Section 1 Flashcards

1
Q

The following describes what?

Act of protecting data and information from unauthorized access,
unlawful modification and disruption, disclosure, corruption, and
destruction

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The following describes what?

Act of protecting the systems that hold and process our critical data

A

Information Systems Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the CIA triad stand for?

A

C - Confidentiality
I - Integrity
A - Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The following describes which part of the CIA triad?

Information has not been disclosed to unauthorized people

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The following describes which part of the CIA triad?

Information has not been modified or altered without proper
authorization

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The following describes which part of the CIA triad?

Information is able to be stored, accessed, or protected at all times

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the AAA of security stand for?

A

Authentication, Authorization and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The following describes which triple A of security?

When a person’s identity is established with proof and confirmed by a
system:

● Something you know
● Something you are
● Something you have
● Something you do
● Somewhere you are

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The following describes which triple A of security?

Occurs when a user is given access to a certain piece of data or certain
areas of a building

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The following describes which triple A of security?

Tracking of data, computer usage, and network resources

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This occurs when you have proof that someone has taken an action.

A

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the four security threats?

A

Malware
Unauthorized Access
System Failure
Software Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This is a short-hand term for malicious software

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This occurs when access to computer resources and data occurs without the
consent of the owner

A

Unauthorized Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This occurs when a computer crashes or an individual application fails

A

System Failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This is the act of manipulating users into revealing confidential information or
performing other detrimental actions

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When it comes to mitigation what are some examples of physical controls?

A

Alarm systems, locks, surveillance cameras, identification cards, and
security guards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

When it comes to mitigation what are some examples of technical controls?

A

Smart cards, encryption, access control lists (ACLs), intrusion detection
systems, and network authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

When it comes to mitigation what are some examples of administrative controls?

A

Policies, procedures, security awareness training, contingency planning,
and disaster recovery plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the most cost-effective security control to use?

A

User training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the five types of hackers?

A

White Hats
Black Hats
Gray Hats
Blue Hats
Elites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What kind of hacker is the following describing?

Non-malicious hackers who attempt to break into a company’s
systems at their request

A

White Hats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What kind of hacker is the following describing?

Malicious hackers who break into computer systems and networks
without authorization or permission

A

Black Hats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What kind of hacker is the following describing?

Hackers without any affiliation to a company who attempt to
break into a company’s network but risk the law by doing so

A

Gray Hats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What kind of hacker is the following describing? Hackers who attempt to hack into a network with permission of the company but are not employed by the company
Blue Hats
26
What kind of hacker is the following describing? Hackers who find and exploit vulnerabilities before anyone else does. They are 1 in 10,000.
Elites
27
These kind of threat actors have limited skill and only run other people’s exploits and tools
Script kiddies
28
What are the four types of threat actors?
Script kiddies Hacktivists Organized Crime Advanced Persistent Threats (APT)
29
These are threat actors who are driven by a cause like social change, political agendas, or terrorism
Hacktivists
30
These are threat actors who are part of a crime group that is well-funded and highly sophisticated
Organized Crime
31
These threat actors are Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal
Advanced Persistent Threats (APT)
32
What are the four properties of good threat intelligence?
Timeliness Accuracy Relevancy Confidence Levels
33
The following describes which threat intelligence? Property of an intelligence source that ensures it is up-to-date
Timeliness
34
The following describes which threat intelligence? Property of an intelligence source that ensures it matches the use cases intended for it
Relevancy
35
The following describes which threat intelligence? Property of an intelligence source that ensures it produces effective results
Accuracy
36
The following describes which threat intelligence? Property of an intelligence source that ensures it produces qualified statements about reliability
Confidence levels
37
What are the three kinds of intelligence sources?
Open Source Closed Source Proprietary
38
The following describes which intelligence source? Data that is available to use without subscription, which may include threat feeds similar to the commercial providers and may contain reputation lists and malware signature databases
Open Source
39
The following describes which intelligence source? Data that is derived from the provider's own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers' systems, suitably anonymized
Closed Source
40
The following describes which intelligence source? Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subject to a subscription fee
Proprietary
41
Methods of obtaining information about a person or organization through public records, websites, and social media
Open-Source Intelligence (OSINT)
42
* US-CERT ▪ UK’s NCSC ▪ AT&T Security (OTX) ▪ MISP ▪ VirusTotal ▪ Spamhaus ▪ SANS ISC Suspicious Domains These are all examples of what?
Open Sources
43
What is threat hunting?
A cyber security technique designed to detect presence of threat that have not been discovered by a normal security monitoring
44
True or False: Threat Hunting is potentially less disruptive than penetration testing
True
45
To do threat hunting, we start off by establishing what?
A hypothesis
46
What is a hypothesis?
A hypothesis is derived from the threat modeling and is based on potential events with higher likelihood and higher impact. Essentially, we are going to sit around and think... who is going to try to harm us? Who might want to break into our networks? And how might they be able to do that? These questions help us generate a hypothesis.
47
What is the secondary step of threat hunting?
Profiling Threat Actors and Activities
48
What is Profiling Threat Actors and Activities?
Involves the creation of scenario that show how a prospective attacker might attempt an intrusion and what their objectives might be
49
Threat hunting relies on the usage of the tools developed for regular security monitoring and incident response. These four tools are:
* Analyze network traffic o Analyze the executable process list o Analyze other infected host o Identify how the malicious process was executed
50
Threat hunting consumes a lot of resources and time to conduct, but can yield a lot of benefits. What are those benefits?
* Improve detection capabilities * integrate intelligence * reduces attack surface * Block attack vectors * identify critical assets
51
What are the three attack frameworks?
Kill Chain MITRE ATT&CK Framework Diamond Model of Intrusion Analysis
52
The following describes which attack framework? A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion
Kill Chain
53
The following describes which attack framework? A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org)
MITRE ATT&CK Framework
54
The following describes which attack framework? A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim
Diamond Model of Intrusion Analysis
55
What is the Kill Chain's 1st stage?
Reconnaissance ● The attacker determines what methods to use to complete the phases of the attack
56
What is the Kill Chain's 2nd stage?
Weaponization ● The attacker couples payload code that will enable access with exploit code that will use a vulnerability to execute on the target system
57
What is the Kill Chain's 3rd stage?
Delivery ● The attacker identifies a vector by which to transmit the weaponized code to the target environment
58
What is the Kill Chain's 4th stage?
Exploitation ● The weaponized code is executed on the target system by this mechanism
59
What is the Kill Chain's 5th stage?
Installation ● This mechanism enables the weaponized code to run a remote access tool and achieve persistence on the target system
60
What is the Kill Chain's 6th stage?
Command & Control (C2) ● The weaponized code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack
61
What is the Kill Chain's 7th stage?
Actions on Objectives ● The attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration) or achieve other goals and motives ● Kill chain analysis can be used to identify a defensive course-of-action matrix to counter the progress of an attack at each stage
62