fact that products move through many steps in the supply chain while some steps are not closely supervised, this has opened the door for malware to be injected into products during their manufacturing or storage ie. supply chain infections

Question 23

What are some vulnerabilities associated with vendor management?

Answer 23

vendor management is the process organizations use to monitor and manage the interactions with all of their external 3rd parties

system integration is the connectivity between the organization and a 3rd party vendor; this can cause vulnerability because the systems are often not compatible and require work-arounds; another vulnerability can arise because not all organizations are equipped with the expertise to handle the system integration (lack of vendor support)

the principle of the weakest link often is the major risk in working with 3rd parties

Question 24

List and explain the seven weak configurations that can lead to vulnerabilities.

Answer 24

• default settings: are predetermined for usabliity and ease of use so the user can use the product immediately ex) route comes with default password that is widely known
• open ports and services: devices and services are often configured to allow the most access so that the user can close ports that are specific to that organization ex) firewall comes with FTP ports 20 & 21 open
• unsecured root accounts: a root account can give unfettered access to all resources
• open permissions: open permissions are user access over files that should be restricted
• unsecure protocols: configuration uses protocols for telecommunications that don’t provide adequate protections
• weak encryption: users choosing a known vulnerable encryption mechanism
• errors: human mistakes in selecting one setting over another without considering the security implications

Question 25

What is zero-day vulnerability?

Answer 25

zero-day vulnerabilities are considered extremely dangerous because systems are open to attack with no specific patches available

this happens when a threat actor finds a vulnerability before the developer has been made aware of the vulnerability

Question 26

What are some of the vulnerabilities associated with On-Premises Platforms versus Cloud Platforms?

Answer 26

for on-premise platforms vulnerabilities include misconfiguration of resources due to the addition of new servers, software added during growth along with numerous entry points (USB drives, wireless network transmissions, mobile devices, and email)

for cloud platforms the vulnerabilities are most often based on misconfigurations by company personnel; cloud resources are accessible from virtually everywhere putting them under constant threat

Question 27

What are the 7 attack vectors covered in the book?

Answer 27

1) email
2) wireless
3) removable media
4) direct access
5) social media
6) supply chain
7) cloud

Question 28

What are COMPETITORS in reference to threat actors?

Answer 28

a category of threat actor where employees become frustrated with the slow pace of acquiring technology so they purchase and install their own equipment or resources in violation of company policies

can cause weaknesses in the network because the equipment may not be configured properly

Question 29

What are BLACK, WHITE, and GRAY HAT hackers?

Answer 29

a BLACK HAT HACKER is a threat actor who violates computer security for personal gain or to inflict malicious damage

a WHITE HAT HACKER is a threat actor who attempts to probe a system for weaknesses and then privately provide that information back to the organization

a GRAY HAT HACKER is a threat actor who attempts to break into a computer system without the organizations permission but not for their own advantage; instead they publicly disclose the attack in order to shame the organization into taking action

Question 30

What are script kiddies?

Answer 30

script kiddies are a category of threat actor who want to perform attacks yet lack the technical knowledge to carry them out

they do their work by downloading freely available automated attack software (scripts) and use it to perform malicious acts

Question 31

What are hacktivists?

Answer 31

a category of threat actor that are strongly motivated by ideology

types of attacks include changing contents of a website to make a political statement

today many hacktivists work through disinformation campaigns by spreading fake news and supporting conspiracy theories

Question 32

What is a state actor?

Answer 32

a category of threat actor that are sponsored by government for launching cyber-attacks

many security researchers believe state actors might be the deadliest category of threat actor

they are highly skilled and have much more resources than the other categories of threat actors

Question 33

What is an insider threat?

Answer 33

a category of threat actor that comes from a company’s own employees, contractors, and business partners

Question 34

What are the principles of social engineering?

Answer 34

social engineering if effective because of 7 principles:

1) authority - to impersonate an authority figure or falsely cite their authority
2) intimidation - to frighten and coerce by threat
3) consensus - to influence by what others do
4) scarcity - to refer to something in short supply
5) urgency - to demand immediate action
6) familiarity - to give the impression the victim is well known and well received
7) trust - to inspire confidence

Question 35

What are influence campaigns and give two examples.

Answer 35

influence campaigns are a social engineering attack use to sway attention and sympathy in a particular direction

ex1) social media influence campaign
ex2) hybrid warfare influence campaign

probably the most well known social influence campaign was the 2016 presidential election

Question 36

What is impersonation in reference to information security?

Answer 36

a type of social engineering where a threat actor masquerades as a real of fictitious character and then playing the role of that person with the victim

Question 37

What is typo-squatting?

Answer 37

a type of social engineering where a threat actor purchases the domain names of sites that are spelled similarily to actual sites

an example is a threat actor purchasing the domain name www.gooogle.com (too many “o’s”)

Question 38

What is a hoax in reference to information security?

Answer 38

a hoax is a false warning often contained in an email message claiming to come from the IT department; threat agents can use hoaxes as a first step in an attack

an example is an email seemingly from the IT department that a virus is circulating through the internet and that the victim should erase specific files or change security settings

Question 39

What is a watering hole attack?

Answer 39

a type of social engineering attack that is directed toward a smaller group of specific individuals such as executives; an attacker who wants to target these individuals tries to determine the common website that they frequent and then infects the site with malware that will make its way on to the groups computers

Question 40

What is an Advanced Persistent Threat (APT)?

Answer 40

a category of threat actor that use innovative tools (advanced) and once a system is compromised, they silently extract data over an extended period of time (persistent)

APTs are most commonly associated with state actors

Question 41

What is reconnaissance?

Answer 41

a social engineering technique where a threat actor gathers information about a potential victim; the more information that can be gathered the more likely the threat actor will appear genuine

Question 42

What is credential harvesting?

Answer 42

a part of reconnaissance in social engineering where a threat actor gathers information on a victim, usually through social media and the internet so that the threat actor can appear genuine

Question 43

What are invoice scams?

Answer 43

a type of phishing attack where the attack sends a fake invoice for a late payment to a victim and the victim, in haste, makes/ authorizes the payment

Question 44

What is Identity Fraud?

Answer 44

also known as impersonation, is a type of social engineering where a threat actor masquerades as a real or fictitious character and then playing that role with a victim

an example is a threat actor impersonating a help desk technician who calls a victim and pretends there is a problem with the network and elicits information from the victim

Question 45

What is prepending?

Answer 45

a social engineering technique which tries/attempts to influence the subject before the event occurs

an example is a preview of a soon-to-be-released movie that begins with the state, “The best film you will see this year!”

Question 46

What is whaling?

Answer 46

a type of spear phishing that targets wealthy individuals

Question 47

What is eliciting information?

Answer 47

means to gather information by relying on the weaknesses of individuals; is a part of social engineering

Question 48

What is tailgating?

Answer 48

occurs when an authorized person opens a door to enter a secure facility and one or more individuals follows behind and also enters

Question 49

What is pharming?

Answer 49

a redirection technique where an attacker attempts to exploit how a URL is converted into its corresponding IP address; a threat actor may install malware on a user’s computer that redirects traffic away from its intended target to a fake website

Question 50

What is shoulder surfing?

Answer 50

is an alternative to tailgating; shoulder surfing is a technique that can be used in any setting that allows an attacker to casually observe someone entering secret information by standing behind and looking over the victim’s shoulder

Question 51

What is dumpster diving?

Answer 51

a type of social engineering that involves digging through trash receptacles to find information that can be useful in an attack

Question 52

What is spear phishing?

Answer 52

whereas phishing involves sending millions of generic email messages to users, spear phishing targets specific users; the emails used in spear phishing are customized to the recipients, including their names and personal information to make the messages appear legitimate

Question 53

What is Spam Over Internet Messaging (SPIM)?

Answer 53

SPIM is spam sent/delivered through instant messaging instead of email

Question 54

What is SPAM?

Answer 54

SPAM is unsolicited email that is sent to a large number of recipients

Question 55

What is Vishing?

Answer 55

instead of using email to contact a potential victim, the threat actor uses a phone call

Question 56

What is Smishing?

Answer 56

smishing is variation of vishing that uses short message service (SMS) text messages and callback recorded phone messages

Question 57

What is Phishing?

Answer 57

Phishing is send an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action

it is one of the most common forms of social engineering