SecPlusP1 Flashcards
(468 cards)
1
Q
How many domains does the CompTIA Security+ (SY0-701) certification exam consist of?
A
Five
2
Q
What should you be on the lookout for during the exam?
A
Distractors or red herrings
3
Q
What is the approach to cybersecurity in the real world?
A
Situational
4
Q
What is the definition of information security?
A
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction
5
Q
What is the definition of information systems security?
A
Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data
6
Q
What are the three components of the CIA Triad?
A
Confidentiality, Integrity, Availability
7
Q
What does confidentiality ensure?
A
Information is accessible only to authorized personnel (e.g., encryption)
8
Q
What does integrity ensure?
A
Data remains accurate and unaltered (e.g., checksums)
9
Q
What does availability ensure?
A
Information and resources are accessible when needed (e.g., redundancy measures)
10
Q
What does non-repudiation guarantee?
A
An action or event cannot be denied by the involved parties (e.g., digital signatures)
11
Q
What is an extension of the CIA triad with the addition of non-repudiation and authentication?
A
CIANA Pentagon
12
Q
What are the Triple A’s of Security?
A
Authentication, Authorization, Accounting
13
Q
What are the four categories of security controls?
A
Technical, Managerial, Operational, Physical
14
Q
What are the different types of security controls? (DDDCCP)
A
Preventative, Deterrent, Detective, Corrective, Compensating, Directive
15
Q
What principle does the Zero Trust Model operate on?
A
No one should be trusted by default
16
Q
What are the two components of achieving zero trust?
A
Control Plane and Data Plane
17
Q
What are the components of the Control Plane?
A
Adaptive identity, threat scope reduction, policy-driven access control, and secured zones
18
Q
What are the components of the Data Plane?
A
- Subject/system
- policy engine
- policy administrator
- establishing policy enforcement points (PEP)
19
Q
What is a threat?
A
Anything that could cause harm, loss, damage, or compromise to our information technology systems
20
Q
What are some sources of threats?
A
Natural disasters, cyber-attacks, data integrity breaches, disclosure of confidential information
21
Q
What is a vulnerability?
A
Any weakness in the system design or implementation
22
Q
What are some internal factors that can create vulnerabilities?
A
Software bugs, misconfigured software, improperly protected network devices, missing security patches, lack of physical security
23
Q
Where does the risk to enterprise systems and networks lie?
A
Where threats and vulnerabilities intersect
24
Q
What happens if there is a threat but no matching vulnerability?
A
There is no risk
25
What happens if there is a vulnerability but no threat against it?
There is no risk
26
What is the goal of risk management?
To minimize the likelihood of an outcome and achieve the desired outcome
27
What does confidentiality refer to?
Protection of information from unauthorized access and disclosure
28
Why is confidentiality important?
Protect personal privacy, maintain business advantage, achieve regulatory compliance
29
What is encryption?
Converting data into a code to prevent unauthorized access
30
What are access controls?
Setting up strong user permissions to restrict data access
31
What is data masking?
Obscuring specific data within a database
32
What is the purpose of physical security measures?
To ensure confidentiality for both physical and digital data
33
What is the importance of training and awareness in security?
To promote security awareness best practices among employees
34
What is the role of integrity in data security?
To ensure accuracy and trustworthiness of data
35
Why is integrity important?
Data accuracy, trust, system operability
36
What is hashing?
Converting data into a fixed-size value
37
How many reasons are there for the importance of integrity?
Three
38
What is the purpose of digital signatures?
Ensure both integrity and authenticity
39
What is the purpose of checksums?
Method to verify the integrity of data during transmission
40
What is the purpose of access controls?
Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations
41
What is the purpose of regular audits?
Review logs and operations to ensure authorized changes and address discrepancies
42
What is the purpose of availability in security?
Ensure information, systems, and resources are accessible and operational when needed by authorized users
43
What is the value of availability in cybersecurity?
Ensuring Business Continuity, Maintaining Customer Trust, Upholding an Organization's Reputation
44
What is the best strategy to overcome challenges associated with maintaining availability?
Using redundancy in systems and network designs
45
What is server redundancy?
Using multiple servers in a load balanced or failover configuration.
46
What is data redundancy?
Storing data in multiple places.
47
What is network redundancy?
Ensuring data can travel through another route if one network path fails.
48
What is power redundancy?
Using backup power sources like generators and UPS systems.
49
What is non-repudiation?
Providing undeniable proof in digital transactions.
50
What is a digital signature?
Unique to each user operating within the digital domain
51
How is a digital signature created?
By hashing the message and encrypting the hash digest with the user's private key
52
What are the three main reasons non-repudiation is important?
Confirm authenticity, ensure integrity, provide accountability
53
What is authentication?
Ensuring individuals are who they claim to be
54
What are the five commonly used authentication methods?
Knowledge, possession, inherence, action, location
55
What is multi-factor authentication (MFA)?
Security process that requires multiple methods of identification
56
What is the importance of authentication?
1. To prevent unauthorized access
2. To protect user data and privacy
3. To ensure that resources are accessed by valid users only
57
What is the purpose of authorization?
Pertains to the permissions and privileges granted to users or entities after they have been authenticated
58
Why are authorization mechanisms important?
1. To protect sensitive data
2. To maintain system integrity
3. To create a more streamlined user experience
59
What is the purpose of accounting?
Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded
60
Why should your organization use a robust accounting system?
To create an audit trail and maintain regulatory compliance
61
What is the purpose of conducting forensic analysis?
Understand what happened, how it happened, and how to prevent similar incidents
62
How can organizations optimize system performance and minimize costs?
Track resource utilization and allocation decisions
63
Why is user accountability important?
Deter potential misuse and promote adherence to policies
64
What are some technologies used for accounting?
Syslog Servers, Network Analysis Tools, Security Information and Event Management (SIEM) Systems
65
What are the 4 broad categories of security controls?
Technical Controls, Managerial Controls, Operational Controls, Physical Controls
66
What are technical controls?
Technologies, hardware, and software mechanisms to manage and reduce risks
67
What are managerial controls?
Strategic planning and governance side of security
68
What are operational controls?
Procedures and measures to protect data on a day-to-day basis
69
What are physical controls?
Tangible, real-world measures to protect assets
70
What are the 6 basic types of security controls?
Preventive, Deterrent, Detective
71
What are preventive controls?
Proactive measures to thwart threats
72
What are deterrent controls?
Measures to discourage attackers
73
What are detective controls?
Monitoring and alerting to malicious activities
74
What are corrective controls?
Mitigate potential damage and restore systems
75
What are compensating controls?
Alternative measures when primary controls are not feasible or effective
76
What are directive controls?
Guide, inform or mandate actions
77
What is gap analysis?
Evaluating differences between current and desired performance
78
What is a gap analysis?
Tool for organizations to improve operations
79
What are the steps involved in conducting a gap analysis?
Define scope, Gather data, Analyze data, Develop a plan
80
What is the purpose of gathering data in a gap analysis?
To understand the current state of the organization
81
Why is analyzing data important in a gap analysis?
To identify areas of improvement
82
What is the final step in conducting a gap analysis?
Developing a plan to bridge the gap
83
What are the 2 basic types of gap analysis?
Technical and Business
84
What is technical gap analysis?
Evaluation of current technical infrastructure
85
What is business gap analysis?
Evaluation of current business processes
86
What does a Plan of Action and Milestones (POA&M) outline?
Specific measures to address vulnerabilities and timelines for remediation tasks
87
What is Zero Trust?
Demanding verification for every device, user, and transaction within the network
88
What is the control plane?
The framework and components responsible for defining, managing, and enforcing access policies
89
What is adaptive identity?
Real-time validation considering user's behavior, device, location, etc.
90
What is threat scope reduction?
Limits users' access
91
What is policy-driven access control?
Enforcing user access policies
92
What are secured zones?
Isolated environments for sensitive data
93
What is the data plane?
Ensures proper execution of policies
The data plane forwards network traffic, applying security measures like firewalls and encryption.
94
Who/what is a subject/system?
Individual/entity attempting access
95
What is the role of the Policy Engine?
Cross-references the access request with its predefined policies
96
What is the role of the Policy Administrator?
Establish and manage the access policies
97
What happens at the Policy Enforcement Point?
Execution of the decision to grant or deny access
98
What are the common motivations for threat actors?
Data exfiltration, blackmail, espionage, service disruption, financial gain
99
What are the differences between internal and external threat actors?
Resources, funding, level of sophistication
100
What are the types of threat actors?
Unskilled attackers
101
What are hacktivists driven by?
political, social, or environmental ideologies
102
What is the motivation behind organized crime cyberattacks?
financial gain
103
Who sponsors highly skilled attackers for cyber espionage or warfare?
governments
104
What are insider threats?
security threats originating from within the organization
105
What is shadow IT?
IT systems, devices, software, or services managed without explicit organizational approval
106
What are some threat vectors and attack surfaces?
message-based, image-based, file-based, voice calls, removable devices, unsecured networks
107
What are honeypots?
decoy systems to attract and deceive attackers
108
What are honeynets?
network of decoy systems for observing complex attacks
109
What are honeyfiles?
decoy files to detect unauthorized access or data breaches
110
What are honeytokens?
Fake data used to alert administrators when accessed or used
111
What is the difference between threat actors' intent and motivation?
Intent is the specific objective or goal, motivation is the underlying reason or driving force
112
What are some motivations behind threat actors?
Data exfiltration, financial gain, blackmail, service disruption
113
What is data exfiltration?
Unauthorized transfer of data from a computer
114
How do threat actors achieve financial gain?
Through ransomware attacks and banking trojans
115
What is blackmail in the context of threat actors?
Obtaining sensitive information and threatening to release it unless demands are met
116
Why do some threat actors aim to disrupt services?
To cause chaos, make a political statement, or demand a ransom
117
What is hacktivism?
Attacks conducted due to philosophical or political beliefs
118
What motivates ethical hackers?
Desire to improve security
119
What can be a motivation for a threat actor?
Revenge
120
What is the motivation behind creating and spreading malware or launching cyberattacks in a populated city?
Disruption or Chaos
121
What is the purpose of espionage in the context of cybersecurity?
Gathering sensitive or classified information
122
How can cyber warfare be used?
To disrupt infrastructure, compromise national security, and cause economic damage
123
What are the two most basic attributes of a threat actor?
Internal and external
124
Who are internal threat actors?
Individuals or entities within an organization
125
What are external threat actors?
Individuals or groups outside an organization who attempt to breach its cybersecurity defenses
126
What factors determine the level of sophistication of a threat actor?
Resources, funding, tools, skills, and personnel
127
What is a script kiddie?
An individual with limited technical knowledge who uses pre-made software or scripts to exploit computer systems and networks
128
What are examples of highly skilled threat actors?
Nation-state actors and Advanced Persistent Threats
129
How do unskilled attackers cause damage?
Launch a DDoS attack
130
What is website defacement?
Form of electronic graffiti and is usually treated as an act of vandalism
131
What are distributed denial of service (DDoS) attacks?
Attempting to overwhelm the victim's systems or networks so that they cannot be accessed by legitimate users
132
What is doxing?
Involves the public release of private information about an individual or organization
133
What is the motivation behind hacktivists?
Ideological beliefs rather than financial gain
134
What is the name of the most well-known hacktivist group?
Anonymous
135
What is the objective of Anonymous?
Target organizations they perceive as unethical
136
What are organized cybercrime groups?
Collective criminal activities in the digital world
137
What are some advanced hacking techniques and tools used by organized crime groups?
Custom Malware, Ransomware, Sophisticated Phishing Campaigns
138
What are some illicit activities engaged in by organized crime groups to generate revenue?
Data Breaches, Identity Theft, Online Fraud, Ransomware Attacks
139
Are organized cybercrime groups driven by ideological or political objectives?
No
140
Who may hire organized cybercrime groups to conduct cyber operations and attacks on their behalf?
Other entities, including governments
141
What is the objective of attacks by nation-state actors?
Money
142
What is a nation-state actor?
Groups or individuals sponsored by a government to conduct cyber operations against others
143
What is a false flag attack?
An attack that appears to originate from a different source or group
144
What are some techniques used by nation-state actors in cyber operations?
Creating custom malware, using zero-day exploits, becoming an advanced persistent threat
145
What is an advanced persistent threat (APT)?
A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period
146
What is the significance of advanced persistent threats?
They are often sponsored by a nation-state or its proxies
147
What motivates a nation-state actor?
Long-term strategic goals
148
What forms can insider threats take?
Data theft, sabotage, misuse of access privileges
149
What are some motivations for insider threats?
Financial gain, revenge, carelessness/lack of awareness
150
What does insider threat refer to?
Potential risk posed by individuals within an organization with access to sensitive information
151
What should organizations do to mitigate the risk of insider threats?
Implement zero-trust architecture
152
Why does shadow IT exist?
Security posture too high or complex for business operations
153
What is BYOD?
Use of personal devices for work purposes
154
What is a threat vector?
Means or pathway for unauthorized access
155
What is an attack surface?
Various points for unauthorized entry or data extraction
156
How can the attack surface be minimized?
Restricting access
157
What are some message-based threat vectors?
Email, SMS text messaging, instant messaging
158
What are some image-based threat vectors?
Embedding malicious code inside an image file
159
How can files be used as threat vectors?
Disguised as legitimate documents or software
160
What is vhishing?
Use of voice calls to trick victims into revealing sensitive information
161
What is baiting?
Leaving a malware-infected USB drive in a location where the target might find it
162
What are unsecure networks?
Wireless, wired, and Bluetooth networks lacking appropriate security measures
163
Why are wireless networks vulnerable?
Unauthorized individuals can intercept wireless communications or gain access to the network
164
Are wired networks completely secure?
No, they are still susceptible to threats
165
What are two types of attacks that can occur due to physical access to the network infrastructure?
MAC Address Cloning, VLAN Hopping
166
What are two Bluetooth exploits that attackers can use to carry out attacks?
BlueBorne, BlueSmack
167
What is BlueBorne?
Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or intercept communications
168
What is BlueSmack?
Bluetooth DoS attack
169
How can you learn from threat actors?
Set up deception and disruption technologies
170
What are Tactics, Techniques, and Procedures (TTPs)?
Methods associated with threat actors
171
What are deceptive and disruption technologies?
Tech to mislead attackers and detect threats
172
What is a honeypot?
Decoy system to attract hackers
173
What is a honeynet?
Network of honeypots
174
What types of devices can be part of a honeynet?
Servers, routers, switches
175
What is a honeyfile?
Decoy file to lure attackers
176
What is a honeytoken?
Piece of data or resource monitored for access
177
What are bogus DNS entries?
Fake DNS entries in system's DNS server
178
What is the purpose of creating decoy directories?
Fake folders and files placed in storage
179
How does dynamic page generation help secure websites?
Effective against scraping tools or bots
180
What is port triggering used for?
Hiding services until specific outbound pattern
181
How can spoofing fake telemetry data be used as a security measure?
Sending out fake data when network scan detected
182
What are the objectives of physical security?
Measures to protect tangible assets from harm or unauthorized access
183
What are some examples of physical security controls?
Fencing and Bollards
184
What are bollards?
Short, sturdy vertical posts controlling or preventing vehicle access
185
What are fences?
Barriers made of posts and wire or boards to enclose or separate areas
186
What are some examples of brute force attacks on physical security?
Forcible entry, tampering with security devices, confronting security personnel, ramming a barrier with a vehicle
187
What are surveillance systems used for?
Observing and reporting activities
188
What are the components of surveillance systems?
Video surveillance
189
What are access control vestibules?
Double-door system electronically controlled to allow only one door open at a time
190
What are some types of door locks?
Padlocks, pin and tumbler locks, numeric locks, wireless locks, biometric locks, cipher locks, electronic access control systems
191
What are access badges?
Use of Radio Frequency Identification (RFID) or Near Field Communication (NFC) for access
192
What is the purpose of a fence in terms of physical security?
Provides a visual deterrent by defining a boundary
193
What is the purpose of establishing a physical barrier against unauthorized entry?
Delay intruders
194
What is fencing well-suited for?
Safeguarding large perimeters
195
What are bollards designed to counter?
Vehicular threats
196
What is brute force attack?
Gaining access by trying all possibilities
197
What is forcible entry?
Gaining unauthorized access by breaking barriers
198
How can tampering with security devices be protected against?
Having redundancy in physical security measures
199
What is the concept of confronting security personnel?
Direct attack on security personnel
200
What training should security personnel undergo to mitigate risks during confrontations?
Rigorous conflict resolution and self-defense training
201
How does ramming barriers with vehicles breach physical security?
Using vehicles to breach physical security barriers
202
What measures can be taken to prevent vehicles from driving into facilities?
Installing bollards or reinforced barriers
203
What is a surveillance system?
An organized strategy to observe and report activities.
204
What are the four main categories of surveillance?
Video Surveillance, Motion detection, Night vision, Facial recognition
205
What are some features of video surveillance?
Motion detection, Night vision, Facial recognition
206
What does a wired solution security camera use?
A physical cable from the camera to the central monitoring station
207
What does a wireless solution rely on to send its signal back to the central monitoring station?
Wi-Fi
208
What is a Pan-Tilt-Zoom (PTZ) System used for?
To better detect issues during an intrusion
209
What are some of the best places to have cameras?
Data center, telecommunications closets, entrance or exit areas
210
What should cameras be configured to do?
Record what they're observing
211
What do security guards provide?
Flexible and adaptable forms of surveillance
212
Why is proper lighting crucial for conducting effective surveillance?
To deter criminals, reduce shadows and hiding spots, and enhance the quality of video recordings
213
What are sensors?
Devices that detect and respond to external stimuli or changes in the environment
214
What do infrared sensors detect?
Changes in infrared radiation emitted by warm bodies
215
What are pressure sensors?
Activated by weight on sensor
216
How do microwave sensors work?
Measure reflection of microwave pulses off moving objects
217
What do ultrasonic sensors measure?
Reflection of ultrasonic waves off moving objects
218
What is visual obstruction in bypassing surveillance systems?
Blocking camera's line of sight
219
What are some methods to disable a camera?
Placing a sticker or tape over the lens, positioning objects like balloons or umbrellas in front of the camera
220
How can you blind sensors and cameras?
Overwhelming them with a sudden burst of light
221
What is a method to interfere with acoustics?
Listening to the environment
222
What are some methods to prevent eavesdropping?
Jamming or playing loud music
223
What is Electromagnetic Interference (EMI)?
Jamming surveillance signals
224
How can the physical environment be used to attack surveillance equipment?
Physical tampering
225
What is an access control vestibule?
Double-door system with electronically controlled doors
226
How does an access control vestibule prevent piggybacking and tailgating?
By allowing only one door to be open at a time
227
What is the key difference between Piggybacking and Tailgating?
Piggybacking gains consent, Tailgating doesn't
228
What are some technologies used in access control badges?
RFID, NFC
229
What are the roles of security guards at access control vestibules?
Visual deterrent, assistance, checking identity, response
230
What is the purpose of door locks in physical security?
Restrict and regulate access to specific spaces or properties
231
What is the function of traditional padlocks?
Minimal protection
232
What are basic door locks vulnerable to?
Lock picking
233
What authentication methods do modern electronic door locks use?
Identification Numbers, Wireless Signals, Biometrics
234
What technologies can be used for wireless signal authentication?
NFC, Wi-Fi, Bluetooth, RFID
235
What are some physical characteristics used for biometric authentication?
Fingerprints, retinal scans, facial recognition
236
What is the False Acceptance Rate (FAR)?
FAR measures the rate at which unauthorized users are wrongly authenticated as authorized.
237
What is False Acceptance Rate (FAR)?
System erroneously authenticates an unauthorized user.
238
How can scanner sensitivity be adjusted to lower FAR?
Increase the scanner sensitivity.
239
What is False Rejection Rate (FRR)?
Denial of access to an authorized user.
240
What happens to FRR when sensitivity is adjusted?
FRR can increase.
241
What is Crossover Error Rate (CER)?
Optimal balance between FAR and FRR for authentication effectiveness.
242
What are some examples of multiple factors used in electronic door locks?
Identification number and fingerprint
243
What are cipher locks?
Mechanical locks with numbered push buttons
244
Where are cipher locks commonly used?
High-security areas like server rooms
245
What type of authentication is commonly used in secure entry areas in office buildings?
Electronic access systems with badges and PINs
246
What are popular technologies used for contactless authentication?
RFID and NFC
247
How does an attacker clone an access badge?
Step 1: Scanning, Step 2: Data Extraction, Step 3: Writing to a new card or device, Step 4: Using the cloned access badge
248
What are the reasons access badge cloning is common?
Ease of execution, Ability to be stealthy, Potentially widespread use
249
How can access badge cloning be stopped?
Implement advanced encryption, Implement MFA, Regularly update security protocols, Educate users, Use shielded wallets or sleeves, Monitor and audit access logs
250
What is social engineering?
Manipulative strategy exploiting human psychology for unauthorized access
251
What are the motivational triggers used by social engineers?
Familiarity, Likability, Consensus, Authority, Scarcity, Urgency
252
What is impersonation in social engineering?
Pretending to be someone else
253
What is pretexting in social engineering?
Creating a fabricated scenario to manipulate targets
254
What are the types of phishing attacks?
Phishing, Vishing, Smishing, Spear Phishing, Whaling, Business Email Compromise
255
What are some common fraudulent practices used to deceive people?
Deceptive practices to obtain money or valuable information
256
What do influence campaigns involve?
Spreading misinformation and disinformation to impact politics, economics, etc.
257
Name some other social engineering attacks.
Diversion Theft, Hoaxes, Shoulder Surfing, Dumpster Diving, Eavesdropping, Baiting, Piggybacking, Tailgating
258
What are the six main types of motivational triggers that social engineers use?
Authority, Urgency, Social Proof, Scarcity, Likability, Fear
259
What is impersonation?
Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data
260
What is required for impersonation?
The attacker needs to collect information about the organization and earn the trust of their targeted users
261
What do attackers provide to make impersonation more believable?
Details to help make the lies and the impersonation more believable to a potential victim
262
What are the potential risks of unauthorized access?
Unauthorized access can lead to disruption of services and complete system takeover.
263
What can organizations do to mitigate against attacks?
Provide security awareness training to their employees on a regular basis.
264
What is brand impersonation?
A specific form of impersonation where an attacker pretends to represent a legitimate company or brand.
265
How do attackers carry out brand impersonation?
By using the brand's logos, language, and information to create deceptive communications or websites.
266
How can organizations protect against brand impersonation?
Educate their users about these types of threats and use secure email gateways to filter out phishing emails.
267
What is typosquatting?
URL hijacking or cybersquatting
268
How can organizations combat typosquatting?
Register common misspellings of their own domain names
269
Why is monitoring the online presence important?
To detect any fraudulent activities as soon as they occur
270
What are watering hole attacks?
Targeted attacks on specific websites or services
271
What can organizations do to mitigate watering hole attacks?
Keep systems updated, use threat intelligence, employ malware detection tools
272
What is pretexting?
Gives some amount of information that seems true so that the victim will give more information
273
How can pretexting be mitigated?
Training employees not to fall for pretext and not to fill in the gaps for people when they are calling
274
What is phishing?
Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information
275
What is spear phishing?
More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations
276
What is whaling?
Form of spear phishing that targets high-profile individuals, like CEOs or CFOs
277
Why is whaling used?
The attacker aims to catch one of the executives, board members, or higher level managers in the company since the rewards are potentially much greater
278
What is the purpose of whaling as an initial step?
To compromise an executive’s account for subsequent attacks within their organization
279
What is Business Email Compromise (BEC)?
Sophisticated type of phishing attack that targets businesses using internal email accounts.
280
What is Vishing?
Tricking victims into sharing personal or financial information over the phone.
281
What is Smishing?
Using text messages to trick individuals into providing personal information.
282
What is one way to mitigate the threat of a successful phishing campaign?
Implement the right strategies and provide user security awareness training
283
What is an anti-phishing campaign?
Essential user security awareness training tool
284
What should an anti-phishing campaign offer for users who fell victim to simulated phishing emails?
Remedial training
285
What is business email compromise?
Phishing that aims to impersonate a trusted business contact
286
What is vishing?
Phishing using voice calls
287
What is smishing?
Phishing using SMS or text messages
288
What are some key indicators of phishing attacks?
- Urgency
- Unusual Requests
- Mismatched URLs
289
What is a red flag for a suspicious email?
Email addresses don't match.
290
What are signs of a phishing email?
Poor spelling or grammar.
291
How can organizations protect against phishing attacks?
Training and reporting suspicious messages.
292
What should be done if a phishing email is opened?
Conduct a quick investigation and triage the user's system.
293
What is a common type of online fraud?
Identity fraud or identity theft.
294
What is the difference between identity fraud and identity theft?
Fraud: charges items to victim's credit card
Theft: assumes victim's identity
295
What is the most common scam called?
Invoice scam
296
What is an influence campaign?
Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group
297
What is the difference between misinformation and disinformation?
Misinformation is false or inaccurate information shared without harmful intent, while disinformation involves the deliberate creation and sharing of false information with the intent to deceive or mislead
298
Why are influence campaigns powerful?
They are a powerful tool for shaping public opinion and behavior
299
Why is misinformation and disinformation concerning?
They can have serious consequences
300
What is diversion theft?
Manipulating a situation to steal valuable items or information
301
What is a hoax?
Malicious deception often spread through social media or email
302
What is shoulder surfing?
Looking over someone's shoulder to gather personal information
303
What is dumpster diving?
Searching through trash to find valuable information
304
What is eavesdropping?
Secretly listening to private conversations
305
How can eavesdropping be prevented?
Encrypting data in transit
306
How can baiting be prevented?
Training users to not use devices they find
307
What is piggybacking and tailgating?
Unauthorized person following an authorized person into a secure area
308
What is tailgating?
Unauthorized person following an employee
309
What is piggybacking?
Unauthorized person convincing an employee to let them in
310
What is malware?
Malicious software designed to infiltrate computer systems and potentially damage them without user consent
311
What are the categories of malware?
Viruses, Worms, Trojans, Ransomware, Spyware, Rootkits, Spam
312
What is an attack vector?
Means by which the attacker gains access and infects the system
313
What are the types of malware attacks?
Viruses, Worms, Trojans, Ransomware, Zombies and Botnets, Rootkits, Backdoors and Logic Bombs, Keyloggers, Spyware and Bloatware
314
What is the definition of viruses?
Attach to clean files, spread, and corrupt host files
315
What is the definition of worms?
Standalone programs replicating and spreading to other computers
316
What is the definition of Trojans?
Disguise as legitimate software, grant unauthorized access
317
What is the definition of ransomware?
Encrypts user data, demands ransom for decryption
318
What is the definition of zombies and botnets?
Compromised computers remotely controlled in a network for malicious purposes
319
What is the definition of rootkits?
Hide presence and activities on a computer, operate at the OS level
320
What is the definition of backdoors and logic bombs?
Backdoors allow unauthorized access, logic bombs execute malicious actions
321
What is the definition of keyloggers?
Record keystrokes, capture passwords or sensitive information
322
What is the definition of spyware and bloatware?
Spyware monitors and gathers user/system information, bloatware consumes resources without value
323
What are some malware techniques and infection vectors?
Evolving from file-based tactics to modern fileless techniques, multi-stage deployment, leveraging system tools, and obfuscation techniques
324
What are some indications of a malware attack?
Account lockouts, Concurrent session utilization, Blocked content, Impossible travel, Resource consumption, Inaccessibility, Out-of-cycle logging, Missing logs, Documented attacks, Viruses
325
What is a computer virus?
Malicious code that infects a computer when run without the user's knowledge
326
What is a boot sector virus?
Virus stored in the first sector of a hard drive that is loaded into memory during boot-up
327
What is a macro virus?
Virus embedded inside a document, executed when the user opens the document
328
What is a multipartite virus?
Combination of a boot sector type virus and a program virus
329
How does an encrypted virus hide itself from detection?
By encrypting its malicious code or payloads
330
What is the difference between an encrypted virus and a polymorphic virus?
Polymorphic viruses change their code each time they are executed
331
What does a metamorphic virus do before it attempts to infect a file?
It rewrites itself entirely
332
What is stealth technique used for in viruses?
To prevent detection by anti-virus software
333
What does an armored virus have?
A layer of protection to confuse analysis
334
What is a hoax virus?
A form of technical social engineering to scare end users
335
What is a worm?
Malicious software that can replicate itself without user interaction
336
What makes worms dangerous?
They can infect workstations and cause disruptions to network traffic
337
What is a worm known for?
Spreading far and wide over the internet
338
What is a Trojan?
Malicious software disguised as harmless software
339
What is a remote access Trojan (RAT) used for?
Providing remote control of a victim machine
340
How are Trojans commonly used by attackers today?
Exploiting vulnerabilities and conducting data exfiltration
341
What is ransomware?
Malicious software that blocks access to a system until a ransom is paid
342
How can we protect against ransomware?
Regular backups, software updates, security awareness training, MFA
343
What should you do if you find yourself or your organization as the victim of a ransomware attack?
Never pay the ransom
344
What is a botnet?
Network of compromised computers or devices controlled remotely
345
What is a zombie?
Compromised computer or device in a botnet
346
What is the purpose of a command and control node?
Manage and coordinate network activities
347
What are some uses of botnets?
Pivot points, disguise attacker, host illegal activities, spam others
348
What is the most common use for a botnet?
To conduct a DDoS attack
349
What is a DDoS attack?
When many machines target a single victim and attack them at the exact same time
350
How do attackers use botnets in DDoS attacks?
To combine processing power and break through encryption schemes
351
What percentage of a zombie's power do attackers usually use in a DDoS attack?
20-25%
352
What is a rootkit?
Software designed to gain administrative level control over a computer system without being detected
353
What is the highest level of permissions called?
Administrator account
354
What can a person do with an Administrator account?
Install programs, delete programs, open ports, shut ports
355
What is the equivalent of an Administrator account in UNIX, Linux, or MacOS?
Root account
356
What is Ring 3 in a computer system?
Outermost Ring where user level permissions are used
357
What is Ring 0 in a computer system?
Innermost or Highest Permission Levels, operating in kernel mode
358
What does an operating system control access to?
Device drivers, sound card, video display, etc.
359
What level of permission does the administrator or root user have?
Root permission at Ring 1
360
Why is malicious code closer to the kernel more dangerous?
More permissions and can cause more damage
361
What is a technique used by rootkits to gain deeper access to a system?
DLL injection
362
What is a shim in software development?
Piece of software code that intercepts calls between two components
363
Why are rootkits difficult to detect?
Operating system is essentially blinded to them
364
What is the best way to detect rootkits?
Boot from an external device and scan the internal hard drive
365
What is a backdoor?
Bypasses normal security
366
Who often puts backdoors in systems?
Designers and programmers
367
What is a Remote Access Trojan (RAT)?
Acts like a backdoor in networks
368
What is an Easter egg?
Hidden feature or novelty in a program
369
What are logic bombs?
Malicious code that executes under certain conditions
370
What is a keylogger?
Software or hardware that records keystrokes
371
What is the difference between software and hardware keyloggers?
Software is installed on a computer, hardware is a physical device
372
How are software keyloggers typically installed?
Bundled with other software or delivered through social engineering attacks
373
How can you protect your organization from keyloggers?
Perform regular updates and patches, Rely on quality antivirus and antimalware solutions, Conduct phishing awareness training for users, Implement multi-factor authentication systems, Encrypt keystrokes being sent to systems, Perform physical checks of desktops, laptops, and servers
374
What is spyware?
Malicious software that gathers and sends information without the user's knowledge
375
How can spyware get installed on a system?
Bundled with other software, Installed through a malicious website, Installed when users click on a deceptive pop-up advertisement
376
What can you do to protect against spyware?
Use reputable antivirus and anti-spyware tools that are regularly updated
377
What is bloatware?
Software that comes pre-installed on a new computer or smartphone that you did not request, want, or need
378
What are the potential issues with bloatware?
Wastes storage space, slows down device performance, introduces security vulnerabilities
379
How can you remove bloatware?
Manual removal process, Use bloatware removal tools, Perform a clean operating system installation
380
Why is updating applications important in terms of security?
It reduces potential threat vectors for attackers to exploit
381
What is a malware exploitation technique?
Method by which malware code penetrates and infects a system
382
What is a common approach used by modern malware to avoid detection?
Fileless techniques
383
What is fileless malware?
Malware that creates a process in system memory without relying on the local file system
384
How does modern malware work?
Stage 1 dropper or downloader retrieves and activates additional malware
385
What is shellcode?
Lightweight code to execute an exploit
386
What does the Stage 2 Downloader do?
Downloads and installs a remote access Trojan
387
What is the 'Actions on Objectives' phase?
Executing primary objectives to meet core objectives
388
What is the purpose of Concealment?
Prolong unauthorized access by hiding tracks and evidence
389
What is 'Living off the Land' strategy?
Exploiting standard tools for intrusions
390
What are some common indicators of malware attacks?
Account lockouts, concurrent session utilization, blocked content, impossible travel, resource consumption, resource inaccessibility
391
What is out-of-cycle logging?
Logs generated at odd hours
392
What are missing logs?
Gaps or cleared logs without authorization
393
What are published or documented attacks?
Network infected as part of a malware-based attack
394
What is the importance of using appropriate cryptographic solutions?
1.4 - Data Protection Objectives
395
What should you compare and contrast to protect data?
3.3 - Data Protection Objectives
396
What are the security implications of proper hardware, software, and data asset management?
4.2 - Data Protection Objectives
397
What are some security alerting and monitoring concepts and tools?
4.4 - Data Protection Objectives
398
What are the elements of effective security governance?
5.1 - Data Protection Objectives
399
What are the two roles involved in data governance?
Data Custodians and Data Stewards
400
What are the three states of data?
Data at rest, in transit, in use
401
What are two methods for protecting data?
Disk encryption and communication tunneling
402
What are some examples of data types?
Regulated data, trade secrets, intellectual property, legal information, financial information
403
What is data sovereignty?
Information subject to nation's laws and governance structures
404
Name four methods for securing data.
Geographic restrictions, encryption, hashing, masking
405
What are some strategies to prevent sensitive information from leaving an organization?
Tokenization, Obfuscation, Segmentation
406
What is data classification?
Determination of the value and sensitivity of information
407
What is sensitive data?
Information that, if accessed by unauthorized persons, can result in loss of security or competitive advantage
408
What are the importance of data classification?
Allocate appropriate protection resources, prevent over-classification, require proper policies
409
What are the commercial business classification levels?
Public, Sensitive, Private
410
What are the government classification levels?
Unclassified, Sensitive but Unclassified, Confidential, Secret, Top Secret
411
What kind of information is included in the Confidential level?
Internal personnel or salary information
412
What kind of information is included in the Critical level?
Trade secrets, intellectual property, source code, etc.
413
What kind of information is included in the Sensitive but Unclassified level?
Includes medical records, personnel files, etc.
414
What kind of information is included in the Secret level?
Military deployment plans, defensive postures
415
What kind of information is included in the Top Secret level?
Highly sensitive national security information
416
What are the legal requirements for data maintenance?
Depends on organization type
417
What should organizational policies outline?
Data classification, retention, and disposal requirements
418
Why is understanding data classifications important?
For protecting sensitive information and complying with regulations
419
What is data ownership?
Identifying the individual responsible for maintaining confidentiality, integrity, availability, and privacy of information assets
420
Who is a data owner?
Senior executive responsible for labeling information assets and ensuring they are protected
421
Who is a data controller?
Entity responsible for determining data storage, collection, and usage purposes and methods
422
What is a data processor?
Group or individual hired by the data controller to assist with tasks like data collection and processing
423
What is the role of a Data Steward?
Focuses on data quality and metadata
424
What is the role of a Data Custodian?
Responsible for managing data storage systems
425
What is the role of a Privacy Officer?
Oversees privacy-related data
426
Who should be the data owner?
Not the IT department
427
Who should be the owners of data?
Individuals from the business side who understand the data's content and can make informed decisions about classification
428
How should data owners be selected?
Based on their knowledge of the data and its significance within the organization
429
Why is proper data ownership important?
For maintaining data security, compliance, and effective data management within an organization
430
What are the different data states?
Data at Rest
431
What is Full Disk Encryption (FDE)?
Encrypts entire hard drive
432
What is Partition Encryption?
Encrypts specific partitions
433
What is File Encryption?
Encrypts individual files
434
What is Volume Encryption?
Encrypts selected files or directories
435
What is Database Encryption?
Encrypts data stored in a database at column, row, or table levels
436
What is Record Encryption?
Encrypts specific fields within a database record
437
What is data in transit?
Data actively moving from one location to another, vulnerable to interception
438
What are some transport encryption methods?
SSL, TLS, VPN, IPSec
439
What is SSL?
Secure Sockets Layer - provides secure communication over networks
440
What is TLS?
Transport Layer Security - provides secure communication over networks
441
What is VPN?
Virtual Private Network - creates secure connections over less secure networks like the internet
442
What is IPSec?
Internet Protocol Security - secures IP communications by authenticating and encrypting IP packets
443
What is data in use?
Data actively being created, retrieved, updated, or deleted
444
What are some protection measures for data in use?
Encryption at the Application Level, Access Controls, Secure Enclaves, Mechanisms like INTEL Software Guard
445
What does encryption at the application level do?
Encrypts data during processing
446
What do access controls for data in use do?
Restricts access to data during processing
447
What are secure enclaves?
Isolated environments for processing sensitive data
448
What does INTEL Software Guard do?
Encrypts data in memory to prevent unauthorized access
449
Why is understanding the three data states essential?
To implement appropriate security measures for each
450
What is regulated data?
Data controlled by laws, regulations, or industry standards
451
What are two compliance requirements for regulated data?
GDPR, HIPAA
452
What is PII?
Information used to identify an individual (e.g., names, social security numbers, addresses)
453
What is PHI?
Information about health status, healthcare provision, or payment linked to a specific individual
454
What are trade secrets?
Confidential business information giving a competitive edge (e.g., manufacturing processes, marketing strategies, proprietary software)
455
What is intellectual property (IP)?
Creations of the mind protected by patents, copyrights, trademarks.
456
What are some examples of intellectual property (IP)?
Inventions, literary works, designs.
457
How is intellectual property (IP) protected?
By patents, copyrights, trademarks.
458
What is the purpose of protecting intellectual property (IP)?
To encourage innovation.
459
What can happen if intellectual property (IP) is used without authorization?
Legal action.
460
What is legal information?
Data related to legal proceedings, contracts, regulatory compliance.
461
What is the significance of protecting financial information?
Targeted by cybercriminals for fraud and identity theft
462
What is PCI DSS?
Payment Card Industry Data Security Standard
463
What is human-readable data?
Understandable directly by humans
464
What is non-human-readable data?
Requires machine or software to interpret
465
What is GDPR?
General Data Protection Regulation
466
What does GDPR protect?
EU citizens' data within EU and EEA borders
467
What are the consequences of non-compliance with GDPR?
Significant fines
468
What is one requirement of data sovereignty laws?
Data storage and processing within national borders
