Threat Management and Cybersecurity Resources

Question 1

Red Team

Answer 1

Attacker of the penetration test

Question 2

Blue Team

Answer 2

Security workers that are defending attacks from red team

Question 3

Penetration test

Answer 3

Tries to exploit vulnerabilities like a threat actor would to find deep vulnerabilities

Question 4

White Team

Answer 4

“Referee” of test
Enforces rules of the test

Question 5

Purple Team

Answer 5

Provides real-time feedback between red and blue team to better the testing

Question 6

Bug Bounty

Answer 6

Rewards for uncovering a software vulnerability

Question 7

Gray Box

Answer 7

Limited knowledge of system

Question 8

White box

Answer 8

Full knowledge of system

Question 9

Black box

Answer 9

No knowledge of system
Might not assess all vulnerabilities

Question 10

Rules of engagement

Answer 10

Limitation / parameters of a penetration test

Question 11

Cleanup

Answer 11

Returning system back to original state after pen test is done

Question 12

Footprinting

Answer 12

Gathering info from outside the organization

Question 13

War Driving

Answer 13

Looking for wireless signals from a car while using a portable computing device

Question 14

Persistence

Answer 14

Load balancer makes a link between endpoint and a network server for the length of session

Question 15

War Flying

Answer 15

Finding Wi-Fi signals by drones

Question 16

Drones

Answer 16

Unmanned Aerial Vehicle (UAV)

Question 17

Passive Reconnaissance

Answer 17

Using public online information to gather knowledge on target

Question 18

Open Source Intelligence (OSINT)

Answer 18

Public accessible information on a individual or organization to make actionable intelligence

Question 19

Privilege Escalation

Answer 19

Getting advanced resources that isn’t available to regular users

Question 20

Lateral movement

Answer 20

Moving through network looking for more systems that threat actors can access after privilege escalation

Question 21

Pivot

Answer 21

Turning to other systems to be compromised

Question 22

Vulnerability scan

Answer 22

Ongoing process, automated, continuously finds vulnerabilities
Reduce attack surface

Question 23

Non-credential scan

Answer 23

Vulnerability scan that gives no authentication info to tester

Question 24

Credential scan

Answer 24

Scan which authentication credentials are supplied to vulnerability scanner to mimic a threat actor that would have valid credentials

Question 25

Intrusive scan

Answer 25

Vulnerability scan that tries to use any vulnerabilities it finds like a threat actor would

Question 26

Configuration review

Answer 26

Examination of software setting for a vulnerability scan

Question 27

Nonintrusive scan

Answer 27

Vulnerability scan that doesn’t try to exploit the vulnerability but only logs that it was found

Question 28

False negative

Answer 28

Fail to alarm when there was a problem

Question 29

Common Vulnerabilities and Exposures (CVE)

Answer 29

Tool that find vulnerabilities in OSs and app software

Question 30

Common Vulnerability Scoring System (CVSS)

Answer 30

Numeric grading system of impact of vulnerability

Question 31

False Positive

Answer 31

Alarming when there is no problem

Question 32

User behavior analysis

Answer 32

Monitoring normal behavior of users and how they interact with the system to make a picture of typical activity

Question 33

Sentiment analysis

Answer 33

Computationally finding and categorizing opinions to determine writers attitude towards something

Question 34

Security Information and Event Management (SIEM)

Answer 34

Consolidates real-time security monitoring and management of security info w analysis and reporting of security events

Question 35

Security Orchestration, Automation, and Response (SOAR)

Answer 35

Manage and respond to security warnings and alarms by combining data to automate incident response

Question 36

Maneuvering

Answer 36

Unusual behavior when threat hunting

Question 37

Fusion center

Answer 37

Repository of info from enterprises and gov’t used to share info on latest attacks

Question 38

Framework

Answer 38

Documented processes used to define policies and procedures for implementation and management of security controls

Question 39

ISO 27002

Answer 39

‘Code of practice’ for infosec management that has 114 control recommendations

Question 40

NIST Risk Management Framework (RMF)

Answer 40

Access and manage risks to their info and systems

Question 41

ISO 27001

Answer 41

Requirements for an information security management system

Question 42

NIST Cybersecurity Framework (CSF)

Answer 42

Measuring stick to compare their cybersecurity practices relative to threats they face

Question 43

ISO 27701

Answer 43

Extension of 27001 and for managing privacy controls to reduce risk of privacy breach

Question 44

ISO 31000

Answer 44

Controls for managing and controlling risks

Question 45

SSAE SOC 2 Type II

Answer 45

Reports on internal controls how company safeguards customer data and how well - for NDA’s and special workers to view

Question 46

SSAE SOC Type III

Answer 46

Reports on internal controls that can be freely distributed - public

Question 47

Center for Internet Security (CIS)

Answer 47

Nonprofit community-driven organization

Question 48

Reference architecture

Answer 48

Authoritative source of info

Question 49

Cloud Controls Matrix

Answer 49

Cloud security controls framework

Question 50

Cloud Security Alliance (CSA)

Answer 50

Define and raise awareness of best practices to secure cloud environments

Question 51

Regulations

Answer 51

Standard by established professional organizations or gov’t agencies

Question 52

Payment Card Industry Data Security Standard - PCI DSS

Answer 52

Minimum of security for handling customers card info

Question 53

Benchmark / secure configuration guides

Answer 53

Guidelines configuring device or software by hardware manufacturers and software developers

Question 54

European Union General Data Protective Directive - GDPR

Answer 54

Data protection and privacy in the EU and EEA

Question 55

Standard

Answer 55

Document approved through consensus by a recognized standardization body Guideline to help protect data and systems

Question 56

Adversary Tactics, Techniques, and Procedures (TTP)

Answer 56

DB of behavior of threat actors and how they attack and manage

Question 57

Request for comments - RFCs

Answer 57

Documents by technology bodies using scientist, engineers, and specialist

Question 58

SSAE SOC 1

Answer 58

internal controls over financial reporting

Question 59

Legislation

Answer 59

State laws

Question 60

Most important phase in pen testing

Answer 60

planning

Question 61

Not enough planning results in _______?

Answer 61

creep (expansion of initial test)

Question 62

How much extra time do you want to give when planning pen test?

Answer 62

20%

Question 63

What 2 reports do you make after a pen test?

Answer 63

Executive summary for a less technical audience Technical for security professionals

Question 64

Most popular vulnerability scanner

Answer 64

Nessus

Question 65

Rules of engagement sequence

Answer 65

Timing Scope Authorization Exploitation Communication Cleanup Reporting