Module 2

Question 1

What is risk?

Answer 1

Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance
or event occurs; and (ii) the likelihood of occurrence.

Question 2

What is residual risk?

Answer 2

Residual risk: portion of risk remaining after security measures have been applied

Question 3

What is NIST’s phases and descriptions?

Answer 3

NIST Cybersecurity Framework (CSF) phases and descriptions:
● Govern: Covers people, process, and technology elements. It includes roles,
responsibilities, policies, procedures, and oversight, in addition to the technology
● Identify: Asset management, business environment, governance, risk assessment,
risk management strategy
● Protect: Access control, awareness training, data security, information protection
processes and procedures, maintenance, protective technology
● Detect: Anomalies and events, security continuous monitoring, detection processes
● Respond: Response planning, communications, analysis, mitigation, improvements
● Recover: Recovery planning, improvements, communications

Question 4

What does govern mean?

Answer 4

Govern: Covers people, process, and technology elements. It includes roles,
responsibilities, policies, procedures, and oversight, in addition to the technology

Question 5

What does identify mean?

Answer 5

Identify: Asset management, business environment, governance, risk assessment,
risk management strategy

Question 6

What does protect mean?

Answer 6

Protect: Access control, awareness training, data security, information protection
processes and procedures, maintenance, protective technology

Question 7

What does detect mean?

Answer 7

Detect: Anomalies and events, security continuous monitoring, detection processes

Question 8

What does respond mean?

Answer 8

Respond: Response planning, communications, analysis, mitigation, improvements

Question 9

What does recover mean?

Answer 9

Recover: Recovery planning, improvements, communications

Question 10

What is risk framing?

Answer 10

Risk framing: The set of assumptions, constraints, risk tolerances, and
priorities/trade-offs that shape an organization’s approach for managing risk

Question 11

What does assessing risk mean?

Answer 11

Assessing risk: Identifying, prioritizing, and estimating the risks to corporate assets.

Question 12

What is responding to risk?

Answer 12

Responding to risk: Organization determines the appropriate approach to
addressing an identified risk.

Question 13

What is monitoring risk?

Answer 13

Monitoring risk: Monitoring the effectiveness of implemented risk controls and compliance-focused measures.

Question 14

What is RMF?

Answer 14

RMF: A structured approach used to oversee and manage risk for an enterprise.

Question 15

What is an assest?

Answer 15

Asset: An item of value to stakeholders.

An asset may be tangible (e.g., a physical item such as hardware, firmware, computing platform, network device, or other technology component) or intangible (e.g., humans, data, information, software, capability, function, service, trademark, copyright, patent, intellectual property, image, or reputation).

The value of an asset is determined by stakeholders in consideration of loss concerns across
the entire system life cycle. Such concerns include but are not limited to business or
mission concerns.

Question 16

What is a threat?

Answer 16

Threat: Any circumstance or event with the potential to adversely impact organizational
operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

Question 17

What is risk?

Answer 17

Risk: A measure of the extent to which an entity is threatened by a potential
circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.

Question 18

what is vulnerability?

Answer 18

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Question 19

what does exploit mean?

Answer 19

Exploit: a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.

Question 20

What is Rogue access point?

Answer 20

Rogue access point is an unauthorized access point connected to a network.

Question 21

what is ransomware?

Answer 21

Ransomware disables the victim’s access to data until a ransom is paid. (e.g., Ryuk).

Question 22

What does fileless malware mean?

Answer 22

Fileless malware changes files native to the OS (e.g., Astaroth).

Question 23

What is spyware?

Answer 23

Spyware collects user activity data without the user’s knowledge (e.g., DarkHotel).

Question 24

what is adware?

Answer 24

Adware serves unwanted advertisements (e.g., Fireball types of malware and their
characteristics).

Question 25

What is a trojan?

Answer 25

Trojans disguise themselves as desirable code (e.g., Emotet).

Question 26

How does a worm work?

Answer 26

Worms spread through a network by replicating themselves (e.g., Stuxnet).

Question 27

What is a rootkit?

Answer 27

Rootkits give hackers remote control of a victim’s device (e.g., Zacinlo).

Question 28

What is a keylogger?

Answer 28

Keyloggers monitor a user’s keystrokes (e.g., Olympic Vision).

Question 29

what does bots mean?

Answer 29

Bots launch a broad flood of attacks (e.g., Echobot).

Question 30

What is mobile malware?

Answer 30

Mobile malware infects mobile devices (e.g., Triada).

Question 31

What is malware?

Answer 31

Malware is a broad term used to describe malicious software, including spyware,
ransomware, viruses, and worms. Malware breaches a network through a vulnerability,
typically when a user clicks a dangerous link or email attachment that installs risky software.

Question 32

Once inside a system, what does malware do?

Answer 32

Once inside the system, malware can do the following:
● Block access to key components of the network (ransomware).
● Install malware or additional harmful software.
● Covertly obtain information by transmitting data from the hard drive (spyware).
● Disrupt certain components and render the system inoperable.

Question 33

what is phishing?

Answer 33

Phishing involves sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.

Question 34

what is an On-Path attack?

Answer 34

On-Path attacks are also known as eavesdropping attacks, which occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.

Question 35

What are two common points of entry for On-Path attacks?

Answer 35

The following are two common points of entry for On-Path attacks:
1. Attackers can insert themselves between a visitor’s device and the network on
unsecured public Wi-Fi. Without knowing, the visitor passes all information through
the attacker.
2. Once the malware has breached a device, an attacker can install software to process
all of the victim’s information.

Question 36

What are the 5 components of Risk Treatment? Describe…

Answer 36

Risk Treatment:
Accept: Risk is accepted, and no measures are implemented to reduce its probability or
impact.

Avoid: Choose operations that do not lend themselves to a particular risk (e.g., relocating a factory from a region prone to a particular natural disaster to one that is not prone to that disaster).

Mitigate: Implement controls to reduce the probability and impact of the threat/risk
materializing.

Share: Engage others in the operations, so multiple parties assume the risk.

Transfer: Through the purchase of insurance, an organization can transfer risk to another party.

Question 37

What is a computer security incident?

Answer 37

Computer security incident is a violation or imminent threat of violation of computer
security policies, acceptable use policies, or standard security practices.

Question 38

What is an event?

Answer 38

An event is any observable occurrence in a system or network.

Events include a user connecting to a file share, a server receiving a request for a webpage, a user sending email, or a firewall blocking a connection attempt.

Adverse events have negative consequences, such as system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malware that destroys data.

Question 39

what does a central incident response team handle?

Answer 39

Central incident response team handles incidents throughout the organization.

Question 40

What is a distributed incident response team do?

Answer 40

Distributed incident response team may be one of several teams within an organization
with responsibility for a particular logical or physical segment of the organization.

Question 41

What does a coordinating team do?

Answer 41

Coordinating team is an incident response team that provides advice to other teams
without having authority over those teams.

Question 42

What are the phases of incident response/
?

Answer 42

The Phases of Incident Response:
Preparation, Detection and analysis, containment and eradication, post incident activity

● Preparation: By establishing its incident response capability, an organization is ready
to respond to incidents and prevent incidents by ensuring that systems, networks, and applications are sufficiently secure. Although the incident response team is not typically responsible for incident prevention, it is fundamental to the success of incident response programs.

● Detection and analysis: Organizations need to be focused on being prepared to
handle incidents that use common attack vectors. Different types of incidents merit
different response strategies; knowing and preparing for common attack vectors is
very important to success.

● Containment and eradication: With a focus on minimizing the impact of an
incident, containment and eradication strategies provide time for developing a tailored remediation plan. An essential part of containment is decision-making (e.g., shutting down a system, disconnecting it from a network, disabling certain functions).

● Post Incident activity: Learning and improving from an incident improves an
organization’s preparedness for the next attack. Documenting lessons learned and
plans for future action and response plan updates are important post incident
activities.

Question 43

What are the services a Incident Response Team performs?

Answer 43

Intrusion detection: The first tier of an incident response team often assumes
responsibility for intrusion detection. The team generally benefits because it should be poised to analyze incidents more quickly and accurately, based on its knowledge of
intrusion detection technologies.

● Advisory distribution: A team may issue advisories regarding new vulnerabilities
and threats within the organization. Automated methods should be used whenever appropriate to disseminate information; for example, the National Vulnerability Database (NVD) provides information via XML and RSS feeds when new vulnerabilities are added. Advisories are often necessary when new threats emerge, such as a high-profile social or political event (e.g., a celebrity wedding) that attackers are likely to leverage in their social engineering. Only one group within the organization should distribute computer security advisories to avoid duplicated effort and conflicting information.

● Education and awareness: Education and awareness are resource multipliers—the
more the users and technical staff know about detecting, reporting, and responding to incidents, the less drain there should be on the incident response team. This
information can be communicated through many means: workshops, websites,
newsletters, posters, and even stickers on monitors and laptops.

● Information sharing: Incident response teams often participate in information
sharing groups, such as information sharing and analysis centers (ISACs) or regional
partnerships. Accordingly, incident response teams often manage the organization’s
incident information-sharing efforts, such as aggregating information related to
incidents, sharing that information with other organizations, and ensuring that
pertinent information is shared within the enterprise.

Question 44

What is Artificial Intelligence?

Answer 44

Artificial Intelligence: the simulation of human intelligence in machines that are
programmed to think and perform tasks like problem-solving, learning, reasoning, and
decision-making. It involves creating computer systems that can mimic and replicate human cognitive abilities, enabling them to perform tasks that typically require human intelligence.

Question 45

What is AI Narrow Intelligence?

Answer 45

AI Narrow Intelligence: also known as Weak AI, refers to artificial intelligence systems that are designed and programmed to perform specific tasks or solve particular problems with a high level of proficiency.

However, these systems lack general intelligence and are limited in
scope, focusing solely on the predefined task they were designed for. Narrow AI is adept at performing single tasks but cannot adapt or transfer its knowledge to other unrelated tasks.

Question 46

What is AI General Intelligence?

Answer 46

AI General Intelligence: also known as Strong AI, refers to a hypothetical form of artificial intelligence that possesses the ability to understand, learn, and reason across a wide range of tasks and domains, similar to human intelligence.

Unlike Narrow AI, which is specialized in
specific tasks, General AI would have the capacity to apply its intelligence to various new and diverse challenges, exhibiting versatility and adaptability much like a human being. However, as of now, General AI remains a theoretical concept and has not been fully realized in
practice.

Question 47

What is AI Super Intelligence?

Answer 47

AI Super Intelligence: Super Artificial Intelligence could be seen as a hypothetical state where AI systems possess cognitive capabilities far beyond human abilities and can excel in virtually every intellectual task. This level of AI development remains speculative and is often a topic of discussion in science fiction and futurism.

Question 48

What is Machine Learning (ML)?

Answer 48

Machine Learning (ML): Machine Learning is like teaching computers to learn from
experience. It’s a way for computers to use information (or data) they have to make decisions or predictions.

Question 49

What is Robotics?

Answer 49

Robotics: Robotics is about making and using robots, which are machines that can move and do tasks without human help.

Question 50

What is computer vision?

Answer 50

Computer Vision: Computer Vision is when computers can see and understand pictures
and videos like humans do.

Answer 51

Generative AI: refers to a category of artificial intelligence techniques and models designed
to generate new and original content, such as images, text, audio, or videos, based on
patterns and data it has learned from existing examples. Unlike traditional AI systems that
are designed for specific tasks, Generative AI is focused on creativity and generating novel
outputs.: refers to a category of artificial intelligence techniques and models designed to generate new and original content, such as images, text, audio, or videos, based on patterns and data it has learned from existing examples. Unlike traditional AI systems that are designed for specific tasks, Generative AI is focused on creativity and generating novel outputs.