Security Concepts - CyberSecurity Fundamentals

Question 1

• typically found in web applications.

- enable attackers to inject client-side scripts into web pages viewed by other users

Answer 1

Cross-site scripting (XSS)

Question 2

• also known as one-click attack or session riding
• cause victims to run actions on already authenticated sessions
• is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts.

Answer 2

Cross-site request forgery (CSRF)

Question 3

• type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid

Answer 3

Ransomware

Question 4

• is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)

Answer 4

SQL Injection

Question 5

• is any software intentionally designed to cause damage to a computer, server, client, or computer network

Answer 5

Malware (malicious software)

Question 6

• is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication

Answer 6

Phishing

Question 7

• is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other

Answer 7

man-in-the-middle

Question 8

• is a malicious software that allows an unauthorized user to have privileged access to a computer and to restricted areas of its software. may contain a number of malicious tools such as keyloggers, banking credential stealers, password stealers, antivirus disablers, and bots for DDoS attacks
• design to go undetected
• can be installed in computer kernel

Answer 8

Rootkit

Question 9

• in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled

Answer 9

denial-of-service attack (DoS attack)

Question 10

• the incoming traffic flooding the victim originates from many different sources

Answer 10

distributed denial-of-service attack (DDoS attack)

Question 11

• is a vulnerability that allows attackers to break out of a web server’s root directory and access other locations in the server’s file system

Answer 11

Path Traversal

Question 12

• occurs when data written to a buffer also corrupts data values in memory addresses adjacent to the destination buffer due to insufficient bounds checking. This can occur when copying data from one buffer to another without first checking that the data fits within the destination buffer

Answer 12

Buffer Overflow

Question 13

• is a type of malware that propagates by inserting a copy of itself into and becoming part of another program
• will not be active or able to spread until a user runs or opens the malicious host file or program

Answer 13

Virus

Question 14

• replicate functional copies of themselves and can cause the same type of damage.
• standalone software and do not require a host program or human help to propagate
• attack vulnerability’s of the system

Answer 14

Worms

Question 15

• It is a harmful piece of software that looks legitimate.
• do not reproduce by infecting other files nor do they self-replicate
• create backdoors to give malicious users access to the system
• cannot replicate itself and must be installed by user

Answer 15

Trojans

Question 16

• Software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process

Answer 16

Adware

Question 17

• Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer’s consent, or that asserts control over a device without the consumer’s knowledge.

Answer 17

Spyware

Question 18

• convincing victims they are trusted authority
• the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Answer 18

Social Engineering

Question 19

Type of Phishing with no target

Answer 19

Bulk Phishing

Question 20

Type of Phishing with specific target

Answer 20

Spear Phishing

Question 21

• Spear Phishing high profile target
• is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization,

Answer 21

Whaling

Question 22

• Type of Phishing the Clone Logos of Legit Service

Answer 22

Clone Phishing

Question 23

NIST stands for

Answer 23

National Institute of Standards and Technology

Question 24

• is a collection of industry standards and best practices to help organizations manage cybersecurity risk

Answer 24

NIST CyberSecurity Framework

Question 25

• a potential danger to asset

Answer 25

Threat

Question 26

• entity that takes advantage of vulnerability

Answer 26

Malicious Actor

Question 27

• Path use by Malicious Actor

Answer 27

Threat Agent/Vector

Question 28

Weakness in the system design, implementation, software or code or lack of a mechanism

Answer 28

Vulnerability

Question 29

• vulnerabilities identifier

- is a list of publicly disclosed computer security flaws.

Answer 29

CVE - Common Vulnerabilities and Exposures

Question 30

• refers to a piece of software, tool, technique or a process that takes advantage of a vulnerability

Answer 30

Exploit

Question 31

• no one may even know vulnerability exist and it is exploited

Answer 31

Zero Day Exploit

Question 32

• the probability of likelihood of the occurrence or realization of threat

Answer 32

risk

Question 33

3 Elements of risk

Answer 33

Asset, threats, Vulnerabilities

Question 34

• any item of economic value owned by individual or corporation

Answer 34

Asset

Question 35

• non profit charitable organization that leads several industry wide initiatives to promote the security of applications and software

Answer 35

OWASP (Open Web Application Security Project)

Question 36

• provides a standard set of definitions for different aspect of Cloud computing

Answer 36

NIST Definition of Cloud Computing

Question 37

• Cloud computing model where you rent the insfrastructure

Answer 37

Infrastructure as a service (IaaS)

Question 38

• Cloud computing model where you they provide everything except applications

Answer 38

Platform as a Service (PaaS)

Question 39

• Cloud computing model where they provide the complete package solution

Answer 39

Software as a Service (SaaS)

Question 40

• Cloud computing attacks occurs when the attacker can sniff traffic and intercept traffic to take over a legitimate connection to cloud

Answer 40

session hijacking

Question 41

• cloud computing attacks tricks user to visit a phishing site and giving up a valid credential

Answer 41

DNS attack

Question 42

• cloud computing attacks used to steal cookies that can use to gain access as an authenticated users to a cloud service

Answer 42

cross-site-scripting (xss)

Question 43

• cloud computing attacks exploits vulnerable cloud-based applications that allow attacker to pass SQL commands

Answer 43

SQL injection

Question 44

• cloud computing attack use to describe cross-site request forgery

Answer 44

session riding

Question 45

• cloud computing attack when the attacker place himself in between communication path between two users

Answer 45

man-in-the-middle cryptographic

Question 46

• cloud computing attack where attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud servr and then lauching side channel attack

Answer 46

side-channel attack

Question 47

-cloud computing attack where it target weak authentication

Answer 47

authentication attack

Question 48

• cloud computing attack where attacker can take advantage of API misconfiguration to modify delete append data in application or system in cloud environment

Answer 48

API attack

Question 49

• One of the most popular IoT protocols supported by many consumer IoT devices. Takes advantage of the underlying security services provided by the IEEE 802.15.4 Mac layer.

Answer 49

Zigbee

Question 50

-IoT protocols. Bluetooth protocols that is designed for enhanced battery life for IoT Devices

Answer 50

BLE (Bluetooth Low Energy)

Question 51

IoT Bluetooth protocols. devices default to sleep and wake up only when needed. Support AES encryption

Answer 51

Bluetooth Smart

Question 52

• IoT protocols. Support multicast, unicast and broadcast communication.

Answer 52

Z-wave

Question 53

-IoT protocols. Allow IoT devices to communicate wirelessly and over the power lines.

Answer 53

INSTEON

Question 54

-IoT protocols. A networking protocols designed specifically for IoT implementations.

Answer 54

LoRaWAN (Long-Range-Wide-Area-Network)

Question 55

-IoT protocols. Still one of the most popular communications methods between IOT

Answer 55

WiFi

Question 56

-IoT Protocols. Supports the use of IPV6 in the network constrained IoT implementation. Designed to support wireless internet connectivity at lower data rates

Answer 56

6LoWPAN (IPv6 over low power wireless personal area networks) and LRWPAN(Low rate wireless personal area networks)

Question 57

IoT protocols. also a popular communications method for IoT Devices including connected cards, retail machines, sensors and others. 4G and 5G are used

Answer 57

Cellular Communications

Question 58

• focuses on ensuring consistent and effective approach to the management of information security incidents including communication on security events and weakness

Answer 58

ISO/IEC 27002:2013 - Information security incident management

Question 59

• is and adverse event that threatens business security and or disrupt services. Is related to loss of CIA (confidentiality, integrity and availability)

Answer 59

Cybersecurity Incident

Question 60

• broad terms that describes situation in which security devices triggers alarm but there is no malicious activtiy on an actual attack taking place

Answer 60

False positive

Question 61

• terms used to described a network intrusion devices inablitiy to detect true security events. in other words a malicious activity that is not detected by the security devices

Answer 61

False negative

Question 62

• successful identifications of security attack or malicious event

Answer 62

True positive

Question 63

• when intrusion detection devices identifies an activity acceptable behavior and activity that is actually acceptable

Answer 63

True negative

Question 64

• when attacker evades the IPS box by sending fragmented packets

Answer 64

fragmentation

Question 65

• when attacker uses techniques that use low bandwidth or very small number of packets in order to evade the system

Answer 65

low-bandwidth attacks

Question 66

• using spoofed ip address or sources. as well as using intermediary system such as proxies to evade inspections

Answer 66

address spoofing/proxying

Question 67

attackers may use polymorphic techniques to create unique attack patters

Answer 67

pattern change evasion

Question 68

attacker can use encryption to hide their communication and information

Answer 68

Encryption

Question 69

NIST Major phases of incident response

Answer 69

Preparation
Detection and analysis
Containment, eradication and recovery
Post-incident activity (postmortem)

Question 70

Computer Security Incident Handling Guide

Answer 70

NIST SP 800-61 Revision 2

Question 71

Is an industry standard maintained by the forum incident response and security teams (first) that is used by many PSIRT to convey information about the severity of vulnerabilities they disclose to their customers

Answer 71

CVSS (Common vulnerability scoring system)

Question 72

Designed to protect confidentiality, integrity and availability of data within the confines of an organization

Answer 72

Information Security

Question 73

The process of protecting information by preventing, detecting and responding to attacks

Answer 73

Cybersecurity

Question 74

referred to as the knowledge about an existing or emerging threat to assets including networks and system

Answer 74

Threat Intelligence

Question 75

An express language designed for sharing of cyberattack information

Answer 75

STIX (Structured Threat Information Expression)

Question 76

An open transport mechanism that standardises the automated exchange of cyber-threat information

Answer 76

TAXII (Trusted Automated Exchange of Indicator Information)

Question 77

A free standardised schema for specificaiton, capture, characterization and communications of events of stateful properties that are observable in the operational domain

Answer 77

CyBOX(Cyber Observable Expression)

Question 78

An open framework for sharing threat intelligence in a machine-digestible format.

Answer 78

OpenIOC (Open indicators of compromise)

Question 79

A language for command and control of cyber-defence technologies

Answer 79

Open Command and Control (OpenC2)

Question 80

program used to combine two or more executables into single packaged program

Answer 80

wrappers

Question 81

Similar to Winzip, War and tar programs because they compress file

Answer 81

packers

Question 82

software designed to install malware payload on the victims system

Answer 82

droppers

Question 83

a program to encrypt or obscure the code

Answer 83

crypters

Question 84

an attack where an attackers tries to execute commands that he or she is not supposed to be able to execute on a system via a vulnerable application

Answer 84

command injection

Question 85

Type of SQL Injection where attacker obtains the data by using the same channel that is used to inject the SQL code

Answer 85

In-Band SQL Injection

Question 86

Type of SQL Injection where attackers retrieves data using different channel

Answer 86

Out-Band SQL Injection

Question 87

type of. SQL Injection where attackers does not make application display or transfer any data; rather the attacker is able to reconstruct the data

Answer 87

Blind SQL Injection

Question 88

3 Components of CVSS

Answer 88

Base - Temporal - Environmental Group