Network Security Assessment Flashcards

1
Q

Describe the Steps of Threat Hunting:
1) Hypothesis
2) Collect and process
3) Trigger
4) Investigation
5) Response

A

1) Make assumptions using TTPs.
2) Collect and analyze data using threat intelligence.
3) Threat-detection tolls trigger anomaly.
4) Investigate and eliminate identified threats.
5) Generate a report for future detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Cyber Threat Intelligence (CTI)?

A

The collection and analysis of information about threats and adversaries for the preparedness, prevention, and response against cyber-attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe these types of Threat Intelligence:
1) Strategic
2) Tactical
3) Operational
4) Technical

A

1) High-level information on changing risks.
2) Information on attacker’s TTPs
3) Information on specific incoming attacks.
4) Information on specific indicators of compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe these Threat Intelligence Sources:
1) OSINT
2) HUMINT
3) SIGINT
4) TECHINT
5) SOCMINT
6) CCI

A

1) Informaiton collected from publicly available sources.
2) Information collected from interpersonal contacts.
3) Information collected by intercepting signals.
4) Information collected from adversay’s equipment.
5) Information collected from social media sites.
6) Information collected from established security infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the following:
1) Surface Web
2) Deep Web
3) Dark Web

A

1) Web pages and content that are stored on normal browsers.
2) Web pages and content that are hidden and unindexed from traditional browsers and search engines.
3) Subset of deep web where anyone can navigate anonymously without being traced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Vulnerability Assessment?

A

is the in-depth examination of a system or application to withstand exploitation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe these types of scanning:
1) Active Scanning
2) Passive Scanning

A

1) Attacker interacts directly with the target network to find vulnerabilities. Attacks send probes/packets to network.
2) Attack finds vulnerabilties without direct contact with the network. Attacker guesses details by observing TCP connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe these types of Vulnerability Assessments:
1) Active
2) Passive
3) External
4) Internal

A

1) Uses a network scanner to find hosts, networks, services and vulnerabilities.
2) Sniffs network traffic to discover host, networks, services and vulnerabilities.
3) Assess the network from a hacker’s perspective, from the outside world.
4) Scans the internal infrastructure to discover exploits and vulnerabilties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe these types of Vulnerability Assessments:
1) Host-based
2) Network-based
3) Application
4) Database

A

1) Conducts a configuration-level check to evaluate the possibility of compromise.
2) Determines network security attacks that may occur.
3) Tests the web infrastructure for known vulnerabilities.
4) Focuses on testing databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe these types of Vulnerability Assessments:
1) Wireless Network
2) Credentialed
3) Manual
4) Distrubuted
5) Non-Credentialed
6) Automated

A

1) Determines vulnerabilities on wireless networks.
2) Assesses the network by obtaining all credentials present in the network.
3) Manually assessing the vulnerabilities, ranking, and score.
4) Assesses the organizations distrubted assets like client-server apps.
5) Assesses the network without any credentials.
6) Automated tools are used to assess vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the six steps of the Vulnerability-Management Life Cycle?

A

1) Identify assets and create a baseline.
2) Vulnerability Scan
3) Risk Assessment
4) Remediate
5) Verification
6) Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe the following:
1) Security Audit
2) Vulnerability Assessment
3) Penetration Testing

A

1) Checks whether an organization follows a set of security policies and procedures.
2) Discovers the vulnerabilities in an information system.
3) Methodical approach that covers both Security Audit and Vulnerability Asessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the following teams:
1) Blue Team
2) Red Team
3) Purple Team
4) White Team

A

1) Detect and mitigate attackers activities.
2) Detect network and system vulnerabilities from the attacker’s perspective.
3) Comprised of both the blue and red teams.
4) Acts a negotiator between blue and red teams, does not perform any tests, only monitors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe the following:
1) Black Box
2) White Box
3) Grey Box

A

1) The tester has no knowledge if the system.
2) The tester has all knowledge of the system.
3) The tester has partial knowledge of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s invloved in these phases of Penetration Testing:
1) Pre-Attack
2) Attack
3) Post-Attack

A

1) Research (Information Gathering)
2) Testing/Exploitation
3) Documentation and Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are these Asset identifcation Methods?
1) Standard Naming Conventions
2) IP Schema

A

1) Used to identify each asset individually with a unique name.
2) Stores subnet information of an IP address space and the range of IPs within each subnet.

17
Q

Describe these Configuration Management Activities:
1) Management and Planning
2) Identification
3) Control
4) Status Accounting
5) Verification and Auditing

A

1) Sets direction, expectations and configuration strategies.
2) Describes the settings and baselines.
3) The assessment of change recommendations and tracks aprove/deny status.
4) Records and reports baselines on individuals.
5) Review of software/hardware to assess compliance.

18
Q

What are the five steps of the Change Management Cycle?

A

1) Request Changes
2) Analyze impact
3) Approve/Deny
4) Implement
5) Document and Monitor