Security Plus - Chapter 2

Question 1

Script Kiddie

Answer 1

A derogatory term for an unskilled cybersecurity attacker who use hacking techniques with limited skills.

Question 2

Hacktivist

Answer 2

An activist that uses hacking techniques to accomplish an attack that they believe will provide a greater good for society.

Question 3

Organized Crime

Answer 3

groups that perform cybersecurity attacks that occur wherever there is money to be made. List of cybercrime activities that organized crime has been determined to be involved in:
Cyber-dependent crime
Child sexual abuse material
Online fraud
Dark web
Cross-cutting crime factors

Question 4

Nation-State Attackers

Answer 4

A governmentally organized group of attackers that attempt to attack other nations or organizations to collect political, economic, or traditional espionage information.

Question 5

Advanced Persistent Threat (APT)

Answer 5

A series of attacks that utilize advanced tools and continue to be performed over a significant time period.

Question 6

Insider Attacks

Answer 6

Attacks that occur when an employee, contractor, vendor, or other individual with authorized access to information and systems uses the access to wage an attack against the organization.

Question 7

Competitive Attacks

Answer 7

Usually engage in attacks on others that are in the same industry with an advantage they want to learn about. This is similar to corporate espionage attempting to steal sensitive information from others in the same industry.

Question 8

Data Exfiltration

Answer 8

Attacks that are motivated by the desire to obtain sensitive or proprietary information.

Question 9

Espionage

Answer 9

Attacks that are motivated by organizations seeking to steal secret information from other organizations.

Question 10

Service Disruption

Answer 10

Attacks that seek to take down or interrupt critical systems or networks.

Question 11

Blackmail Attacks

Answer 11

Attacks that seek to extort money or other concessions from victims by threatening to release sensitive information or to launch further attacks.

Question 12

Financial Gain

Answer 12

Attacks that are motivated by the desire to make money through theft of fraud.

Question 13

Philosophical/Political Beliefs

Answer 13

Attacks for ideological or political reasons. Utilized by Hacktivists usually.

Question 14

Ethical

Answer 14

White hat hacking. A desire to expose vulnerabilities and improve security. Carried out by security researchers or ethical hackers with the permission of the organization.

Question 15

Revenge

Answer 15

A desire to get even with an individual or organization by embarrassing them or expecting some other form of retribution against them.

Question 16

Disruption/Chaos

Answer 16

Attacks that disrupt the normal operations of an organization and could potentially cause chaos to their systems or network.

Question 17

War

Answer 17

Military units and civilian groups may use hacking in an attempt to disrupt military operations and change the outcome of an armed conflict.

Question 18

Attack Surface

Answer 18

A system, application, or service that contains a vulnerability that may be exploited.

Question 19

Threat Vector

Answer 19

The means that a threat actor uses to obtain access.

Question 20

Message Based Threat Vector

Answer 20

A type of threat vector Phishing messages, spam messages, and other email borne attacks used to gain access to an organizations network. Social media are seeing similar attacks through the use of Instant and Direct messaging to try to coerce a user to provide login credentials to the attacker.

Question 21

Wired Networks

Answer 21

Attackers attempt to access a targets network through physically entering the organizations facilities and plugging a device directly to an open port that may not be properly configured to limit the access. This also includes that an attacker can walk in and begin using an unlocked computer terminal that is open and available for activity.

Question 22

Systems

Answer 22

A type of threat vector that could provide exposure for an attacker to infiltrate the system and gain access to the desired target. Examples of this are software, applications, service ports, not updating, disabling, or modifying the default accounts or services.

Question 22

Wireless Networks

Answer 22

A type of threat vector that allows an attacker to attempt to access the network by configuring their own device to be able to connect to the target wireless network through WiFi configuration or Bluetooth enabled devices to gain access.

Question 23

Files and Images

Answer 23

Individual files including images that may have embedded malicious code that can trick a user into opening the file and activating the malware infection.

Question 24

Removable Devices

Answer 24

Attackers can use removable devices to such as USB drives to spread malware and launch attacks on their targets.

Question 25

Cloud Services

Answer 25

Attackers routinely scan popular cloud services for files with improper access controls, systems that have security flaws, or accidentally published API keys and passwords.

Question 26

Supply Chain

Answer 26

Attackers may attempt to gain access to an organization’s vendor or suppliers in order to gain access to the target. This can be done by infecting hardware or software that the vendor provides to the target organization or gaining credential access if the vendor has login credentials to the target organization’s network or systems.

Question 27

Threat Intelligence

Answer 27

The set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment.

Question 28

Predictive Analysis

Answer 28

Identifying likely risks to an organization

Question 29

Vulnerability Databases

Answer 29

Reports of vulnerabilities with assets affected and criticality to provide insight into the types of exploits being discovered by researchers.

Question 30

Indicators of Compromise

Answer 30

Telltale signs that an attack has taken place and may include file signatures, file patterns, and other evidence left behind by the attackers.

Question 31

Open Source Threat Intelligence

Answer 31

Threat intelligence that is acquired from publicly available sources.

Question 32

Dark Web

Answer 32

A network run over standard Internet connections but using multiple layers of encryption to provide anonymous communication.

Question 33

Closed Source Intelligence

Answer 33

Proprietary or exclusive information from commercial security vendors, government organizations, and other security-centric organizations that perform their own information gathering and research using custom tools, analysis models, or other proprietary methods to gather, curate, and maintain threat intelligence.

Question 34

Threat Maps

Answer 34

High level maps that provide real-time insight into the cybersecurity threat landscape.

Question 35

Assessing Threat Intelligence

Answer 35

Questions to ask:
Is the information timely?
Is the information accurate?
Is the information relevant?

Question 36

Confidence Score

Answer 36

A way to summarize the threat intelligence assessment data to filter and use threat intelligence based on much trust they give it.

Question 37

Information Sharing and Analysis Centers (ISAC)

Answer 37

Threat intelligence communities that help infrastructure owners and operators share threat information and provide tools and assistance to their members.