quiz1 Flashcards
Security is:
To be free from ____
danger
As security is increased, ____ is often decreased
convenience
There are three types of information protection (often called the CIA Triad)
___
___
___
Confidentiality - only approved individuals may access information
integrity - ensures information is correct and unaltered
Availability - ensures information is accessible to authorized users
A ___ ___ is an individual or entity responsible for cyber incidents against the
technology equipment of enterprises and users
threat actor
or attacker
three types of hackers
black hat hacker
white hat hacker
grey hat hacker
____ ____ are individuals who want to
perform attacks, yet lack technical knowledge
to carry them out
script kiddies
Individuals that are strongly motivated by ideology (for the sake of their principles or beliefs)
are ____
hacktivists
Governments are increasingly employing their own state-sponsored attackers for launching
cyberattacks against their foes
these are __ __
Which type of threat actor is often involved in multiyear intrusion campaigns targeting highly
sensitive economic, proprietary, or national security information?
state actors
The attacks are targeted at foreign governments and state
infrastructures with the goal of gaining a competitive advantage on the world stage or
in an actual warfare situation.
what is apt
advanced persistent threat
Employees, contractors, and business partners can pose an ___ ___ of manipulating
data from the position of a trusted employee
insider threat
One of the most successful types of attack is ___ ___
it does not even exploit ___ ___
social engineering
technological vulnerabilities
Cybersecurity vulnerabilities can be categorized into
__
__
__
__
__
platforms,
configurations,
third parties,
patches,
zero-day vulnerabilities
vulnerabilities - platforms
3 platforms with vulnerabilities
legacy platforms
on-premises platforms
cloud platforms
vulnerabilities - third parties
One of the major risks of third-party system integration involves the principle of the
weakest link
vulnerabilities - patches
firmware, application software, OS
An ___ ___ is a pathway or avenue used by a threat actor to penetrate a system
categories
Attack vector
- Wireless
- Removable media
- Direct access
- Social media
- Supply chain
- Cloud
___ ___is a means of eliciting information (gathering data) by relying on the
weaknesses of individuals
social engineering
social engineering psychological approaches often include:
___ is masquerading as a real or fictitious character and then playing the role
of that person with a victim
___ is sending an email message or displaying a web announcement that falsely
claims to be from a legitimate enterprise in an attempt to trick the user into surrender
private information or taking action
impersonation
Phishing
variations of phishing attacks (4)
spear phishing
whaling
vishing
smishing
social engineering psychological approaches often include:
___ is when an attacker directs a user to a fake lookalike site filled with ads for
which the attacker receives money for traffic generated to the site
__ is unsolicited email that is sent to a large number of recipients
redirection
spam
___ is Attackers purchase fake sites because the domain names of sites are spelled
similarly to actual sites
typo squatting
____ is the attacker attempts to exploit
how a URL is converted into its corresponding IP address
pharming
T/F
image spam cannot be filtered
T
___ is spam delivered through instant messaging (IM) instead of email
spim
___ are false warnings, often contained in an email message claiming to come from
the IT department
Hoaxes
A ___ ___ ___ is directed toward a smaller group of specific individuals
watering hole attack (social engineering)
___ ___ take advantage of user actions that can result in compromised security
physical attacks (is social engineering)
Types of physical attacks
___ ___ involves digging through trash receptacles to find information that can
be useful in an attack
___ occurs when an authorized person opens an entry door, one or more individuals can follow behind and also enter
___ ___ allows an attacker to casually observe someone entering secret
information, such as the security codes on a door keypad
dumpster diving
tailgating
shoulder surfing
these are social engineering
what is google dorking
electronic version of dumpster diving where you search for documents and data online that could be used in an attack
what is zero day
Zero day attacks are attacks on vulnerabilities in software systems that are
discovered by threat actors before the system developers can issue a patch to
correct the vulnerability.
impacts of attacks
__ _
__ __: stealing data to distribute it to other parties
__ __: stealing data to disclose it in an unauthorized fashion
__ __: taking personally identifiable information to impersonate someone
data loss
data exfiltration
data breach
identity theft
Impacts of attacks
effects on the enterprise
__ __: the attack may make systems inaccessible
__ __: This results in lost productivity
__: Attacks may effect the public perception of the enterprise
availability loss
financial loss
reputation
penetration testing
involves
Defining ____ and ___should be conducted
- Examining who should perform the tests and the rules for ____
- Knowing __ __ __ a penetration test
Defining what it is and why such a test should be conducted
- Examining who should perform the tests and the rules for engagement
- Knowing how to perform a penetration test
defining penetration test
penetration test attempt to exploit vulnerabilities in order to help
- __ __ __
- provide a clearer picture of their ___
- determine how they could __ __ __ __ __
uncover new vulnerabilities
nature
be used against the organization
A scan of network defenses usually finds only ___ ___ to be addressed
surface problems
who should perform the penetration test
__ __ __: (pros)little are no additional cost, quick, training
(cons) inside knowledge, lack of expertise, reluctance to reveal
__ __ __ __: (pros) expertise, credentials, experience, focus
(cons) contractor has sensitive info
__ __ __: ___ __, faster testing ability to rotate teams, multiple at once
internal security personnel
external pen tester consultants
crowdsourced pen testers, bug bounty
rules of engagement
___: sets when the testing will occur
___: involves several elements that define the relevant test boundaries: environment, internal targets, external targets, other boundaries
___: is the receipt of prior written approval to conduct the pen test
__: in a pen test should be part of the scope that is discussed in the
planning stages
__: should __ with the organization during the following occasions:
* Initiation
* Incident response
* Status
* Emergency
__: everything related to the pen test has been remove
__: Once the pen test is completed, a __ should be generated to document its objectives,
methods used, and results
* The __ should be divided into two parts:
* An executive summary designed for a less technical audience
* A more technical summary written for security professionals
timing
scope
authorization
exploitation
communication
cleanup
reporting
performing a penetration test
A variety of actions take place when performing a pen test, however, they can be grouped
into two phases:
The first task is to perform preliminary information gathering from outside the
organization (called ___)
_____ ( two types)
1. ___ involves directly probing for vulnerabilities and useful information
2. _____ occurs when the tester uses tools that do not raise any
alarms
____
footprinting
Reconnaissance
- active
- passive
* Penetration
A pen test is intended to simulate the actions of a ___ ___
threat actor
___ ___ is searching for wireless signals from an automobile or on foot while using a portable device
war driving
___ ___ uses drones, which are officially known as unmanned aerial vehicles
(UAVs)
war flying
what does OSINT stand for
open source intelligence
When a vulnerability is discovered, the pen tester must determine how to ___ __ ___ __using another vulnerability to continue moving toward the
target
pivot/turn to another system
__ __ in some ways complements pen testing
Vulnerability scanning in some ways complements pen testing
A _________ ____ is a frequent and ongoing process that continuously identifies
vulnerabilities and monitors cybersecurity progress
A vulnerability scan
Conducting a vulnerability scan involves:
* Knowing __ __ __ and __ __
* Selecting a __ __ __
* Interpreting ____ ____
Conducting a vulnerability scan involves:
* Knowing what to scan and how often
* Selecting a type of scan
* Interpreting vulnerability information
When and What to Scan
* Two primary reasons for not conducting around-the-clock vulnerability scans:
_____ ____
_____ ___
- Workflow interruptions
- Technical constraints
Two data management tools are used for collecting and analyzing vulnerability scan data:
___
___
SIEM
SOAR
SIEMS can also perform ___ ___, which is the process of computationally
identifying and categorizing opinions to determine the writer’s attitude toward a particular
topic
sentiment analysis
___ ___ is proactively searching for cyber threats that thus far have gone undetected in a network
investigation often use crowdsourced data such as:
___ and ___
___ ___ feeds
info from a ___ __
threat hunting
advisories and bulletins
threat feeds
fusion center
features of SIEM
aggregation
correlation
automated alerting and triggers
time synchronization
event duplication
logs
A cybersecurity ____ is a series of documented processes used to define policies
and procedures for implementing and managing security controls in an enterprise
environment
framework
Industry ____ are typically developed by established professional organizations or
government agencies using the expertise of seasoned security professionals
regulations
A cybersecurity ___ is a document approved through consensus by a recognized standardization
body
standard
cybersecurity ___/__ ___ __ are usually distributed by hardware
manufacturers and software developers
Benchmark/secure configuration guides
___ is software that enters a computer system without the user’s knowledge or consent
and then performs an unwanted and harmful action
Malware
Types of malware that imprisons are
___: prevents a user’s endpoint device from properly and fully functioning until
a fee is paid
and
___: is a type of malware that imprisons users and encrypts all files on the
device so that none of them can be opened, cost increases
ransomware and cryptomalware
Malware that infects a computer to launch attacks on other computers include
____
___: is a malicious program that uses a computer network to replicate (sometimes
called a network virus)
___: Another type of malware allows the infected computer to be placed under the remote
control of an attacker for the purpose of launching attacks
virus, worm ,bot
two types of viruses
____ virus: is malicious code that is attached to a file that reproduces itself on the same computer without any human intervention
___: does not attach itself to a file but instead takes advantage of native services
and processes that are part of the OS to avoid detection and carry out its attacks
file based
fileless
two common types of snooping malware
___: is tracking software that is deployed without the consent or control of the user
___: silently captures and stores each keystroke that a user types on the
computer’s keyboard
spyware
keylogger
Deceive
A ___ is software that the user does not want on their computer
___: is an executable program that masquerades as performing a benign
activity but also does something malicious
pup (potentially unwanted program)
trojan
A ___ has the basic functionality of a Trojan but also gives the threat agent unauthorized
remote access to the victim’s computer by using specially configured communication
protocols
RAT (remote access trojan)
evade
This category of malware attempts to help malware or attacks evade detection
___: gives access to a computer, program, or service that circumvents any
normal security protections
__ __: is computer code that is typically added to a legitimate program but lies
dormant and evades detection until a specific logical event triggers it
___: is malware that can hide its presence and the presence of other malware on the
computer
backdoor
logic bomb
rootkit
What is the primary action that cryptomalware performs?
a. Imprison
b. Launch
c. Snoop
d. Deceive
imprison
____ ___: Another category of attacks look for vulnerabilities in applications or manipulate applications
in order to compromise them
Common targets of attackers using application attacks are Internet web server
application attacks
scripting
In a ___ ___ ___ (XSS) attack, a website that accepts user input without validating
it and uses that input in a response can be exploited
* An attacker can take advantage in an XSS attack by tricking a valid website into feeding a
malicious script to another user’s web browse
cross site scripting
Attacks called ____ introduce new input to exploit a vulnerability
most common:
injections
sql injection
request forgery is a: ____
two types:
_____ : takes advantage of an authentication “token” that a website sends to a user’s web
browser
___: takes advantage of a trusting relationship between web servers
- exploit how a web server processes external information received from
another server
request that has been fabricated
cross site request forgery (CSFR)
Server site request forgery (SSRF)
____ ___are commonly used against digital identities
replay attacks
Other attacks are directly focused on vulnerabilities in the software applications
* These include:
___ __: are called resource exhaustion attacks because they
“deplete” parts of memory and thus interfere with the normal operation of the program in
RAM.
a ____ overflow attack occurs when a process attempts to store data in RAM beyond
the boundaries of a fixed-length storage buffer
a ___ overflow attack: an attacker changes the value of a variable to something
outside the range that the programmer had intended by using an integer overflow
___ ___ __: Some attacks are the result of poor coding on the part of software developers
* Software that allows the user to enter data but has improper input handling features
does not filter or validate user input to prevent a malicious action
attacks on __ __ __
memory vulnerabilities
- buffer overflow attack
- integer overflow attack
improper exception handling
attacks on external software components
which type of application attack might use the following syntax:
‘whatever’ AND email IS NULL
a. Cross-site scripting
b. Client-side request forgery
c. SQL injection
d. Buffer overflow
c
The prime advantages of using AI to combat threats are
___ ___
and
greater ___ in __
continual learning and greater speed in response
Risks associated with using AI and ML are called __ __ __
risk 1. ____ of ML algorithms
risk 2. ___ training data for Ml
adversarial artificial intelligence
security
tainted