Section 1 : Overview Of Security

Question 1

Information Security :

Answer 1

Protecting data info from unauthorized access, unlawful modification, corruption, and destruction

Question 2

Information systems security

Answer 2

Protecting the systems that holds and processes data

Question 3

What do the three A’s stand for in “AAA of security”?

Answer 3

Authentication
Authorization
Accounting

Question 4

Authentication

Answer 4

Persons identity established with proof

Question 5

Authorization

Answer 5

Person is given access

Question 6

Accounting

Answer 6

Tracking of data, computer usage, network resources

Question 7

What does “CIA” triad stand for?

Answer 7

Confidentiality
Integrity
Availability

Question 8

Non-repudiation

Answer 8

When a user cannot deny if the other persons has a proof of a breach

Question 9

Malware

Answer 9

“Malicious software”
Ex : viruses, worms, spyware

Question 10

Unauthorized access

Answer 10

Occurs when access to computer resources and data happens without consent

Question 11

System failure

Answer 11

When a computer / app crashes or fails

Question 12

Social engineering

Answer 12

Act of manipulating users into revealing confidential info or preforming other detrimental actions

Question 13

What are 3 types of mitigating threats?

Answer 13

Physical
Technical
Administrative

Question 14

White hats

Answer 14

Non malicious
Attempt to break in at their request
Usually works for the company/ do as a service
Usually ethical hacker / penetration hacker

Question 15

Black hats

Answer 15

Malicious
Break into systems without permission
“Bad guys”

Question 16

Gray hats

Answer 16

No affiliation with company
Still breaking the law
Not malicious
Can help patch vulnerabilities

Question 17

Blue hats

Answer 17

Attempt to hack with premission of the company
Not employed by company
“Freelance ethical hacker”

Question 18

Elite

Answer 18

Finds & exploits vulnerabilities first
Creates own rooms
Can be white/black hat
1 in 10,000 are elite

Question 19

Script kiddies

Answer 19

Limited skill
“Baby hackers”
Only runs others exploits and tools

Question 20

Hacktivists

Answer 20

Driven by a cause, social change, political agendas, terroism

Question 21

Organized crime

Answer 21

Hackers who are part of a crime group
Well funded
Sophisticated

Question 22

Advanced persistent threats (APT)

Answer 22

Highly trained
Often by nation states
Quiet and sneaky

Question 23

What are 4 sources you must consider when thinking about threat intelligence?

Answer 23

Timeliness
Relevancy
Accuracy
Confidence

Question 24

Where can you find info on the sources of threat intelligence?

Answer 24

Proprietary - commercial service offering
Closed source
Open source

Question 25

Implicit knowledge

Answer 25

Only from experienced practioners in the field Based on experience