Threat Actors

Question 1

Which of the following is the term generally used to refer to the act of deliberately accessing computer systems and networks without authorization?

Threat

Vulnerability

Attack

Answer 1

Attack

Attack is the term that is now generally accepted when referring to the act of gaining unauthorized access to computer systems and networks. The terms phishing, threat, vulnerability all relate to attacks, but are not the act of attacking

Question 2

Attacks by an individual or even a small group of attackers fall into which threat category?

APT

Singular threat

Hactivist

Answer 2

Hactivist

Attacks by an individual or even a small group of attackers fall into the hactivist threat category. Attacks by criminal organizations usually fall into the structured threat category. The other two answers are not categories of threats used by the security community

Question 3

Which of the following is the term used to refer to individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software but who have just enough understanding of computer systems to be able to download and run scripts that others have developed?

Script kiddies

Hackers

Simple intruders

Answer 3

Script kiddies

Script kiddies is the label used to refer to individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software but who have just enough understanding of computer systems to be able to download and run scripts that others have developed. Hackers is the more general term used to refer to individuals at all levels who attempt to gain unauthorized access to computer systems and networks. The other two answers are not terms used in the security community

Question 4

What is the name given to a group of hackers who work together for a collectivist effort, typically on behalf of some cause?

Script kiddies

Hacktivists

Motivated hackers

Answer 4

Hacktivists

When hackers work together for a collectivist effort, typically on behalf of some cause, they are referred to as hacktivists. Hacktivist groups may include script kiddies, but in general script kiddies do not have the skills to participate in a meaningful manner in advancing a hacktivist cause, although they may be enlisted as ground troops to add volume to an attack. The other two terms are not generally used in the security community

Question 5

Attacks by individuals from organized crime are generally considered to fall into which threat category?

Highly structure threats

Unstructured threat

Structured threat

Answer 5

Structured threat

Attacks by criminal organizations usually fall into the structured threat category characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial backing to accomplish it, and possibly corruption of, or collusion with, insiders. Highly structured threats require greater planning, while unstructured threats require less, and APT attacks are typically nation state in origin, not organized criminals

Question 6

What is the name given to the group of individuals who not only have the ability to write scripts that exploit vulnerabilities but also are capable of discovering new vulnerabilities?

Elite hackers

Hacktivists

Uber hackers

Answer 6

Elite hackers

Elite hackers is the name given to those who not only have the ability to write scripts that exploit vulnerabilities but also are capable of discovering new vulnerabilities

Question 7

Criminal activity on the Internet can include which of the following? (Choose all that apply.)

Fraud

Extortion

Theft

Embezzlement

Forgery

Answer 7

Fraud

Extortion

Theft

Embezzlement

Forgery

Criminal activity on the Internet at its most basic is no different from criminal activity in the physical world. Fraud, extortion, theft, embezzlement, and forgery all take place in the electronic environment

Question 8

Warfare conducted against the information and information processing equipment used by an adversary is known as which of the following?

Information warfare

Cyber warfare

Offensive cyber operations

Answer 8

Information warfare

Information warfare is warfare conducted against the information and information processing equipment used by an adversary. Cyber warfare and offensive cyber operations are terms that you may encounter, but the more generally accepted term for this type of activity is information warfare. Computer espionage is generally associated with intelligence gathering and not general computer warfare

Question 9

What term is used to describe the type of threat that is characterized by a much longer period of preparation (years is not uncommon), tremendous financial backing, and a large and organized group of attackers?

Advanced capability threat

Nation-state threat

Highly structured threat

Answer 9

Highly structured threat

A highly structured threat is characterized by a much longer period of preparation (years is not uncommon), tremendous financial backing, and a large and organized group of attackers. The threat may include attempts not only to subvert insiders but also to plant individuals inside of a potential target in advance of a planned attack. This type of threat generally is much more involved and extensive than a structured threat. The other terms are not commonly used in the security industry

Question 10

What is the term used to define attacks that are characterized by using toolkits to achieve a presence on a target network, with a focus on the long game—maintaining a persistence on the target network?

Advanced persistent threat

Covert channel attack

Concealed network presence

Answer 10

Concealed network presence

Advanced persistent threats (APTs) are attacks characterized by using toolkits to achieve a presence on a target network and then, instead of just moving to steal information, focusing on the long game, maintaining a persistence on the target network. Their tactics, tools, and procedures are focused on maintaining administrative access to the target network and avoiding detection. Covert channels are indeed a concern in security but are a special category of attack. The other terms are not generally used in the security community

Question 11

Which of the following are reasons that the insider threat is considered so dangerous? (Choose all that apply.)

Insiders have the access and knowledge necessary to cause immediate damage to an organization.

Insiders may actually already have all the access they need to perpetrate criminal activity such as fraud.

Insiders generally do not have knowledge of the security systems in place, so system monitoring will allow for any inappropriate activity to be detected.

Attacks by insiders are often the result of employees who have become disgruntled with their organization and are looking for ways to disrupt operations.

Answer 11

Insiders have the access and knowledge necessary to cause immediate damage to an organization.

Insiders may actually already have all the access they need to perpetrate criminal activity such as fraud.

Attacks by insiders are often the result of employees who have become disgruntled with their organization and are looking for ways to disrupt operations.

Insiders frequently do have knowledge of the security systems in place and are thus better able to avoid detection

Question 12

When discussing threat concerns regarding competitors, which of the following is true?

There are no known cases of criminal activity involving people moving from competitor to competitor, taking insider information with them for years.

Where in the past it would take significant risk to copy the detailed engineering specifications of a major process for a firm, today it can be accomplished with a few clicks and a USB drive.

Modern search engines make it less likely that a competitor could steal intellectual property without being detected.

Answer 12

Where in the past it would take significant risk to copy the detailed engineering specifications of a major process for a firm, today it can be accomplished with a few clicks and a USB drive.

In today’s world of global economic activity, much of it is enabled by the interconnected nature of businesses. Many businesses have an information component that is easier to copy, steal, or disrupt than older, more physical assets. Additionally, there have been cases of people moving from competitor to competitor, taking insider information with them for years, even decades, before the Internet was developed

Question 13

Which of the following are true concerning attacker skill and sophistication? (Choose all that apply.)

The level of complexity for modern networks and operating systems has grown so that it is nearly impossible for anyone but the most skilled of hackers to gain unauthorized access to computer systems and networks.

Attackers do not have magic skills, but rather the persistence and skill to keep attacking weaknesses.

With the introduction of cloud computing during the last decade, attackers now primarily focus on the cloud, thus reducing the level of sophistication required to conduct attacks since they can focus on a more limited environment.

There is a surprising number of attacks being performed using old attacks, old vulnerabilities, and simple methods that take advantage of “low-hanging fruit.”

Answer 13

Attackers do not have magic skills, but rather the persistence and skill to keep attacking weaknesses.

There is a surprising number of attacks being performed using old attacks, old vulnerabilities, and simple methods that take advantage of “low-hanging fruit”

While the complexity of systems is indeed increasing, there still exists a large number of computers and networks that have not been adequately protected, making it possible for less sophisticated attackers to gain unauthorized access. Additionally, while cloud computing has added another focus for attackers, it has not eliminated computer systems and networks in general as potential targets

Question 14

Which of the following is the term used to describe the processes used in the collection of information from public sources?

Media exploitation

Open source intelligence

Social media intelligence

Answer 14

Open source intelligence

Open source intelligence is the term used to describe the processes used in the collection of intelligence from public sources. Human intelligence (HUMINT) is a specific category of intelligence gathering focused on obtaining information directly from individuals. The other terms are not generally used by security professionals

Question 15

What term is used to describe the gathering of information from a variety of sources, including non-public sources, to allow an entity to properly focus their defenses against the most likely threat actors?

Infosec analysis

Data intelligence

Threat intelligence

Answer 15

Threat intelligence

Threat intelligence is the gathering of information from a variety of sources, including non-public sources, to allow an entity to properly focus their defenses against the most likely threat actors. Information warfare is conducted against the information and information processing equipment used by an adversary and consists of a larger range of activities. The other two terms are not generally used by security professionals