Module 2 Flashcards

1
Q

What is the goal of threat management?

A
  • To take the appropriate steps needed to minimize hostile cyber actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is penetration testing? What is the first step of pen testing?

A
  • Type of test that attempts to exploit vulnerabilities just as a threat actor would.
    • First step is Planning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why must a penetration test be used rather than just a scan of network defenses?

A
  • Pen testing can find deep vulnerabilities using manual techniques that follow the thinking of threat actors
    • Scanning can only find surface level problems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the benefit of using internal employees for pen testing? What are the disadvantages?

A

Advantages: Cheaper, faster, and the employees get training in awareness of security risks

Disadvantages: Employee insider knowledge, Lack of expertise on pen testing, and reluctance to reveal vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the different penetration testing war game teams?(hint 4)

A
  • Red Team: Attacker-Scans then exploits vulnerabilities
  • Blue Team: Defenders-Monitors for red team attacks and shores up defenses
  • White Team: Referees-Enforces the rules of the pen testing
  • Purple Team: Bridge-Provides real time feedback between red and blue teams to enhance the testing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the advantages of using a third-party pen testing consultant? What are the disadvantages?

A

Advantages: More expertise, Credentials/certifications (more qualified), More experienced, Focused which results in expert security services

Disadvantages: Contractor now has learned about organization’s network vulnerabilities and sensitive information

  • Most pen testing contracts have a nondisclosure agreement (NDA) for this purpose
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the different levels of penetration testing used by external consultants? (Hint 3)

A

Black Box: Testers have no knowledge of the network and no special privileges. Task is to penetrate the network

Gray Box: Testers are given limited knowledge of network and some elevated privileges. Task is to focus on systems with greatest risk and value to the organization

White Box: Testers are given full knowledge of the network and source code of applications. Task is to identify potential points of weakness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a bug bounty?

A

Monetary reward given for uncovering a software vulnerability.

  • Uses crowdsourcing to have many people giving their input on a project
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the rules of engagement? What are the elements of rules of engagement? (hint 7)

A

Limitations or parameters in a penetration test. Categories include:

  • Timing: Parameter sets when the testing will occur
  • Scope: Elements that define the relevant test boundaries (Boundaries include what will the environment, internal targets, external targets, target locations, and other boundaries will be)
  • Authorization: Receipt or prior written approval to conduct the pen test.
  • Exploitation: What vulnerabilities should be exploited
  • Communication: Pen tester should communication about the following: Initiation of pen test, incident response, status of the test, and any emergency vulnerabilities
  • Cleanup: Ensuring pen test has been removed (i.e software, scripts, etc)
  • Reporting: Report on objectives, methods, results, and vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the two phases of action that are performed in a penetration test?

A

Phase 1: Reconnaissance

Phase 2:Penetration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explain what Phase 1 is of penetration testing:

A

Phase 1: Reconnaissance:

  • Black and gray box testers perform preliminary information gathering outside the organization, called footprinting.
  • Testers gather information using:
    • Active reconnaissance (examples of this include war driving and war flying)
    • Passive reconnaissance (examples include open source intelligence (OSINT) (online searching))
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Explain what phase 2 is of penetration testing:

A

Phase 2: Penetration

  • There are several steps a threat actor follows:
  1. Conduct reconnaissance looking for vulnerabilities
  2. Gain access to the system through the vulnerability
  3. Privilege escalation: Moving to more advanced resources
  4. Threat actor looks for additional systems they can access from their elevated position (lateral movement)
  5. Install tools on compromised systems to gain deeper network access
  6. Install backdoor allowing them repeated and long-term access to the system
  7. Continue to probe until they find their ultimate target and perform their intended malicious action
  • Threat actors initial compromised system is a gateway to other systems that is their goal. Called Pivot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a vulnerability scan?

A

A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the main difference between a vulnerability scan and penetration test?

A

Vulnerability Scan is continuous while penetration tests identify deeper vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why can’t vulnerability scans be conducted all the time?

A
  • Workflow interruptions: impacts/slows down response time of systems
  • Technical constraints: limitations to how frequently scans can be done depending on size of network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an asset inventory?

A

A list of all significant assets in a system to make make better use of vulnerability scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a configuration review?

A
  • Examination of the software settings for a vulnerability scan
    • Ex: Sensitivity level or depth of the scan, intended goals of the scan, data types to be scanned, what target devices will be scanned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a credentialed scan?

A

A scan in which valid authentication credentials, such as usernames and passwords, are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a non-credentialed scan?

A

A vulnerability scan that provides no authentication information to the tester.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is an intrusive scan?

A

A scan that attempts to employ any vulnerabilities which it finds, much like a threat actor would.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a nonintrusive scan?

A

A vulnerability scan that does not attempt to exploit the vulnerability but only records that it was discovered.

22
Q

Name a popular vulnerability feed:

A

Common Vulnerabilities and Exposures (CVE): Identifies vulnerabilities in operating systems and application software

23
Q

What is the Common Vulnerability Scoring System (CVSS)?

A

A numeric rating system of the impact of a vulnerability

24
Q

What is a false positive?

A

Raising an alarm when there is no problem in a vulnerability scan

25
Q

What is a false negative?

A

Failure to raise an alarm when there is a problem in a vulnerability scan

26
Q

What is a log and what can log reviews be used for?

A
  • A record of the events that occurred in a vulnerability scan
    • Log reviews can be used to identify false positives
27
Q

What is Security Information and Event Management (SIEM)? What are some of the features of a SIEM?

A

A tool that consolidates real-time security monitoring and management of security information with analysis and reporting of security events.

  • Features: Aggregation, Correlation, Automated alrting and triggers, time synchronization, event duplication, and logs
  • SIEMs perform user behavior analysis (how users interact with systems)
  • SIEMs perform sentiment analysis: (identifying and categorizing options)
28
Q

What is Security Orchestration, Automation, and Response (SOAR)?

A

A tool designed to help security teams manage and respond to the very high number of security warnings and alarms by combining comprehensive data gathering and analytics in order to automate incident response.

29
Q

What is threat hunting?

A
  • Proactively searching for cyber threats that thus far have gone undetected in a network.
  • Premise that threat actors are already infiltrated in the network
    • Investigates cybersecurity threat feeds and information from a fusion center (repository of information)
30
Q

What is a cybersecurity framework?

A

A series of documented processes used to define policies and procedures for implementation and management of security controls in an enterprise environment.

31
Q

What is the NIST cybersecurity framework’s core elements? (hint 4)

A

Functions: Most basic cybersecurity task (ex identify, protect, detect)

Categories: Tasks to be carried out for each of the five functions

Subcategories: Tasks or challenges associated with each category

Information Sources: The documents or manuals that detail specific tasks for users and explain how to accomplish the tasks

32
Q

What are the three basic parts of the NIST cybersecurity framework?

A
  1. Framework Core: defines activities needed to attain different cybersecurity results
  2. Implementation tiers
  3. Profiles: Current status of organization’s cybersecurity measures and the “road maps” toward compliance with the NIST framework
33
Q

What are two widely used NIST frameworks?

A
  1. Risk Management Framework (RMF): Helps organizations assess and manage risks to their information and systems
  2. Cybersecurity Framework (CSF): Measuring stick companies can use to compare their cybersecurity practices to the threats they face
34
Q

What is the International Organization for Standardization (ISO)?

A
  • Created a wide array of cybersecurity standards
  • ISO 27001, ISO 27002, ISO 27701, and ISO 31000 are different standards and codes under this organization
35
Q

What is the American Institute of Certified Public Accountants (AICPA)?

A

national professional organization for Certified Public Accountants (CPAs) in the United States.

  • There are two services offered here:
    • SSAE SOC 2 Type II
    • SSAE SOC 2 Type III
36
Q

What is the Center for internet security (CIS) ?

A
  • A nonprofit community-driven organization.
    • Created two recognized frameworks
37
Q

What is the Cloud Security Alliance (CSA)?

A

Organization whose goal is to define and raise awareness of best practices to help secure cloud computing environments

  • It’s cloud controls matrix is a framework for cloud-specific security controls
38
Q

What are regulations?

A
  • Typically developed by established professional organizations or government agencies using the expertise of seasoned security professionals
  • Common set of regulations under continual review and revision
39
Q

What is a standard?

A
  • Document approved through consensus by a recognized standardization body
    • Provides for frameworks, rules, guidelines,etc
40
Q

What is Payment Card Industry Data Security Standard (PCI DSS)?

A

A compliance standard to provide a minimum degree of security for handling customer card information.

41
Q

What are Benchmark/secure configuration guides?

A
  • Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
    • These are usually platofrm/vendor specific guides that only apply to specific products
41
Q

What are Benchmark/secure configuration guides?

A
  • Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
    • These are usually platofrm/vendor specific guides that only apply to specific products
41
Q

What are Benchmark/secure configuration guides?

A
  • Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
    • These are usually platofrm/vendor specific guides that only apply to specific products
41
Q

What are Benchmark/secure configuration guides?

A
  • Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
    • These are usually platofrm/vendor specific guides that only apply to specific products
42
Q

What are Benchmark/secure configuration guides?

A
  • Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
    • These are usually platofrm/vendor specific guides that only apply to specific products
43
Q

What are Benchmark/secure configuration guides?

A
  • Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
    • These are usually platform/vendor specific guides that only apply to specific products
43
Q

What are Benchmark/secure configuration guides?

A
  • Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
    • These are usually platofrm/vendor specific guides that only apply to specific products
44
Q

What are Requests for comments (RFCs)?

A

White papers documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas

45
Q

What are some common cybersecurity data feeds?

A
  • Vulnerability feeds
  • threat feeds
46
Q

What is the adversary tactics, techniques, and procedures (TTP)?

A

A database of the behavior of threat actors and how they orchestrate and manage attacks.