quiz1 Flashcards

1
Q

Security is:
To be free from ____

A

danger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

As security is increased, ____ is often decreased

A

convenience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

There are three types of information protection (often called the CIA Triad)
___
___
___

A

Confidentiality - only approved individuals may access information

integrity - ensures information is correct and unaltered

Availability - ensures information is accessible to authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A ___ ___ is an individual or entity responsible for cyber incidents against the
technology equipment of enterprises and users

A

threat actor
or attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

three types of hackers

A

black hat hacker
white hat hacker
grey hat hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

____ ____ are individuals who want to
perform attacks, yet lack technical knowledge
to carry them out

A

script kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Individuals that are strongly motivated by ideology (for the sake of their principles or beliefs)
are ____

A

hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Governments are increasingly employing their own state-sponsored attackers for launching
cyberattacks against their foes
these are __ __

Which type of threat actor is often involved in multiyear intrusion campaigns targeting highly
sensitive economic, proprietary, or national security information?

A

state actors
The attacks are targeted at foreign governments and state
infrastructures with the goal of gaining a competitive advantage on the world stage or
in an actual warfare situation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is apt

A

advanced persistent threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Employees, contractors, and business partners can pose an ___ ___ of manipulating
data from the position of a trusted employee

A

insider threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

One of the most successful types of attack is ___ ___
it does not even exploit ___ ___

A

social engineering
technological vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cybersecurity vulnerabilities can be categorized into
__
__
__
__
__

A

platforms,
configurations,
third parties,
patches,
zero-day vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

vulnerabilities - platforms
3 platforms with vulnerabilities

A

legacy platforms
on-premises platforms
cloud platforms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

vulnerabilities - third parties
One of the major risks of third-party system integration involves the principle of the

A

weakest link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

vulnerabilities - patches

A

firmware, application software, OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An ___ ___ is a pathway or avenue used by a threat actor to penetrate a system

categories

A

Attack vector

  • Email
  • Wireless
  • Removable media
  • Direct access
  • Social media
  • Supply chain
  • Cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

___ ___is a means of eliciting information (gathering data) by relying on the
weaknesses of individuals

A

social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

social engineering psychological approaches often include:

___ is masquerading as a real or fictitious character and then playing the role
of that person with a victim

___ is sending an email message or displaying a web announcement that falsely
claims to be from a legitimate enterprise in an attempt to trick the user into surrender
private information or taking action

A

impersonation

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

variations of phishing attacks (4)

A

spear phishing
whaling
vishing
smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

social engineering psychological approaches often include:

___ is when an attacker directs a user to a fake lookalike site filled with ads for
which the attacker receives money for traffic generated to the site

__ is unsolicited email that is sent to a large number of recipients

A

redirection

spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

___ is Attackers purchase fake sites because the domain names of sites are spelled
similarly to actual sites

A

typo squatting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

____ is the attacker attempts to exploit
how a URL is converted into its corresponding IP address

A

pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

T/F
image spam cannot be filtered

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

___ is spam delivered through instant messaging (IM) instead of email

A

spim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
___ are false warnings, often contained in an email message claiming to come from the IT department
Hoaxes
26
A ___ ___ ___ is directed toward a smaller group of specific individuals
watering hole attack (social engineering)
27
___ ___ take advantage of user actions that can result in compromised security
physical attacks (is social engineering)
28
Types of physical attacks ___ ___ involves digging through trash receptacles to find information that can be useful in an attack ___ occurs when an authorized person opens an entry door, one or more individuals can follow behind and also enter ___ ___ allows an attacker to casually observe someone entering secret information, such as the security codes on a door keypad
dumpster diving tailgating shoulder surfing these are social engineering
29
what is google dorking
electronic version of dumpster diving where you search for documents and data online that could be used in an attack
30
what is zero day
Zero day attacks are attacks on vulnerabilities in software systems that are discovered by threat actors before the system developers can issue a patch to correct the vulnerability.
31
impacts of attacks __ _ __ __: stealing data to distribute it to other parties __ __: stealing data to disclose it in an unauthorized fashion __ __: taking personally identifiable information to impersonate someone
data loss data exfiltration data breach identity theft
32
Impacts of attacks effects on the enterprise __ __: the attack may make systems inaccessible __ __: This results in lost productivity __: Attacks may effect the public perception of the enterprise
availability loss financial loss reputation
33
penetration testing involves Defining ____ and ___should be conducted * Examining who should perform the tests and the rules for ____ * Knowing __ __ __ a penetration test
Defining what it is and why such a test should be conducted * Examining who should perform the tests and the rules for engagement * Knowing how to perform a penetration test
34
defining penetration test penetration test attempt to exploit vulnerabilities in order to help - __ __ __ - provide a clearer picture of their ___ - determine how they could __ __ __ __ __
uncover new vulnerabilities nature be used against the organization
35
A scan of network defenses usually finds only ___ ___ to be addressed
surface problems
36
who should perform the penetration test __ __ __: (pros)little are no additional cost, quick, training (cons) inside knowledge, lack of expertise, reluctance to reveal __ __ __ __: (pros) expertise, credentials, experience, focus (cons) contractor has sensitive info __ __ __: ___ __, faster testing ability to rotate teams, multiple at once
internal security personnel external pen tester consultants crowdsourced pen testers, bug bounty
37
rules of engagement ___: sets when the testing will occur ___: involves several elements that define the relevant test boundaries: environment, internal targets, external targets, other boundaries ___: is the receipt of prior written approval to conduct the pen test __: in a pen test should be part of the scope that is discussed in the planning stages __: should __ with the organization during the following occasions: * Initiation * Incident response * Status * Emergency __: everything related to the pen test has been remove __: Once the pen test is completed, a __ should be generated to document its objectives, methods used, and results * The __ should be divided into two parts: * An executive summary designed for a less technical audience * A more technical summary written for security professionals
timing scope authorization exploitation communication cleanup reporting
38
performing a penetration test A variety of actions take place when performing a pen test, however, they can be grouped into two phases: The first task is to perform preliminary information gathering from outside the organization (called ___) _____ ( two types) 1. ___ involves directly probing for vulnerabilities and useful information 2. _____ occurs when the tester uses tools that do not raise any alarms ____
footprinting Reconnaissance - active - passive * Penetration
39
A pen test is intended to simulate the actions of a ___ ___
threat actor
40
___ ___ is searching for wireless signals from an automobile or on foot while using a portable device
war driving
41
___ ___ uses drones, which are officially known as unmanned aerial vehicles (UAVs)
war flying
42
what does OSINT stand for
open source intelligence
43
When a vulnerability is discovered, the pen tester must determine how to ___ __ ___ __using another vulnerability to continue moving toward the target
pivot/turn to another system
44
__ __ in some ways complements pen testing
Vulnerability scanning in some ways complements pen testing
45
A _________ ____ is a frequent and ongoing process that continuously identifies vulnerabilities and monitors cybersecurity progress
A vulnerability scan
46
Conducting a vulnerability scan involves: * Knowing __ __ __ and __ __ * Selecting a __ __ __ * Interpreting ____ ____
Conducting a vulnerability scan involves: * Knowing what to scan and how often * Selecting a type of scan * Interpreting vulnerability information
47
When and What to Scan * Two primary reasons for not conducting around-the-clock vulnerability scans: _____ ____ _____ ___
* Workflow interruptions * Technical constraints
48
Two data management tools are used for collecting and analyzing vulnerability scan data: ___ ___
SIEM SOAR
49
SIEMS can also perform ___ ___, which is the process of computationally identifying and categorizing opinions to determine the writer’s attitude toward a particular topic
sentiment analysis
50
___ ___ is proactively searching for cyber threats that thus far have gone undetected in a network investigation often use crowdsourced data such as: ___ and ___ ___ ___ feeds info from a ___ __
threat hunting advisories and bulletins threat feeds fusion center
51
features of SIEM
aggregation correlation automated alerting and triggers time synchronization event duplication logs
52
A cybersecurity ____ is a series of documented processes used to define policies and procedures for implementing and managing security controls in an enterprise environment
framework
53
Industry ____ are typically developed by established professional organizations or government agencies using the expertise of seasoned security professionals
regulations
54
A cybersecurity ___ is a document approved through consensus by a recognized standardization body
standard
55
cybersecurity ___/__ ___ __ are usually distributed by hardware manufacturers and software developers
Benchmark/secure configuration guides
56
___ is software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action
Malware
57
Types of malware that imprisons are ___: prevents a user’s endpoint device from properly and fully functioning until a fee is paid and ___: is a type of malware that imprisons users and encrypts all files on the device so that none of them can be opened, cost increases
ransomware and cryptomalware
58
Malware that infects a computer to launch attacks on other computers include ____ ___: is a malicious program that uses a computer network to replicate (sometimes called a network virus) ___: Another type of malware allows the infected computer to be placed under the remote control of an attacker for the purpose of launching attacks
virus, worm ,bot
59
two types of viruses ____ virus: is malicious code that is attached to a file that reproduces itself on the same computer without any human intervention ___: does not attach itself to a file but instead takes advantage of native services and processes that are part of the OS to avoid detection and carry out its attacks
file based fileless
60
two common types of snooping malware ___: is tracking software that is deployed without the consent or control of the user ___: silently captures and stores each keystroke that a user types on the computer’s keyboard
spyware keylogger
61
Deceive A ___ is software that the user does not want on their computer ___: is an executable program that masquerades as performing a benign activity but also does something malicious
pup (potentially unwanted program) trojan
62
A ___ has the basic functionality of a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols
RAT (remote access trojan)
63
evade This category of malware attempts to help malware or attacks evade detection ___: gives access to a computer, program, or service that circumvents any normal security protections __ __: is computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it ___: is malware that can hide its presence and the presence of other malware on the computer
backdoor logic bomb rootkit
64
What is the primary action that cryptomalware performs? a. Imprison b. Launch c. Snoop d. Deceive
imprison
65
____ ___: Another category of attacks look for vulnerabilities in applications or manipulate applications in order to compromise them Common targets of attackers using application attacks are Internet web server
application attacks
66
scripting In a ___ ___ ___ (XSS) attack, a website that accepts user input without validating it and uses that input in a response can be exploited * An attacker can take advantage in an XSS attack by tricking a valid website into feeding a malicious script to another user’s web browse
cross site scripting
67
Attacks called ____ introduce new input to exploit a vulnerability most common:
injections sql injection
68
request forgery is a: ____ two types: _____ : takes advantage of an authentication “token” that a website sends to a user’s web browser ___: takes advantage of a trusting relationship between web servers - exploit how a web server processes external information received from another server
request that has been fabricated cross site request forgery (CSFR) Server site request forgery (SSRF)
69
____ ___are commonly used against digital identities
replay attacks
70
Other attacks are directly focused on vulnerabilities in the software applications * These include: ___ __: are called resource exhaustion attacks because they “deplete” parts of memory and thus interfere with the normal operation of the program in RAM. a ____ overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer a ___ overflow attack: an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow ___ ___ __: Some attacks are the result of poor coding on the part of software developers * Software that allows the user to enter data but has improper input handling features does not filter or validate user input to prevent a malicious action attacks on __ __ __
memory vulnerabilities - buffer overflow attack - integer overflow attack improper exception handling attacks on external software components
71
which type of application attack might use the following syntax: ‘whatever’ AND email IS NULL a. Cross-site scripting b. Client-side request forgery c. SQL injection d. Buffer overflow
c
72
The prime advantages of using AI to combat threats are ___ ___ and greater ___ in __
continual learning and greater speed in response
73
Risks associated with using AI and ML are called __ __ __ risk 1. ____ of ML algorithms risk 2. ___ training data for Ml
adversarial artificial intelligence security tainted