Section 1 Flashcards
The following describes what?
Act of protecting data and information from unauthorized access,
unlawful modification and disruption, disclosure, corruption, and
destruction
Information Security
The following describes what?
Act of protecting the systems that hold and process our critical data
Information Systems Security
What does the CIA triad stand for?
C - Confidentiality
I - Integrity
A - Availability
The following describes which part of the CIA triad?
Information has not been disclosed to unauthorized people
Confidentiality
The following describes which part of the CIA triad?
Information has not been modified or altered without proper
authorization
Integrity
The following describes which part of the CIA triad?
Information is able to be stored, accessed, or protected at all times
Availability
What does the AAA of security stand for?
Authentication, Authorization and Accounting
The following describes which triple A of security?
When a person’s identity is established with proof and confirmed by a
system:
● Something you know
● Something you are
● Something you have
● Something you do
● Somewhere you are
Authentication
The following describes which triple A of security?
Occurs when a user is given access to a certain piece of data or certain
areas of a building
Authorization
The following describes which triple A of security?
Tracking of data, computer usage, and network resources
Accounting
This occurs when you have proof that someone has taken an action.
Non-repudiation
What are the four security threats?
Malware
Unauthorized Access
System Failure
Software Engineering
This is a short-hand term for malicious software
Malware
This occurs when access to computer resources and data occurs without the
consent of the owner
Unauthorized Access
This occurs when a computer crashes or an individual application fails
System Failure
This is the act of manipulating users into revealing confidential information or
performing other detrimental actions
Social Engineering
When it comes to mitigation what are some examples of physical controls?
Alarm systems, locks, surveillance cameras, identification cards, and
security guards
When it comes to mitigation what are some examples of technical controls?
Smart cards, encryption, access control lists (ACLs), intrusion detection
systems, and network authentication
When it comes to mitigation what are some examples of administrative controls?
Policies, procedures, security awareness training, contingency planning,
and disaster recovery plans
What is the most cost-effective security control to use?
User training
What are the five types of hackers?
White Hats
Black Hats
Gray Hats
Blue Hats
Elites
What kind of hacker is the following describing?
Non-malicious hackers who attempt to break into a company’s
systems at their request
White Hats
What kind of hacker is the following describing?
Malicious hackers who break into computer systems and networks
without authorization or permission
Black Hats
What kind of hacker is the following describing?
Hackers without any affiliation to a company who attempt to
break into a company’s network but risk the law by doing so
Gray Hats
What kind of hacker is the following describing?
Hackers who attempt to hack into a network with permission of
the company but are not employed by the company
Blue Hats
What kind of hacker is the following describing?
Hackers who find and exploit vulnerabilities before anyone else
does. They are 1 in 10,000.
Elites
These kind of threat actors have limited skill and only run other people’s exploits and tools
Script kiddies
What are the four types of threat actors?
Script kiddies
Hacktivists
Organized Crime
Advanced Persistent Threats (APT)
These are threat actors who are driven by a cause like social change, political agendas, or terrorism
Hacktivists
These are threat actors who are part of a crime group that is well-funded and highly
sophisticated
Organized Crime
These threat actors are Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal
Advanced Persistent Threats (APT)
What are the four properties of good threat intelligence?
Timeliness
Accuracy
Relevancy
Confidence Levels
The following describes which threat intelligence?
Property of an intelligence source that ensures it is up-to-date
Timeliness
The following describes which threat intelligence?
Property of an intelligence source that ensures it matches the use cases intended
for it
Relevancy
The following describes which threat intelligence?
Property of an intelligence source that ensures it produces effective results
Accuracy
The following describes which threat intelligence?
Property of an intelligence source that ensures it produces qualified statements
about reliability
Confidence levels
What are the three kinds of intelligence sources?
Open Source
Closed Source
Proprietary
The following describes which intelligence source?
Data that is available to use without subscription, which may include threat feeds
similar to the commercial providers and may contain reputation lists and
malware signature databases
Open Source
The following describes which intelligence source?
Data that is derived from the provider’s own research and analysis efforts, such
as data from honeynets that they operate, plus information mined from its
customers’ systems, suitably anonymized
Closed Source
The following describes which intelligence source?
Threat intelligence is very widely provided as a commercial service offering,
where access to updates and research is subject to a subscription fee
Proprietary
Methods of obtaining information about a person or organization through public
records, websites, and social media
Open-Source Intelligence (OSINT)
- US-CERT
▪ UK’s NCSC
▪ AT&T Security (OTX)
▪ MISP
▪ VirusTotal
▪ Spamhaus
▪ SANS ISC Suspicious Domains
These are all examples of what?
Open Sources
What is threat hunting?
A cyber security technique designed to detect presence of threat that have not
been discovered by a normal security monitoring
True or False: Threat Hunting is potentially less disruptive than penetration testing
True
To do threat hunting, we start off by establishing what?
A hypothesis
What is a hypothesis?
A hypothesis is derived from the threat modeling and is based on potential
events with higher likelihood and higher impact.
Essentially, we are going to sit around and think… who is going to try to harm us? Who might want to break into our networks? And how might they be able to do that? These questions help us generate a hypothesis.
What is the secondary step of threat hunting?
Profiling Threat Actors and Activities
What is Profiling Threat Actors and Activities?
Involves the creation of scenario that show how a prospective attacker might
attempt an intrusion and what their objectives might be
Threat hunting relies on the usage of the tools developed for regular security monitoring and incident response. These four tools are:
- Analyze network traffic
o Analyze the executable process list
o Analyze other infected host
o Identify how the malicious process was executed
Threat hunting consumes a lot of resources and time to conduct, but can yield a lot of
benefits. What are those benefits?
- Improve detection capabilities
- integrate intelligence
- reduces attack surface
- Block attack vectors
- identify critical assets
What are the three attack frameworks?
Kill Chain
MITRE ATT&CK Framework
Diamond Model of Intrusion Analysis
The following describes which attack framework?
A model developed by Lockheed Martin that describes the stages by which a
threat actor progresses a network intrusion
Kill Chain
The following describes which attack framework?
A knowledge base maintained by the MITRE Corporation for listing and
explaining specific adversary tactics, techniques, and common knowledge or
procedures (attack.mitre.org)
MITRE ATT&CK Framework
The following describes which attack framework?
A framework for analyzing cybersecurity incidents and intrusions by exploring the
relationships between four core features: adversary, capability, infrastructure,
and victim
Diamond Model of Intrusion Analysis
What is the Kill Chain’s 1st stage?
Reconnaissance
● The attacker determines what methods to use to complete the
phases of the attack
What is the Kill Chain’s 2nd stage?
Weaponization
● The attacker couples payload code that will enable access with
exploit code that will use a vulnerability to execute on the target
system
What is the Kill Chain’s 3rd stage?
Delivery
● The attacker identifies a vector by which to transmit the
weaponized code to the target environment
What is the Kill Chain’s 4th stage?
Exploitation
● The weaponized code is executed on the target system by this
mechanism
What is the Kill Chain’s 5th stage?
Installation
● This mechanism enables the weaponized code to run a remote
access tool and achieve persistence on the target system
What is the Kill Chain’s 6th stage?
Command & Control (C2)
● The weaponized code establishes an outbound channel to a
remote server that can then be used to control the remote access
tool and possibly download additional tools to progress the attack
What is the Kill Chain’s 7th stage?
Actions on Objectives
● The attacker typically uses the access he has achieved to covertly
collect information from target systems and transfer it to a remote
system (data exfiltration) or achieve other goals and motives
● Kill chain analysis can be used to identify a defensive
course-of-action matrix to counter the progress
of an attack at each stage