Section 1 - Cybersecurity Flashcards

1
Q

What are 3 Core Security Objectives that focuses on Protecting Systems and Data?

Confidentiality, Integrity, Availability
Confidentiality, Risk, Authentication
Vulnerability, Exploit, Threat
Non-Repudiation, Integrity Access
Confidentiality, Risk, Availability
A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an expected capability of the GRC Function? (Select All that Apply)

Security Ops
Compliance and Audit
Incident Response
Pen Testing
Risk Analysis
A

Compliance and Audit

Risk Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What technology allows computers to communicate with each other?

Endpoints
Servers
Exploitation
Networking

A

Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What threats must a GRC Analyst consider? (Select All that Apply)

Human-Based
Environmental
Natural
Thought

A

Human-Based
Environmental
Natural

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the typical motivation for a Hactivist based Threat Actor?

Financial
Espionage
Political/Ideological
Curiosity

A

Political/Ideological

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the CIA Triad?

Confidentiality, Risk, Authentication
Vulnerability, Exploit, Threat
Confidentiality, Integrity, Availability
Non-Repudiation, Integrity Access
Confidentiality, Risk, Availability
A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Only the people who should have access, do have access. No one else. - Is What?

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data/Systems/Apps are exactly what it should be - Is what?

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The System is there when you need it - Is what?

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 5 Layers of NIST Framework?

A
Identify
Protect
Detect
Respond
Recover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Weakness in a Person, Process, Technology.
Not all _________ are Exploitable, but they are still Weaknesses.

What is this?

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An attack on a Vulnerability is what?

A

Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How likely and how bad an Exploited Vulnerability is.
All Exploits are BAD, but some could be Low _____, while others are High.
How bad is the Impact?
You can’t close all the ______, you have to calculate the _______ and prioritize High/Med/Low.

What is this?

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An actively Exploited Vulnerability is?

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Malicious Software, bad guys write the Software, intended to Exploit Vulnerabilities, resulting in an Incident.

What is this?

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3 Key Areas for Protecting/Securing Data/Systems/Info - what are they?

A

People (Staff, Vendors, Maintenance Workers, Guests interacting with the Business, it’s not just Staff that work at the Company, but anyone interacting with the Company.)

Process (All businesses have Processes that are Executed by People.)

Technology (Systems, Apps, Mobile Devices, Cloud, Interconnections - Client Server, B2B, etc..)

17
Q

What does the term “Left of Boom” Mean?

A

Cybersecurity activities that occur before an Incident.

18
Q

How many Layers are there in the OSI Model?

A

7

19
Q

What Two Network Layers are related to TCP/IP?

A

Network Layer & Transport Layer

20
Q

What does DNS do?

A

DNS Translates Domain Names to IP Addresses.

21
Q

In general, what does a GRC do?

A

Bolsters defenses, react and handle bad situations.
Limit negative consequences and impact from bad situations.
Can be both Operational and Administrative.
Identify and Protect

22
Q

Name 5 Key Activities of a GRC?

A

Compliance and Audit - Are we Compliant, can we Demonstrate?
Security Awareness - Mitigating Risk from People
Assess Risk - Are we at Risk? Should we invest in Security?
Install Governance - Policy, Procedures, Standards
Speak “Security” for the Business

23
Q

Know the Enemy - 3 Categories of Threats?

A

Natural - Nature, Earthquakes, Tsunami, Wildfires, Tornados, etc. etc.. that threaten Protected Assets

Environmental - Air Conditioning, Sprinkler Systems, Water Main Breaks, things in the environment that can threaten Protected Assets.

Human Threats - Cyber Criminals, Hackers, etc..

24
Q

Name 5 Categories of Human Threats?

A

APT - Advanced Persistent Threats: Well-Funded, Targeted/Tailored Attacks, Nation States, lots of Resources, Experts.

Cyber Criminals - Financial Motivations, Ransomware, Malware, attack Supply Chains, Dark Web Hosting Services. N-Day, they exploit 0-Day Vulnerabilities. Persistent Attacks.

Hacktivists - Political/Ideological Motivations, Denial of Service, Disclosure/Revelation Leaks.

Script Kiddies - Financial, Revenge, Curiosity Motivated. Point and Click, Automated Attacks.

Insider Threats - Financial, can be Good Intentioned, Curiosity. Access and Collection of Data, Exploit of Interconnected Systems. Detailed Understanding of Business Opts. Social Engineering Attacks.