SecPlusP1 Flashcards
How many domains does the CompTIA Security+ (SY0-701) certification exam consist of?
Five
What should you be on the lookout for during the exam?
Distractors or red herrings
What is the approach to cybersecurity in the real world?
Situational
What is the definition of information security?
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction
What is the definition of information systems security?
Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data
What are the three components of the CIA Triad?
Confidentiality, Integrity, Availability
What does confidentiality ensure?
Information is accessible only to authorized personnel (e.g., encryption)
What does integrity ensure?
Data remains accurate and unaltered (e.g., checksums)
What does availability ensure?
Information and resources are accessible when needed (e.g., redundancy measures)
What does non-repudiation guarantee?
An action or event cannot be denied by the involved parties (e.g., digital signatures)
What is an extension of the CIA triad with the addition of non-repudiation and authentication?
CIANA Pentagon
What are the Triple A’s of Security?
Authentication, Authorization, Accounting
What are the four categories of security controls?
Technical, Managerial, Operational, Physical
What are the different types of security controls? (DDDCCP)
Preventative, Deterrent, Detective, Corrective, Compensating, Directive
What principle does the Zero Trust Model operate on?
No one should be trusted by default
What are the two components of achieving zero trust?
Control Plane and Data Plane
What are the components of the Control Plane?
Adaptive identity, threat scope reduction, policy-driven access control, and secured zones
What are the components of the Data Plane?
- Subject/system
- policy engine
- policy administrator
- establishing policy enforcement points (PEP)
What is a threat?
Anything that could cause harm, loss, damage, or compromise to our information technology systems
What are some sources of threats?
Natural disasters, cyber-attacks, data integrity breaches, disclosure of confidential information
What is a vulnerability?
Any weakness in the system design or implementation
What are some internal factors that can create vulnerabilities?
Software bugs, misconfigured software, improperly protected network devices, missing security patches, lack of physical security
Where does the risk to enterprise systems and networks lie?
Where threats and vulnerabilities intersect
What happens if there is a threat but no matching vulnerability?
There is no risk
What happens if there is a vulnerability but no threat against it?
There is no risk
What is the goal of risk management?
To minimize the likelihood of an outcome and achieve the desired outcome
What does confidentiality refer to?
Protection of information from unauthorized access and disclosure
Why is confidentiality important?
Protect personal privacy, maintain business advantage, achieve regulatory compliance
What is encryption?
Converting data into a code to prevent unauthorized access
What are access controls?
Setting up strong user permissions to restrict data access
What is data masking?
Obscuring specific data within a database
What is the purpose of physical security measures?
To ensure confidentiality for both physical and digital data
What is the importance of training and awareness in security?
To promote security awareness best practices among employees
What is the role of integrity in data security?
To ensure accuracy and trustworthiness of data
Why is integrity important?
Data accuracy, trust, system operability
What is hashing?
Converting data into a fixed-size value
How many reasons are there for the importance of integrity?
Three
What is the purpose of digital signatures?
Ensure both integrity and authenticity
What is the purpose of checksums?
Method to verify the integrity of data during transmission
What is the purpose of access controls?
Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations
What is the purpose of regular audits?
Review logs and operations to ensure authorized changes and address discrepancies
What is the purpose of availability in security?
Ensure information, systems, and resources are accessible and operational when needed by authorized users
What is the value of availability in cybersecurity?
Ensuring Business Continuity, Maintaining Customer Trust, Upholding an Organization’s Reputation
What is the best strategy to overcome challenges associated with maintaining availability?
Using redundancy in systems and network designs
What is server redundancy?
Using multiple servers in a load balanced or failover configuration.
What is data redundancy?
Storing data in multiple places.
What is network redundancy?
Ensuring data can travel through another route if one network path fails.
What is power redundancy?
Using backup power sources like generators and UPS systems.
What is non-repudiation?
Providing undeniable proof in digital transactions.
What is a digital signature?
Unique to each user operating within the digital domain
How is a digital signature created?
By hashing the message and encrypting the hash digest with the user’s private key
What are the three main reasons non-repudiation is important?
Confirm authenticity, ensure integrity, provide accountability
What is authentication?
Ensuring individuals are who they claim to be
What are the five commonly used authentication methods?
Knowledge, possession, inherence, action, location
What is multi-factor authentication (MFA)?
Security process that requires multiple methods of identification
What is the importance of authentication?
- To prevent unauthorized access
- To protect user data and privacy
- To ensure that resources are accessed by valid users only
What is the purpose of authorization?
Pertains to the permissions and privileges granted to users or entities after they have been authenticated
Why are authorization mechanisms important?
- To protect sensitive data
- To maintain system integrity
- To create a more streamlined user experience
What is the purpose of accounting?
Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded
Why should your organization use a robust accounting system?
To create an audit trail and maintain regulatory compliance
What is the purpose of conducting forensic analysis?
Understand what happened, how it happened, and how to prevent similar incidents
How can organizations optimize system performance and minimize costs?
Track resource utilization and allocation decisions
Why is user accountability important?
Deter potential misuse and promote adherence to policies
What are some technologies used for accounting?
Syslog Servers, Network Analysis Tools, Security Information and Event Management (SIEM) Systems
What are the 4 broad categories of security controls?
Technical Controls, Managerial Controls, Operational Controls, Physical Controls
What are technical controls?
Technologies, hardware, and software mechanisms to manage and reduce risks
What are managerial controls?
Strategic planning and governance side of security
What are operational controls?
Procedures and measures to protect data on a day-to-day basis
What are physical controls?
Tangible, real-world measures to protect assets
What are the 6 basic types of security controls?
Preventive, Deterrent, Detective
What are preventive controls?
Proactive measures to thwart threats
What are deterrent controls?
Measures to discourage attackers
What are detective controls?
Monitoring and alerting to malicious activities
What are corrective controls?
Mitigate potential damage and restore systems
What are compensating controls?
Alternative measures when primary controls are not feasible or effective
What are directive controls?
Guide, inform or mandate actions
What is gap analysis?
Evaluating differences between current and desired performance
What is a gap analysis?
Tool for organizations to improve operations
What are the steps involved in conducting a gap analysis?
Define scope, Gather data, Analyze data, Develop a plan
What is the purpose of gathering data in a gap analysis?
To understand the current state of the organization
Why is analyzing data important in a gap analysis?
To identify areas of improvement
What is the final step in conducting a gap analysis?
Developing a plan to bridge the gap
What are the 2 basic types of gap analysis?
Technical and Business
What is technical gap analysis?
Evaluation of current technical infrastructure
What is business gap analysis?
Evaluation of current business processes
What does a Plan of Action and Milestones (POA&M) outline?
Specific measures to address vulnerabilities and timelines for remediation tasks
What is Zero Trust?
Demanding verification for every device, user, and transaction within the network
What is the control plane?
The framework and components responsible for defining, managing, and enforcing access policies
What is adaptive identity?
Real-time validation considering user’s behavior, device, location, etc.
What is threat scope reduction?
Limits users’ access
What is policy-driven access control?
Enforcing user access policies
What are secured zones?
Isolated environments for sensitive data
What is the data plane?
Ensures proper execution of policies
The data plane forwards network traffic, applying security measures like firewalls and encryption.
Who/what is a subject/system?
Individual/entity attempting access
What is the role of the Policy Engine?
Cross-references the access request with its predefined policies
What is the role of the Policy Administrator?
Establish and manage the access policies
What happens at the Policy Enforcement Point?
Execution of the decision to grant or deny access
What are the common motivations for threat actors?
Data exfiltration, blackmail, espionage, service disruption, financial gain
What are the differences between internal and external threat actors?
Resources, funding, level of sophistication
What are the types of threat actors?
Unskilled attackers
What are hacktivists driven by?
political, social, or environmental ideologies
What is the motivation behind organized crime cyberattacks?
financial gain
Who sponsors highly skilled attackers for cyber espionage or warfare?
governments
What are insider threats?
security threats originating from within the organization
What is shadow IT?
IT systems, devices, software, or services managed without explicit organizational approval
What are some threat vectors and attack surfaces?
message-based, image-based, file-based, voice calls, removable devices, unsecured networks
What are honeypots?
decoy systems to attract and deceive attackers
What are honeynets?
network of decoy systems for observing complex attacks
What are honeyfiles?
decoy files to detect unauthorized access or data breaches
What are honeytokens?
Fake data used to alert administrators when accessed or used
What is the difference between threat actors’ intent and motivation?
Intent is the specific objective or goal, motivation is the underlying reason or driving force
What are some motivations behind threat actors?
Data exfiltration, financial gain, blackmail, service disruption
What is data exfiltration?
Unauthorized transfer of data from a computer
How do threat actors achieve financial gain?
Through ransomware attacks and banking trojans
What is blackmail in the context of threat actors?
Obtaining sensitive information and threatening to release it unless demands are met
Why do some threat actors aim to disrupt services?
To cause chaos, make a political statement, or demand a ransom
What is hacktivism?
Attacks conducted due to philosophical or political beliefs
What motivates ethical hackers?
Desire to improve security
What can be a motivation for a threat actor?
Revenge
What is the motivation behind creating and spreading malware or launching cyberattacks in a populated city?
Disruption or Chaos
What is the purpose of espionage in the context of cybersecurity?
Gathering sensitive or classified information
How can cyber warfare be used?
To disrupt infrastructure, compromise national security, and cause economic damage
What are the two most basic attributes of a threat actor?
Internal and external
Who are internal threat actors?
Individuals or entities within an organization
What are external threat actors?
Individuals or groups outside an organization who attempt to breach its cybersecurity defenses
What factors determine the level of sophistication of a threat actor?
Resources, funding, tools, skills, and personnel
What is a script kiddie?
An individual with limited technical knowledge who uses pre-made software or scripts to exploit computer systems and networks
What are examples of highly skilled threat actors?
Nation-state actors and Advanced Persistent Threats
How do unskilled attackers cause damage?
Launch a DDoS attack
What is website defacement?
Form of electronic graffiti and is usually treated as an act of vandalism
What are distributed denial of service (DDoS) attacks?
Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by legitimate users
What is doxing?
Involves the public release of private information about an individual or organization
What is the motivation behind hacktivists?
Ideological beliefs rather than financial gain
What is the name of the most well-known hacktivist group?
Anonymous
What is the objective of Anonymous?
Target organizations they perceive as unethical
What are organized cybercrime groups?
Collective criminal activities in the digital world
What are some advanced hacking techniques and tools used by organized crime groups?
Custom Malware, Ransomware, Sophisticated Phishing Campaigns
What are some illicit activities engaged in by organized crime groups to generate revenue?
Data Breaches, Identity Theft, Online Fraud, Ransomware Attacks
Are organized cybercrime groups driven by ideological or political objectives?
No
Who may hire organized cybercrime groups to conduct cyber operations and attacks on their behalf?
Other entities, including governments
What is the objective of attacks by nation-state actors?
Money
What is a nation-state actor?
Groups or individuals sponsored by a government to conduct cyber operations against others
What is a false flag attack?
An attack that appears to originate from a different source or group
What are some techniques used by nation-state actors in cyber operations?
Creating custom malware, using zero-day exploits, becoming an advanced persistent threat
What is an advanced persistent threat (APT)?
A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period
What is the significance of advanced persistent threats?
They are often sponsored by a nation-state or its proxies
What motivates a nation-state actor?
Long-term strategic goals
What forms can insider threats take?
Data theft, sabotage, misuse of access privileges
What are some motivations for insider threats?
Financial gain, revenge, carelessness/lack of awareness
What does insider threat refer to?
Potential risk posed by individuals within an organization with access to sensitive information
What should organizations do to mitigate the risk of insider threats?
Implement zero-trust architecture
Why does shadow IT exist?
Security posture too high or complex for business operations
What is BYOD?
Use of personal devices for work purposes
What is a threat vector?
Means or pathway for unauthorized access
What is an attack surface?
Various points for unauthorized entry or data extraction
How can the attack surface be minimized?
Restricting access
What are some message-based threat vectors?
Email, SMS text messaging, instant messaging
What are some image-based threat vectors?
Embedding malicious code inside an image file
How can files be used as threat vectors?
Disguised as legitimate documents or software
What is vhishing?
Use of voice calls to trick victims into revealing sensitive information
What is baiting?
Leaving a malware-infected USB drive in a location where the target might find it
What are unsecure networks?
Wireless, wired, and Bluetooth networks lacking appropriate security measures
Why are wireless networks vulnerable?
Unauthorized individuals can intercept wireless communications or gain access to the network
Are wired networks completely secure?
No, they are still susceptible to threats
What are two types of attacks that can occur due to physical access to the network infrastructure?
MAC Address Cloning, VLAN Hopping
What are two Bluetooth exploits that attackers can use to carry out attacks?
BlueBorne, BlueSmack
What is BlueBorne?
Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or intercept communications
What is BlueSmack?
Bluetooth DoS attack
How can you learn from threat actors?
Set up deception and disruption technologies
What are Tactics, Techniques, and Procedures (TTPs)?
Methods associated with threat actors
What are deceptive and disruption technologies?
Tech to mislead attackers and detect threats
What is a honeypot?
Decoy system to attract hackers
What is a honeynet?
Network of honeypots
What types of devices can be part of a honeynet?
Servers, routers, switches
What is a honeyfile?
Decoy file to lure attackers
What is a honeytoken?
Piece of data or resource monitored for access
What are bogus DNS entries?
Fake DNS entries in system’s DNS server
What is the purpose of creating decoy directories?
Fake folders and files placed in storage
How does dynamic page generation help secure websites?
Effective against scraping tools or bots
What is port triggering used for?
Hiding services until specific outbound pattern
How can spoofing fake telemetry data be used as a security measure?
Sending out fake data when network scan detected
What are the objectives of physical security?
Measures to protect tangible assets from harm or unauthorized access
What are some examples of physical security controls?
Fencing and Bollards
What are bollards?
Short, sturdy vertical posts controlling or preventing vehicle access
What are fences?
Barriers made of posts and wire or boards to enclose or separate areas
What are some examples of brute force attacks on physical security?
Forcible entry, tampering with security devices, confronting security personnel, ramming a barrier with a vehicle
What are surveillance systems used for?
Observing and reporting activities
What are the components of surveillance systems?
Video surveillance
What are access control vestibules?
Double-door system electronically controlled to allow only one door open at a time
What are some types of door locks?
Padlocks, pin and tumbler locks, numeric locks, wireless locks, biometric locks, cipher locks, electronic access control systems
What are access badges?
Use of Radio Frequency Identification (RFID) or Near Field Communication (NFC) for access
What is the purpose of a fence in terms of physical security?
Provides a visual deterrent by defining a boundary
What is the purpose of establishing a physical barrier against unauthorized entry?
Delay intruders
What is fencing well-suited for?
Safeguarding large perimeters
What are bollards designed to counter?
Vehicular threats
What is brute force attack?
Gaining access by trying all possibilities
What is forcible entry?
Gaining unauthorized access by breaking barriers
How can tampering with security devices be protected against?
Having redundancy in physical security measures
What is the concept of confronting security personnel?
Direct attack on security personnel
What training should security personnel undergo to mitigate risks during confrontations?
Rigorous conflict resolution and self-defense training
How does ramming barriers with vehicles breach physical security?
Using vehicles to breach physical security barriers
What measures can be taken to prevent vehicles from driving into facilities?
Installing bollards or reinforced barriers
What is a surveillance system?
An organized strategy to observe and report activities.
What are the four main categories of surveillance?
Video Surveillance, Motion detection, Night vision, Facial recognition
What are some features of video surveillance?
Motion detection, Night vision, Facial recognition
What does a wired solution security camera use?
A physical cable from the camera to the central monitoring station
What does a wireless solution rely on to send its signal back to the central monitoring station?
Wi-Fi
What is a Pan-Tilt-Zoom (PTZ) System used for?
To better detect issues during an intrusion
What are some of the best places to have cameras?
Data center, telecommunications closets, entrance or exit areas
What should cameras be configured to do?
Record what they’re observing
What do security guards provide?
Flexible and adaptable forms of surveillance
Why is proper lighting crucial for conducting effective surveillance?
To deter criminals, reduce shadows and hiding spots, and enhance the quality of video recordings
What are sensors?
Devices that detect and respond to external stimuli or changes in the environment
What do infrared sensors detect?
Changes in infrared radiation emitted by warm bodies
What are pressure sensors?
Activated by weight on sensor
How do microwave sensors work?
Measure reflection of microwave pulses off moving objects
What do ultrasonic sensors measure?
Reflection of ultrasonic waves off moving objects
What is visual obstruction in bypassing surveillance systems?
Blocking camera’s line of sight
What are some methods to disable a camera?
Placing a sticker or tape over the lens, positioning objects like balloons or umbrellas in front of the camera
How can you blind sensors and cameras?
Overwhelming them with a sudden burst of light
What is a method to interfere with acoustics?
Listening to the environment
What are some methods to prevent eavesdropping?
Jamming or playing loud music
What is Electromagnetic Interference (EMI)?
Jamming surveillance signals
How can the physical environment be used to attack surveillance equipment?
Physical tampering
What is an access control vestibule?
Double-door system with electronically controlled doors
How does an access control vestibule prevent piggybacking and tailgating?
By allowing only one door to be open at a time
What is the key difference between Piggybacking and Tailgating?
Piggybacking gains consent, Tailgating doesn’t
What are some technologies used in access control badges?
RFID, NFC
What are the roles of security guards at access control vestibules?
Visual deterrent, assistance, checking identity, response
What is the purpose of door locks in physical security?
Restrict and regulate access to specific spaces or properties
What is the function of traditional padlocks?
Minimal protection
What are basic door locks vulnerable to?
Lock picking
What authentication methods do modern electronic door locks use?
Identification Numbers, Wireless Signals, Biometrics
What technologies can be used for wireless signal authentication?
NFC, Wi-Fi, Bluetooth, RFID
What are some physical characteristics used for biometric authentication?
Fingerprints, retinal scans, facial recognition
What is the False Acceptance Rate (FAR)?
FAR measures the rate at which unauthorized users are wrongly authenticated as authorized.
What is False Acceptance Rate (FAR)?
System erroneously authenticates an unauthorized user.
How can scanner sensitivity be adjusted to lower FAR?
Increase the scanner sensitivity.
What is False Rejection Rate (FRR)?
Denial of access to an authorized user.
What happens to FRR when sensitivity is adjusted?
FRR can increase.
What is Crossover Error Rate (CER)?
Optimal balance between FAR and FRR for authentication effectiveness.
What are some examples of multiple factors used in electronic door locks?
Identification number and fingerprint
What are cipher locks?
Mechanical locks with numbered push buttons
Where are cipher locks commonly used?
High-security areas like server rooms
What type of authentication is commonly used in secure entry areas in office buildings?
Electronic access systems with badges and PINs
What are popular technologies used for contactless authentication?
RFID and NFC
How does an attacker clone an access badge?
Step 1: Scanning, Step 2: Data Extraction, Step 3: Writing to a new card or device, Step 4: Using the cloned access badge
What are the reasons access badge cloning is common?
Ease of execution, Ability to be stealthy, Potentially widespread use
How can access badge cloning be stopped?
Implement advanced encryption, Implement MFA, Regularly update security protocols, Educate users, Use shielded wallets or sleeves, Monitor and audit access logs
What is social engineering?
Manipulative strategy exploiting human psychology for unauthorized access
What are the motivational triggers used by social engineers?
Familiarity, Likability, Consensus, Authority, Scarcity, Urgency
What is impersonation in social engineering?
Pretending to be someone else
What is pretexting in social engineering?
Creating a fabricated scenario to manipulate targets
What are the types of phishing attacks?
Phishing, Vishing, Smishing, Spear Phishing, Whaling, Business Email Compromise
What are some common fraudulent practices used to deceive people?
Deceptive practices to obtain money or valuable information
What do influence campaigns involve?
Spreading misinformation and disinformation to impact politics, economics, etc.
Name some other social engineering attacks.
Diversion Theft, Hoaxes, Shoulder Surfing, Dumpster Diving, Eavesdropping, Baiting, Piggybacking, Tailgating
What are the six main types of motivational triggers that social engineers use?
Authority, Urgency, Social Proof, Scarcity, Likability, Fear
What is impersonation?
Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data
What is required for impersonation?
The attacker needs to collect information about the organization and earn the trust of their targeted users
What do attackers provide to make impersonation more believable?
Details to help make the lies and the impersonation more believable to a potential victim
What are the potential risks of unauthorized access?
Unauthorized access can lead to disruption of services and complete system takeover.
What can organizations do to mitigate against attacks?
Provide security awareness training to their employees on a regular basis.
What is brand impersonation?
A specific form of impersonation where an attacker pretends to represent a legitimate company or brand.
How do attackers carry out brand impersonation?
By using the brand’s logos, language, and information to create deceptive communications or websites.
How can organizations protect against brand impersonation?
Educate their users about these types of threats and use secure email gateways to filter out phishing emails.
What is typosquatting?
URL hijacking or cybersquatting
How can organizations combat typosquatting?
Register common misspellings of their own domain names
Why is monitoring the online presence important?
To detect any fraudulent activities as soon as they occur
What are watering hole attacks?
Targeted attacks on specific websites or services
What can organizations do to mitigate watering hole attacks?
Keep systems updated, use threat intelligence, employ malware detection tools
What is pretexting?
Gives some amount of information that seems true so that the victim will give more information
How can pretexting be mitigated?
Training employees not to fall for pretext and not to fill in the gaps for people when they are calling
What is phishing?
Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information
What is spear phishing?
More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations
What is whaling?
Form of spear phishing that targets high-profile individuals, like CEOs or CFOs
Why is whaling used?
The attacker aims to catch one of the executives, board members, or higher level managers in the company since the rewards are potentially much greater
What is the purpose of whaling as an initial step?
To compromise an executive’s account for subsequent attacks within their organization
What is Business Email Compromise (BEC)?
Sophisticated type of phishing attack that targets businesses using internal email accounts.
What is Vishing?
Tricking victims into sharing personal or financial information over the phone.
What is Smishing?
Using text messages to trick individuals into providing personal information.
What is one way to mitigate the threat of a successful phishing campaign?
Implement the right strategies and provide user security awareness training
What is an anti-phishing campaign?
Essential user security awareness training tool
What should an anti-phishing campaign offer for users who fell victim to simulated phishing emails?
Remedial training
What is business email compromise?
Phishing that aims to impersonate a trusted business contact
What is vishing?
Phishing using voice calls
What is smishing?
Phishing using SMS or text messages
What are some key indicators of phishing attacks?
- Urgency
- Unusual Requests
- Mismatched URLs
What is a red flag for a suspicious email?
Email addresses don’t match.
What are signs of a phishing email?
Poor spelling or grammar.
How can organizations protect against phishing attacks?
Training and reporting suspicious messages.
What should be done if a phishing email is opened?
Conduct a quick investigation and triage the user’s system.
What is a common type of online fraud?
Identity fraud or identity theft.
What is the difference between identity fraud and identity theft?
Fraud: charges items to victim’s credit card
Theft: assumes victim’s identity
What is the most common scam called?
Invoice scam
What is an influence campaign?
Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group
What is the difference between misinformation and disinformation?
Misinformation is false or inaccurate information shared without harmful intent, while disinformation involves the deliberate creation and sharing of false information with the intent to deceive or mislead
Why are influence campaigns powerful?
They are a powerful tool for shaping public opinion and behavior
Why is misinformation and disinformation concerning?
They can have serious consequences
What is diversion theft?
Manipulating a situation to steal valuable items or information
What is a hoax?
Malicious deception often spread through social media or email
What is shoulder surfing?
Looking over someone’s shoulder to gather personal information
What is dumpster diving?
Searching through trash to find valuable information
What is eavesdropping?
Secretly listening to private conversations
How can eavesdropping be prevented?
Encrypting data in transit
How can baiting be prevented?
Training users to not use devices they find
What is piggybacking and tailgating?
Unauthorized person following an authorized person into a secure area
What is tailgating?
Unauthorized person following an employee
What is piggybacking?
Unauthorized person convincing an employee to let them in
What is malware?
Malicious software designed to infiltrate computer systems and potentially damage them without user consent
What are the categories of malware?
Viruses, Worms, Trojans, Ransomware, Spyware, Rootkits, Spam
What is an attack vector?
Means by which the attacker gains access and infects the system
What are the types of malware attacks?
Viruses, Worms, Trojans, Ransomware, Zombies and Botnets, Rootkits, Backdoors and Logic Bombs, Keyloggers, Spyware and Bloatware
What is the definition of viruses?
Attach to clean files, spread, and corrupt host files
What is the definition of worms?
Standalone programs replicating and spreading to other computers
What is the definition of Trojans?
Disguise as legitimate software, grant unauthorized access
What is the definition of ransomware?
Encrypts user data, demands ransom for decryption
What is the definition of zombies and botnets?
Compromised computers remotely controlled in a network for malicious purposes
What is the definition of rootkits?
Hide presence and activities on a computer, operate at the OS level
What is the definition of backdoors and logic bombs?
Backdoors allow unauthorized access, logic bombs execute malicious actions
What is the definition of keyloggers?
Record keystrokes, capture passwords or sensitive information
What is the definition of spyware and bloatware?
Spyware monitors and gathers user/system information, bloatware consumes resources without value
What are some malware techniques and infection vectors?
Evolving from file-based tactics to modern fileless techniques, multi-stage deployment, leveraging system tools, and obfuscation techniques
What are some indications of a malware attack?
Account lockouts, Concurrent session utilization, Blocked content, Impossible travel, Resource consumption, Inaccessibility, Out-of-cycle logging, Missing logs, Documented attacks, Viruses
What is a computer virus?
Malicious code that infects a computer when run without the user’s knowledge
What is a boot sector virus?
Virus stored in the first sector of a hard drive that is loaded into memory during boot-up
What is a macro virus?
Virus embedded inside a document, executed when the user opens the document
What is a multipartite virus?
Combination of a boot sector type virus and a program virus
How does an encrypted virus hide itself from detection?
By encrypting its malicious code or payloads
What is the difference between an encrypted virus and a polymorphic virus?
Polymorphic viruses change their code each time they are executed
What does a metamorphic virus do before it attempts to infect a file?
It rewrites itself entirely
What is stealth technique used for in viruses?
To prevent detection by anti-virus software
What does an armored virus have?
A layer of protection to confuse analysis
What is a hoax virus?
A form of technical social engineering to scare end users
What is a worm?
Malicious software that can replicate itself without user interaction
What makes worms dangerous?
They can infect workstations and cause disruptions to network traffic
What is a worm known for?
Spreading far and wide over the internet
What is a Trojan?
Malicious software disguised as harmless software
What is a remote access Trojan (RAT) used for?
Providing remote control of a victim machine
How are Trojans commonly used by attackers today?
Exploiting vulnerabilities and conducting data exfiltration
What is ransomware?
Malicious software that blocks access to a system until a ransom is paid
How can we protect against ransomware?
Regular backups, software updates, security awareness training, MFA
What should you do if you find yourself or your organization as the victim of a ransomware attack?
Never pay the ransom
What is a botnet?
Network of compromised computers or devices controlled remotely
What is a zombie?
Compromised computer or device in a botnet
What is the purpose of a command and control node?
Manage and coordinate network activities
What are some uses of botnets?
Pivot points, disguise attacker, host illegal activities, spam others
What is the most common use for a botnet?
To conduct a DDoS attack
What is a DDoS attack?
When many machines target a single victim and attack them at the exact same time
How do attackers use botnets in DDoS attacks?
To combine processing power and break through encryption schemes
What percentage of a zombie’s power do attackers usually use in a DDoS attack?
20-25%
What is a rootkit?
Software designed to gain administrative level control over a computer system without being detected
What is the highest level of permissions called?
Administrator account
What can a person do with an Administrator account?
Install programs, delete programs, open ports, shut ports
What is the equivalent of an Administrator account in UNIX, Linux, or MacOS?
Root account
What is Ring 3 in a computer system?
Outermost Ring where user level permissions are used
What is Ring 0 in a computer system?
Innermost or Highest Permission Levels, operating in kernel mode
What does an operating system control access to?
Device drivers, sound card, video display, etc.
What level of permission does the administrator or root user have?
Root permission at Ring 1
Why is malicious code closer to the kernel more dangerous?
More permissions and can cause more damage
What is a technique used by rootkits to gain deeper access to a system?
DLL injection
What is a shim in software development?
Piece of software code that intercepts calls between two components
Why are rootkits difficult to detect?
Operating system is essentially blinded to them
What is the best way to detect rootkits?
Boot from an external device and scan the internal hard drive
What is a backdoor?
Bypasses normal security
Who often puts backdoors in systems?
Designers and programmers
What is a Remote Access Trojan (RAT)?
Acts like a backdoor in networks
What is an Easter egg?
Hidden feature or novelty in a program
What are logic bombs?
Malicious code that executes under certain conditions
What is a keylogger?
Software or hardware that records keystrokes
What is the difference between software and hardware keyloggers?
Software is installed on a computer, hardware is a physical device
How are software keyloggers typically installed?
Bundled with other software or delivered through social engineering attacks
How can you protect your organization from keyloggers?
Perform regular updates and patches, Rely on quality antivirus and antimalware solutions, Conduct phishing awareness training for users, Implement multi-factor authentication systems, Encrypt keystrokes being sent to systems, Perform physical checks of desktops, laptops, and servers
What is spyware?
Malicious software that gathers and sends information without the user’s knowledge
How can spyware get installed on a system?
Bundled with other software, Installed through a malicious website, Installed when users click on a deceptive pop-up advertisement
What can you do to protect against spyware?
Use reputable antivirus and anti-spyware tools that are regularly updated
What is bloatware?
Software that comes pre-installed on a new computer or smartphone that you did not request, want, or need
What are the potential issues with bloatware?
Wastes storage space, slows down device performance, introduces security vulnerabilities
How can you remove bloatware?
Manual removal process, Use bloatware removal tools, Perform a clean operating system installation
Why is updating applications important in terms of security?
It reduces potential threat vectors for attackers to exploit
What is a malware exploitation technique?
Method by which malware code penetrates and infects a system
What is a common approach used by modern malware to avoid detection?
Fileless techniques
What is fileless malware?
Malware that creates a process in system memory without relying on the local file system
How does modern malware work?
Stage 1 dropper or downloader retrieves and activates additional malware
What is shellcode?
Lightweight code to execute an exploit
What does the Stage 2 Downloader do?
Downloads and installs a remote access Trojan
What is the ‘Actions on Objectives’ phase?
Executing primary objectives to meet core objectives
What is the purpose of Concealment?
Prolong unauthorized access by hiding tracks and evidence
What is ‘Living off the Land’ strategy?
Exploiting standard tools for intrusions
What are some common indicators of malware attacks?
Account lockouts, concurrent session utilization, blocked content, impossible travel, resource consumption, resource inaccessibility
What is out-of-cycle logging?
Logs generated at odd hours
What are missing logs?
Gaps or cleared logs without authorization
What are published or documented attacks?
Network infected as part of a malware-based attack
What is the importance of using appropriate cryptographic solutions?
1.4 - Data Protection Objectives
What should you compare and contrast to protect data?
3.3 - Data Protection Objectives
What are the security implications of proper hardware, software, and data asset management?
4.2 - Data Protection Objectives
What are some security alerting and monitoring concepts and tools?
4.4 - Data Protection Objectives
What are the elements of effective security governance?
5.1 - Data Protection Objectives
What are the two roles involved in data governance?
Data Custodians and Data Stewards
What are the three states of data?
Data at rest, in transit, in use
What are two methods for protecting data?
Disk encryption and communication tunneling
What are some examples of data types?
Regulated data, trade secrets, intellectual property, legal information, financial information
What is data sovereignty?
Information subject to nation’s laws and governance structures
Name four methods for securing data.
Geographic restrictions, encryption, hashing, masking
What are some strategies to prevent sensitive information from leaving an organization?
Tokenization, Obfuscation, Segmentation
What is data classification?
Determination of the value and sensitivity of information
What is sensitive data?
Information that, if accessed by unauthorized persons, can result in loss of security or competitive advantage
What are the importance of data classification?
Allocate appropriate protection resources, prevent over-classification, require proper policies
What are the commercial business classification levels?
Public, Sensitive, Private
What are the government classification levels?
Unclassified, Sensitive but Unclassified, Confidential, Secret, Top Secret
What kind of information is included in the Confidential level?
Internal personnel or salary information
What kind of information is included in the Critical level?
Trade secrets, intellectual property, source code, etc.
What kind of information is included in the Sensitive but Unclassified level?
Includes medical records, personnel files, etc.
What kind of information is included in the Secret level?
Military deployment plans, defensive postures
What kind of information is included in the Top Secret level?
Highly sensitive national security information
What are the legal requirements for data maintenance?
Depends on organization type
What should organizational policies outline?
Data classification, retention, and disposal requirements
Why is understanding data classifications important?
For protecting sensitive information and complying with regulations
What is data ownership?
Identifying the individual responsible for maintaining confidentiality, integrity, availability, and privacy of information assets
Who is a data owner?
Senior executive responsible for labeling information assets and ensuring they are protected
Who is a data controller?
Entity responsible for determining data storage, collection, and usage purposes and methods
What is a data processor?
Group or individual hired by the data controller to assist with tasks like data collection and processing
What is the role of a Data Steward?
Focuses on data quality and metadata
What is the role of a Data Custodian?
Responsible for managing data storage systems
What is the role of a Privacy Officer?
Oversees privacy-related data
Who should be the data owner?
Not the IT department
Who should be the owners of data?
Individuals from the business side who understand the data’s content and can make informed decisions about classification
How should data owners be selected?
Based on their knowledge of the data and its significance within the organization
Why is proper data ownership important?
For maintaining data security, compliance, and effective data management within an organization
What are the different data states?
Data at Rest
What is Full Disk Encryption (FDE)?
Encrypts entire hard drive
What is Partition Encryption?
Encrypts specific partitions
What is File Encryption?
Encrypts individual files
What is Volume Encryption?
Encrypts selected files or directories
What is Database Encryption?
Encrypts data stored in a database at column, row, or table levels
What is Record Encryption?
Encrypts specific fields within a database record
What is data in transit?
Data actively moving from one location to another, vulnerable to interception
What are some transport encryption methods?
SSL, TLS, VPN, IPSec
What is SSL?
Secure Sockets Layer - provides secure communication over networks
What is TLS?
Transport Layer Security - provides secure communication over networks
What is VPN?
Virtual Private Network - creates secure connections over less secure networks like the internet
What is IPSec?
Internet Protocol Security - secures IP communications by authenticating and encrypting IP packets
What is data in use?
Data actively being created, retrieved, updated, or deleted
What are some protection measures for data in use?
Encryption at the Application Level, Access Controls, Secure Enclaves, Mechanisms like INTEL Software Guard
What does encryption at the application level do?
Encrypts data during processing
What do access controls for data in use do?
Restricts access to data during processing
What are secure enclaves?
Isolated environments for processing sensitive data
What does INTEL Software Guard do?
Encrypts data in memory to prevent unauthorized access
Why is understanding the three data states essential?
To implement appropriate security measures for each
What is regulated data?
Data controlled by laws, regulations, or industry standards
What are two compliance requirements for regulated data?
GDPR, HIPAA
What is PII?
Information used to identify an individual (e.g., names, social security numbers, addresses)
What is PHI?
Information about health status, healthcare provision, or payment linked to a specific individual
What are trade secrets?
Confidential business information giving a competitive edge (e.g., manufacturing processes, marketing strategies, proprietary software)
What is intellectual property (IP)?
Creations of the mind protected by patents, copyrights, trademarks.
What are some examples of intellectual property (IP)?
Inventions, literary works, designs.
How is intellectual property (IP) protected?
By patents, copyrights, trademarks.
What is the purpose of protecting intellectual property (IP)?
To encourage innovation.
What can happen if intellectual property (IP) is used without authorization?
Legal action.
What is legal information?
Data related to legal proceedings, contracts, regulatory compliance.
What is the significance of protecting financial information?
Targeted by cybercriminals for fraud and identity theft
What is PCI DSS?
Payment Card Industry Data Security Standard
What is human-readable data?
Understandable directly by humans
What is non-human-readable data?
Requires machine or software to interpret
What is GDPR?
General Data Protection Regulation
What does GDPR protect?
EU citizens’ data within EU and EEA borders
What are the consequences of non-compliance with GDPR?
Significant fines
What is one requirement of data sovereignty laws?
Data storage and processing within national borders