N2K - Flash Cards - Threats, Vulnerabilities, and Mitigations - Compare and Contrast Common Threat Actors and Motivations

1
Q

Which category of threat actor is most likely to have high funding and a high level of sophistication?

A

Nation-State Actors
or
Advanced Persistent Threats (APTs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an insider threat?

A

An employee who uses their access to the network and facility to obtain confidential information or grant access to a malicious actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which two types of threat actor would have the largest amount of resources and/or funding for attacks?

A

Nation/State (or APTs) and organized crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the six categories of threat actors according to the CompTIA Security + blueprint?

A

Nation-State
Unskilled Attacker
Hacktivist
Insider Threat
Organized Crime
Shadow IT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which categories of threat actor are internal to the organization?

A

Insider threats and shadow IT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which threat actor motivation is demonstrated by retaliating against perceived wrongs or grievances, seeking to inflict harm or damage as retribution?

A

Revenge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which threat actor motivation consists of actively targeting individuals and groups based on ideological differences, aiming to advanced or enforce beliefs?

A

Philosophical/political beliefs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is meant by the term data exfiltration?

A

The unauthorized transfer of data from a computer or network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which type of threat actor is MOST likely to be motivated by monetary gain?

A

Organized Crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of threat actors typically have an unsophisticated skill level and rely on tools that are widely available on the internet?

A

Script Kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which category of threat actor is most likely to be trying to make a political statement?

A

Hacktivist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which threat actor motivation is exemplified by creating disorder, destabilizing systems, or causing harm to create confusion and disorder?

A

Disruption/Chaos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which category of threat actor is most likely to be acting out of a grievance against the organization?

A

Insider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of threat describes when an employee steals another employee’s password?

A

Internal or Insider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which threat actor motivation can be described as coercing action from a victim through threat of revealing compromising information for personal gain or leverage?

A

Blackmail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which type of threat actor’s goal is typically political, involving disruption of the economy or theft of military secrets?

A

Nation-State Actors

17
Q

Engaging in actions perceived as morally justified, often targeting entities perceived as immoral or evil, exemplifies what type of threat actor motivation?

A

Ethical

18
Q

Which type of threat actor is MOST likely to use Advanced Persistent Threat (APT) attacks?

A

Nation-State Actors

19
Q

Which type of threat actor motivation employs cyberattacks to support military objectives, disrupt adversaries, or gain strategic advantages in conflicts?

A

War / Military

20
Q

What are three primary attributes by which threat actors are categorized?

A

Whether they are internal or external to the organization, how well-resourced they are, and how sophisticated their attacks are

21
Q

What is it called when data leaves the network in an unauthorized fashion?

A

Data Exfiltration

22
Q

Which type of threat actor is an employee or insider using unauthorized applications or services, posing security risks to organizations?

A

Shadow IT

23
Q

Which type of threat actor is motivated by monetary gain and possesses significant resources with which to recruit hackers to carry out their agenda?

A

Organized Crime

24
Q

Why are internal threats more serious than external threats?

A

They have already penetrated the network

25
Q

Which threat actor is an individual who lacks technical expertise, and uses basic tools and methods to execute cyberattacks?

A

Unskilled Attacker

26
Q

Which type of threat actors often believe they are engaging in a righteous and morally correct cause, even though their activities are illegal?

A

Hacktivists

27
Q

Which type of threat actor motivation can be exemplified by hacking to promote an ideology, such as targeting government websites to protest political decisions?

A

Philisophical/Political Beliefs

28
Q

Which threat actor motivation is characterized by organizations looking to steal secret or sensitive information from other organizations?

A

Espionage