Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISC > S3-m1 > Flashcards

S3-m1 Flashcards

1
Q

The goal of a cyber security program is to…

A

manage the cybersecurity risks by securing and enhancing confidentiality, data integrity, and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data breaches

A

Occur when information is compromised and utilized without the authorization of the owner. Examples of attack’s that can result in data breaches include ransomware, phishing, malware, comprised passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Service Disruptions

A

are unplanned events that cause a general system or major application to be inoperable for an unacceptable length of time
-malware
-distributed denial of service attacks (DDoS)
-SQL injections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Compliance Risk

A

Regulators can require organizations to comply with cybersecurity regulations. The failure to comply with these regulations can result in fines and financial penalties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a cyber attack?

A

any kind of malicious activity that targets computer information systems, infrastructures, computer networks, or personal computer devices, and attempts to collect, disrupt, deny, degrade or destroy information system resources of the information itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Attacker, Threat Actor, or Hacker

Threat Agent

A

Individuals or groups of individuals known as hacking rings Advanced Persistent Threats (APTs) that target people or organizations to gain access to systems, networks, an data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Adversary

Threat Agent

A

These are actors with interests in conflict with the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Government-Sponsored Actors

Threat Agent

A

These threat actor are funded, directed, or sponsored by nations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hacktivitis

Threat Agent

A

Groups of hackers that operate to promote certain social causes or political agendas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Insiders

Threat Agent

A

Employees who either organically develop into someone with malicious intentions or intentionally infiltrates an organization to achieve nefarious objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

External Threats

Threat Agent

A

Threats that occur outside of the organization, entity, or individual that is the source of the cyberattack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Network-based Attacks

A

These attacks target the infrastructure of a network, including switches, router, servers, and cabling, with the intent to gain unauthorized access or disrupt operations for users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Backdoor and Trapdoors

A

Methods to bypass security access procedures by creating an entry and exit point to a network that is undocumented. Trapdoors are often installed by a system owners so they can bypass security measures to gain quick access, whereas backdoors may be intentionally installed or unintentionally left available due to product defects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Covert Channels

A

Mechanisms used to transmit data using methods not originally intended for data transmission by the system designers
-storage channels: data is transmitted by modifying a storage location
-timing channels: the delay in transmitting data packets is used to hide transmission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Buffer Overflows

A

Attackers overload a programs buffer, the temporary storage, with more input than it is designed to hold. This may cause the program to overwrite the memory of an application or cash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Denial of Service (DOS)

A

An attacker floods a systems network by congesting it with large volumes of traffic that are greater than the bandwidth it was designed to handle. This excess volume consumes the networks resources so that it cannot respond to service request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Distributed Denial of Services (DDoS) Attacks

A

These occur when multiple attackers or compromised devices are working in unison to flood an organizations network with traffic. These attacks manipulate the operation of network equipment and services in such a way that they may be more powerful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Man in the Middle (MITM) Attacks

A

Attacker acts as an intermediary between two parties intercepting communications, acting as a legitimate entity within a typical secure session. As info is passed between two parties, the attacker can read or redirect traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Port Scanning Attacks

A

Scanning network for open ports is frequently done by attackers to find vulnerabilities that can be exploited.
-attack focuses on logical ports that are used for protocols such as TCP
-normal for companies to have open ports
-common vulnerabilities include unsecured protocols, unpatched protocols, poor login credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Ransomware Attacks

A

Typically come from malware that locks a user or a company’s operating systems, applications, and the ability to access data unless ransom is paid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Reverse Shell Attacks

A

“Connect back shells” - a victim initiates communication with an attacker from behind a company’s firewall so that the attacker can bypass the firewall and any other network safeguards and remotely control the victims machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Replay Attacks (eavesdropping)

A

A type of MITM attack in which a cybercriminal eavesdrops on a secure network communication, intercepts it, and then replays the message at a later time to the intended target to gain access to the network and the data that is behind the firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Spoofing

A

The act of impersonating someone or something to obtain unauthorized system access by using falsified credential or imitating a legitimate person or entity by using fake IP addresses, domains, or emails
-address resolution spoofing
-DNS Spoofing
-Hyperlink Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Application based attacks

A

Target specific software or applications such as databases or websites to gain unauthorized access or disrupt functionality.
-sql injections
-cross site scripting (XSS)
-race condition
-Mobile code: overwrite virus, multi partite virus, parasitic virus, polymorphic virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Host Based Attacks

A

Target a single host such as a laptop, mobile device to disrupt functionality or obtain unauthorized access
-Brute force
-keystroke logging
-malware
-rogue mobile apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Social Engineering Attacks

A

These attacks involve the use of psychological manipulation or deception to get employees to divulge sensitive information, provide unauthorized access, or assist an attacker in committing fraud. Interaction through email, text, direct messaging, or social media
-Phishing
-Spear Phishing
-Business Email Compromise BEC
-Catfishing
-Pharming
-Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Physical (on-premise) Attacks

A

A security breach carried out on an organizations premises or performed in some way that physically involves a bad actor gaining control of sensitive data, hardware, and or software
-Intercepting Discard Equipment
-Piggybacking
-Targeted by attackers
-Tampering
-Theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Supply Chain Attacks

A

Use cyber tactics to target the production and distribution of goods within a supply chain so that there are larger disruptions in the normal operations of a company, government, or other entity
-embedded software code
-Foreign sourced attacks
-Pre installed Malware on Hardware
-Vendor Attacks
-Watering Hole Attacks

29
Q

Reconnaissance

Stages in a Cyberattack

A

Fist stage, attackers discover and collect as much information about the target IT system as possible. Information obtained may include the location of facilities, the type of network and infrastructure deployed, security measures in place, and the names of employees as well as the management hierarchy. Search for open ports

30
Q

Gaining Access

Stages in a Cyberattack

A

The is the step in a cyberattack when the information collected in the previous steps is used to gain access to the target of an attack using a variety of techniques

31
Q

Escalation of Privileges

Stages in a Cyberattack

A

Once unauthorized access into a system is obtained, attackers attempt to gain high levels of access in this stage. This may be done by obtaining the credentials of a user with higher privileges.

32
Q

Maintaining Access

Stages in a Cyberattack

A

The attacker remains in the system for a sustained period of time until the attack is completed and looks for alternative ways to prolong access or return later

33
Q

Network Explotation and Exfiltration

Stages in a Cyberattack

A

Attackers proceed with the objective of disrupting system operations by stealing sensitive data, modifying data, disabling access to systems or data, or preforming other malicious activities

34
Q

Covering Tracks

Stages in a Cyberattack

A

This step occurs while the attack is in progress or after the attack is completed and involves the attacker concealing the entry or exit points in which access was breached.
-Clearing logs
-modifying logs and registry files
-removing all files

35
Q

Additional Industry Exposure

Cloud Computing Risk

A

By nature of design, organizations subscribing to a clod provider may be exposed to other subscribing organizations and their unique industry risks. Cyber threats that one company might not be exposed to become a risk to the other companies that share the same cloud computing provider

36
Q

Cloud Malware Injection Attacks

Cloud Computing Risk

A

An attack specific to cloud computing based systems in which an attacker gains access to the cloud environment and then injects malware so that data can be stolen, services disrupted, or further access gained.

37
Q

Compliance Violations

Cloud Computing Risk

A

Cloud computing relies on third party hosts, and there is the other hosts or service providers do not have the security protocols and procedures in place to meet regulations or privacy and confidentiality.

38
Q

Loss of Control

Cloud Computing Risk

A

Not having physical or logical access to computing equipment means an organization using cloud computing services will relinquish some control over its infrastructure. As a result changes or upgrades to the cybersecurity measures may not be timely or up to the standard

39
Q

Loss of data

Cloud Computing Risk

A

The third party cloud computing services provider is susceptible, albeit less likely than most businesses, to data breaches, losing data, or exposing data

40
Q

Loss of Visibility

Cloud Computing Risk

A

Loss of full visibility of the company’s IT infrastructure comes with a loss of control. The only entity that has full visibility is the cloud provider, which means the subscribing organization does not know all of its risks

41
Q

Multi-cloud and Hybrid Management Issues

Cloud Computing Risk

A

A company subscribes to various cloud based solutions and or maintains some on premise IT infrastructure. May be challenging to integrate and monitor multiple environments which could make detecting a cyberattack difficult

42
Q

Theft or Loss of Intellectual Property

Cloud Computing Risk

A

Cloud Applications store various types of data for companies, including proprietary information, and there is the risk that the service provider lacks sufficient controls over the data, which results in theft or loss of intellectual property.

43
Q

Application Malware

Risks Related to Mobile Technologies

A

This threat occurs when a user downloads an app that appears to be ligit but gives an unauthorized user access to the device.

44
Q

Lack of Updates

Risks Related to Mobile Technologies

A

There could be uninstalled patches and security fixes that have yet to be installed at a given point in time that leave the device vulnerable

45
Q

Lack of Encryption

Risks Related to Mobile Technologies

A

many mobile devices are not encrypted and only rely on a passcode for secure access. Once access is gained, passwords can be rest on the web by using the victims email on the mobile device

46
Q

Physical Threats

Risks Related to Mobile Technologies

A

Examples of physical threats include loss or theft

47
Q

Unsecured Wi-fi networks

Risks Related to Mobile Technologies

A

Users of mobile devices often connect to public unsecured networks which means anyone on the same network could potentially access that device, steal sensitive info, or infect the device with malware

48
Q

Location Tracking

Risks Related to Mobile Technologies

A

Unauthorized tracking is a risk that involves a threat actor using GPS tech to locate people, devices, or other assets

49
Q

What is the Internet of Things (IoT)

A

Smart devices connected to the internet that provide automation and remote control for other devices in a home or office setting such as cameras, tablets, wearable devices.

50
Q

Device Mismanagement

IoT Risks

A

Insufficient password controls and device mismanagement can increase the risk of a cyberattack. Loss of critical info

51
Q

Device Spoofing

IoT Risks

A

When an attacker creates an illegitimate or phony device and introduces it to a company network, to gain info or network access

52
Q

Escalated Cyberattacks

IoT Risks

A

IoT devices can be used as an attack base to infect more machines, or as an entry point for access into a connected network

53
Q

Expanded Footprint

IoT Risks

A

IoT devices paired with other devices that are directly connected to a company’s core network expand the footprint of total devices under a company’s purview, thus increasing the number of points subjected to attack

54
Q

Information Theft

IoT Risks

A

They have the potential for sensitive data to be stolen or exploited because that data is either stored in the cloud or on other devices

55
Q

Outdated Firmware

IoT Risks

A

Attackers can intercept IoT firmware updates or manipulate firmware with known weaknesses to gain access and control a device.

56
Q

Malware

IoT Risks

A

IoT networks and devices are susceptible to cyberattacks due to the often limited computing power among the individual devices connected to the network. ransomware

57
Q

Network Attacks

IoT Risks

A

Threat actors can launch DoS attacks on IoT networks and devices just as they can with traditional networks.

58
Q

What is threat modeling?

A

the process of identifying, analyzing, and mitigating threats to a network, system, or application. The goal is to understand all risks a system could face and develop controls and countermeasures to minimize the impact

59
Q

Identify Assets

Phases of Threat Modeling

A

Inventorying all assets that need to be protected

60
Q

Identify Threats

Phases of Threat Modeling

A

identifying the threat types and characteristics, such as intent, targeting, and potential method of attack

61
Q

Perfom Reduction Analysis

A

Decomposing the asset being protected from the threat. The inent is to gain a greater understanding of how the asset interacts with potential threats whether they are systems, applications, or networks. Understanding trust and security changes, the flow of data, where input can be received, security clearances, and any related policies.

62
Q

Analyze Impact of an Attack

Phases of Threat Modeling

A

Quantifying the impact of an attack in terms of dollars will help prioritize solutions. Understanding other qualitative effects should also be considered

63
Q

Develop Countermeasures and Controls

Phases of Threat Modeling

A

this may include implementing security controls like intrusion detection systems, contingency plans, and security protocols in the event of a successful attack

64
Q

Review and Evaluate

Phases of Threat Modeling

A

Periodically evaluating the threat model should be done so that updated can be made based on new risks in the threat landscape

65
Q

Process for Attack Simulation and Threat Analysis (PASTA)

A

1.definition of the objectives (DO) for the analysis of risks
2. definition of the technical scope (DTS)
3. applications decomposition and analysis (ADA)
4. threat analysis (TA)
5. Weakness and vulnerability analysis (WVA)
6. attack modeling and simulation (AMS)
7. risk analysis and management (RAM)

66
Q

Visual, Agile, and Simple Threat model (VAST)

A

based on the Agile project management methodology. Its goal is to integrate threat management into programming environment on a scalable basis

67
Q

Spoofing, Tampering, Repudiations, Information Disclosure, Denial of service Attack, and Elevation of privilege threat model (STRIDE)

A

developed by Microsoft that is used for assessing threats related to applications and operating systems.

68
Q

Cloud Security Alliances Cloud Controls Matrix

A

-provide security principles to guide cloud vendors
-assists prospective cloud customers in assessing the overall security risk of a cloud provider
-utilize industry accepted security standards, regulations, and controls frameworks such as COBIT, NIST, etc

ISC (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions