quiz1

Question 1

Security is:
To be free from ____

Answer 1

danger

Question 2

As security is increased, ____ is often decreased

Answer 2

convenience

Question 3

There are three types of information protection (often called the CIA Triad)
___
___
___

Answer 3

Confidentiality - only approved individuals may access information

integrity - ensures information is correct and unaltered

Availability - ensures information is accessible to authorized users

Question 4

A ___ ___ is an individual or entity responsible for cyber incidents against the
technology equipment of enterprises and users

Answer 4

threat actor
or attacker

Question 5

three types of hackers

Answer 5

black hat hacker
white hat hacker
grey hat hacker

Question 6

____ ____ are individuals who want to
perform attacks, yet lack technical knowledge
to carry them out

Answer 6

script kiddies

Question 7

Individuals that are strongly motivated by ideology (for the sake of their principles or beliefs)
are ____

Answer 7

hacktivists

Question 8

Governments are increasingly employing their own state-sponsored attackers for launching
cyberattacks against their foes
these are __ __

Which type of threat actor is often involved in multiyear intrusion campaigns targeting highly
sensitive economic, proprietary, or national security information?

Answer 8

state actors
The attacks are targeted at foreign governments and state
infrastructures with the goal of gaining a competitive advantage on the world stage or
in an actual warfare situation.

Question 9

what is apt

Answer 9

advanced persistent threat

Question 10

Employees, contractors, and business partners can pose an ___ ___ of manipulating
data from the position of a trusted employee

Answer 10

insider threat

Question 11

One of the most successful types of attack is ___ ___
it does not even exploit ___ ___

Answer 11

social engineering
technological vulnerabilities

Question 12

Cybersecurity vulnerabilities can be categorized into
__
__
__
__
__

Answer 12

platforms,
configurations,
third parties,
patches,
zero-day vulnerabilities

Question 13

vulnerabilities - platforms
3 platforms with vulnerabilities

Answer 13

legacy platforms
on-premises platforms
cloud platforms

Question 14

vulnerabilities - third parties
One of the major risks of third-party system integration involves the principle of the

Answer 14

weakest link

Question 15

vulnerabilities - patches

Answer 15

firmware, application software, OS

Question 16

An ___ ___ is a pathway or avenue used by a threat actor to penetrate a system

categories

Answer 16

Attack vector

• Email
• Wireless
• Removable media
• Direct access
• Social media
• Supply chain
• Cloud

Question 17

___ ___is a means of eliciting information (gathering data) by relying on the
weaknesses of individuals

Answer 17

social engineering

Question 18

social engineering psychological approaches often include:

___ is masquerading as a real or fictitious character and then playing the role
of that person with a victim

___ is sending an email message or displaying a web announcement that falsely
claims to be from a legitimate enterprise in an attempt to trick the user into surrender
private information or taking action

Answer 18

impersonation

Phishing

Question 19

variations of phishing attacks (4)

Answer 19

spear phishing
whaling
vishing
smishing

Question 20

social engineering psychological approaches often include:

___ is when an attacker directs a user to a fake lookalike site filled with ads for
which the attacker receives money for traffic generated to the site

__ is unsolicited email that is sent to a large number of recipients

Answer 20

redirection

spam

Question 21

___ is Attackers purchase fake sites because the domain names of sites are spelled
similarly to actual sites

Answer 21

typo squatting

Question 22

____ is the attacker attempts to exploit
how a URL is converted into its corresponding IP address

Answer 22

pharming

Question 23

T/F
image spam cannot be filtered

Answer 23

T

Question 24

___ is spam delivered through instant messaging (IM) instead of email

Answer 24

spim

Question 25

___ are false warnings, often contained in an email message claiming to come from the IT department

Answer 25

Hoaxes

Question 26

A ___ ___ ___ is directed toward a smaller group of specific individuals

Answer 26

watering hole attack (social engineering)

Question 27

___ ___ take advantage of user actions that can result in compromised security

Answer 27

physical attacks (is social engineering)

Question 28

Types of physical attacks ___ ___ involves digging through trash receptacles to find information that can be useful in an attack ___ occurs when an authorized person opens an entry door, one or more individuals can follow behind and also enter ___ ___ allows an attacker to casually observe someone entering secret information, such as the security codes on a door keypad

Answer 28

dumpster diving tailgating shoulder surfing these are social engineering

Question 29

what is google dorking

Answer 29

electronic version of dumpster diving where you search for documents and data online that could be used in an attack

Question 30

what is zero day

Answer 30

Zero day attacks are attacks on vulnerabilities in software systems that are discovered by threat actors before the system developers can issue a patch to correct the vulnerability.

Question 31

impacts of attacks __ _ __ __: stealing data to distribute it to other parties __ __: stealing data to disclose it in an unauthorized fashion __ __: taking personally identifiable information to impersonate someone

Answer 31

data loss data exfiltration data breach identity theft

Question 32

Impacts of attacks effects on the enterprise __ __: the attack may make systems inaccessible __ __: This results in lost productivity __: Attacks may effect the public perception of the enterprise

Answer 32

availability loss financial loss reputation

Question 33

penetration testing involves Defining ____ and ___should be conducted * Examining who should perform the tests and the rules for ____ * Knowing __ __ __ a penetration test

Answer 33

Defining what it is and why such a test should be conducted * Examining who should perform the tests and the rules for engagement * Knowing how to perform a penetration test

Question 34

defining penetration test penetration test attempt to exploit vulnerabilities in order to help - __ __ __ - provide a clearer picture of their ___ - determine how they could __ __ __ __ __

Answer 34

uncover new vulnerabilities nature be used against the organization

Question 35

A scan of network defenses usually finds only ___ ___ to be addressed

Answer 35

surface problems

Question 36

who should perform the penetration test __ __ __: (pros)little are no additional cost, quick, training (cons) inside knowledge, lack of expertise, reluctance to reveal __ __ __ __: (pros) expertise, credentials, experience, focus (cons) contractor has sensitive info __ __ __: ___ __, faster testing ability to rotate teams, multiple at once

Answer 36

internal security personnel external pen tester consultants crowdsourced pen testers, bug bounty

Question 37

rules of engagement ___: sets when the testing will occur ___: involves several elements that define the relevant test boundaries: environment, internal targets, external targets, other boundaries ___: is the receipt of prior written approval to conduct the pen test __: in a pen test should be part of the scope that is discussed in the planning stages __: should __ with the organization during the following occasions: * Initiation * Incident response * Status * Emergency __: everything related to the pen test has been remove __: Once the pen test is completed, a __ should be generated to document its objectives, methods used, and results * The __ should be divided into two parts: * An executive summary designed for a less technical audience * A more technical summary written for security professionals

Answer 37

timing scope authorization exploitation communication cleanup reporting

Question 38

performing a penetration test A variety of actions take place when performing a pen test, however, they can be grouped into two phases: The first task is to perform preliminary information gathering from outside the organization (called ___) _____ ( two types) 1. ___ involves directly probing for vulnerabilities and useful information 2. _____ occurs when the tester uses tools that do not raise any alarms ____

Answer 38

footprinting Reconnaissance - active - passive * Penetration

Question 39

A pen test is intended to simulate the actions of a ___ ___

Answer 39

threat actor

Question 40

___ ___ is searching for wireless signals from an automobile or on foot while using a portable device

Answer 40

war driving

Question 41

___ ___ uses drones, which are officially known as unmanned aerial vehicles (UAVs)

Answer 41

war flying

Question 42

what does OSINT stand for

Answer 42

open source intelligence

Question 43

When a vulnerability is discovered, the pen tester must determine how to ___ __ ___ __using another vulnerability to continue moving toward the target

Answer 43

pivot/turn to another system

Question 44

__ __ in some ways complements pen testing

Answer 44

Vulnerability scanning in some ways complements pen testing

Question 45

A _________ ____ is a frequent and ongoing process that continuously identifies vulnerabilities and monitors cybersecurity progress

Answer 45

A vulnerability scan

Question 46

Conducting a vulnerability scan involves: * Knowing __ __ __ and __ __ * Selecting a __ __ __ * Interpreting ____ ____

Answer 46

Conducting a vulnerability scan involves: * Knowing what to scan and how often * Selecting a type of scan * Interpreting vulnerability information

Question 47

When and What to Scan * Two primary reasons for not conducting around-the-clock vulnerability scans: _____ ____ _____ ___

Answer 47

* Workflow interruptions * Technical constraints

Question 48

Two data management tools are used for collecting and analyzing vulnerability scan data: ___ ___

Answer 48

SIEM SOAR

Question 49

SIEMS can also perform ___ ___, which is the process of computationally identifying and categorizing opinions to determine the writer’s attitude toward a particular topic

Answer 49

sentiment analysis

Question 50

___ ___ is proactively searching for cyber threats that thus far have gone undetected in a network investigation often use crowdsourced data such as: ___ and ___ ___ ___ feeds info from a ___ __

Answer 50

threat hunting advisories and bulletins threat feeds fusion center

Question 51

features of SIEM

Answer 51

aggregation correlation automated alerting and triggers time synchronization event duplication logs

Question 52

A cybersecurity ____ is a series of documented processes used to define policies and procedures for implementing and managing security controls in an enterprise environment

Answer 52

framework

Question 53

Industry ____ are typically developed by established professional organizations or government agencies using the expertise of seasoned security professionals

Answer 53

regulations

Question 54

A cybersecurity ___ is a document approved through consensus by a recognized standardization body

Answer 54

standard

Question 55

cybersecurity ___/__ ___ __ are usually distributed by hardware manufacturers and software developers

Answer 55

Benchmark/secure configuration guides

Question 56

___ is software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action

Answer 56

Malware

Question 57

Types of malware that imprisons are ___: prevents a user’s endpoint device from properly and fully functioning until a fee is paid and ___: is a type of malware that imprisons users and encrypts all files on the device so that none of them can be opened, cost increases

Answer 57

ransomware and cryptomalware

Question 58

Malware that infects a computer to launch attacks on other computers include ____ ___: is a malicious program that uses a computer network to replicate (sometimes called a network virus) ___: Another type of malware allows the infected computer to be placed under the remote control of an attacker for the purpose of launching attacks

Answer 58

virus, worm ,bot

Question 59

two types of viruses ____ virus: is malicious code that is attached to a file that reproduces itself on the same computer without any human intervention ___: does not attach itself to a file but instead takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks

Answer 59

file based fileless

Question 60

two common types of snooping malware ___: is tracking software that is deployed without the consent or control of the user ___: silently captures and stores each keystroke that a user types on the computer’s keyboard

Answer 60

spyware keylogger

Question 61

Deceive A ___ is software that the user does not want on their computer ___: is an executable program that masquerades as performing a benign activity but also does something malicious

Answer 61

pup (potentially unwanted program) trojan

Question 62

A ___ has the basic functionality of a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols

Answer 62

RAT (remote access trojan)

Question 63

evade This category of malware attempts to help malware or attacks evade detection ___: gives access to a computer, program, or service that circumvents any normal security protections __ __: is computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it ___: is malware that can hide its presence and the presence of other malware on the computer

Answer 63

backdoor logic bomb rootkit

Question 64

What is the primary action that cryptomalware performs? a. Imprison b. Launch c. Snoop d. Deceive

Answer 64

imprison

Question 65

____ ___: Another category of attacks look for vulnerabilities in applications or manipulate applications in order to compromise them Common targets of attackers using application attacks are Internet web server

Answer 65

application attacks

Question 66

scripting In a ___ ___ ___ (XSS) attack, a website that accepts user input without validating it and uses that input in a response can be exploited * An attacker can take advantage in an XSS attack by tricking a valid website into feeding a malicious script to another user’s web browse

Answer 66

cross site scripting

Question 67

Attacks called ____ introduce new input to exploit a vulnerability most common:

Answer 67

injections sql injection

Question 68

request forgery is a: ____ two types: _____ : takes advantage of an authentication “token” that a website sends to a user’s web browser ___: takes advantage of a trusting relationship between web servers - exploit how a web server processes external information received from another server

Answer 68

request that has been fabricated cross site request forgery (CSFR) Server site request forgery (SSRF)

Question 69

____ ___are commonly used against digital identities

Answer 69

replay attacks

Question 70

Other attacks are directly focused on vulnerabilities in the software applications * These include: ___ __: are called resource exhaustion attacks because they “deplete” parts of memory and thus interfere with the normal operation of the program in RAM. a ____ overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer a ___ overflow attack: an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow ___ ___ __: Some attacks are the result of poor coding on the part of software developers * Software that allows the user to enter data but has improper input handling features does not filter or validate user input to prevent a malicious action attacks on __ __ __

Answer 70

memory vulnerabilities - buffer overflow attack - integer overflow attack improper exception handling attacks on external software components

Question 71

which type of application attack might use the following syntax: ‘whatever’ AND email IS NULL a. Cross-site scripting b. Client-side request forgery c. SQL injection d. Buffer overflow

Answer 71

c

Question 72

The prime advantages of using AI to combat threats are ___ ___ and greater ___ in __

Answer 72

continual learning and greater speed in response

Question 73

Risks associated with using AI and ML are called __ __ __ risk 1. ____ of ML algorithms risk 2. ___ training data for Ml

Answer 73

adversarial artificial intelligence security tainted