Threats Actors

Question 1

Anything that could cause harm, loss, damage, or compromise to our information
technology systems
Can come from the following:
● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information

Answer 1

Threat

Question 2

Any weakness in the system design or implementation
Come from internal factors like the following:
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security

Answer 2

Vulnerability

Question 3

Confidentiality is important for 3 main reasons…

Answer 3

To protect personal privacy
To maintain a business advantage
To achieve regulatory compliance

Question 4

Confidentiality, uses 5 basic methods

Answer 4

Encryption
Access Controls
Data Masking (obscuring specific data within database)
Physical Security Measures
Training and Awareness

Question 5

Integrity is important for three main reasons

Answer 5

To ensure data accuracy
To maintain trust
To ensure system operability

Question 6

Integrity, uses 5 basic methods

Answer 6

Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits

Question 7

Availability helps with the following…

Answer 7

Ensuring Business Continuity
Maintaining Customer Trust
Upholding an Organization’s Reputation

Question 8

Redundancy

Answer 8

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 9

Types of Redundancy

Answer 9

Server Redundancy
Data Redundancy (Involves storing data in multiple places)
Network Redundancy (Ensures if one network path fails, data can travel another)
Power Redundancy (involves using backup power sources)

Question 10

An Individual or entity repsonsible for incidents that impact security and data protection

Answer 10

Threat Actor

Question 11

■ Data Exfiltration
■ Blackmail
■ Espionage
■ Service Disruption
■ Financial Gain,
■ Philosophical/Political Beliefs
■ Ethical Reasons
■ Revenge
■ Disruption/Chaos
■ War

Answer 11

Threat Actor Motivations

Question 12

■ Internal vs. External Threat Actors
■ Differences in resources and funding
■ Level of sophistication

Answer 12

Threat Actor Attributes

Question 13

Limited technical expertise, use readily available tools

Answer 13

Unskilled Attackers

Question 14

Unskilled Attackers
Hacktivists
Organized Crime
Nation-State Actor
Insider Threats

Answer 14

Types of Threat Actors

Question 15

Driven by political, social, or environmental ideologies

Answer 15

Hacktivists

Question 15

Execute cyberattacks for financial gain (e.g., ransomware, identity theft)

Answer 15

Organized Crime

Question 16

Highly skilled attackers sponsored by governments for cyber espionage or warfare

Answer 16

Nation-State Actor

Question 17

Security threats originating from within the organization

Answer 17

Insider Threats

Question 18

IT systems, devices, software, or services managed without explicit organizational approval

Answer 18

Shadow IT

Question 19

Decoy systems to attract and deceive attackers

Answer 19

Honeypots

Question 20

Decoy files to detect unauthorized access or data breaches

Answer 20

Honeyfiles

Question 21

Network of decoy systems for observing complex attacks

Answer 21

Honeynets

Question 22

Fake data to alert administrators when accessed or used

Answer 22

Honeytokens

Question 23

Unauthorized transfer of data from a computer

Answer 23

Data Exfiltration

Question 24

Achieved through various means, such as ransomware attacks, or through banking trojans that allow them to steal financial information in order to gain unauthorized access into the victims' bank accounts

Answer 24

Financial Gain

Question 25

Attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met

Answer 25

Blackmail

Question 26

Some threat actors aim to disrupt the services of various organizations, either to cause chaos, make a political statement, or to demand a ransom

Answer 26

Service Disruption

Question 27

Individual with limited technical knowledge use pre-made software or scripts to exploit computer systems and network

Answer 27

Script Kiddie

Question 28

Form of electronic graffiti and is usually treated as an act of vandalism

Answer 28

Website Defacement

Question 29

Attempting to overwhelm the victim's systems or networks so that they cannot be accessed by the organization's legitimate users

Answer 29

Distributed Denial of Service (DDoS) Attacks

Question 30

Involves the public release of private information about an individual or organization

Answer 30

Doxing

Question 31

Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else

Answer 31

False Flag Attack

Question 32

Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth

Answer 32

Advanced Peristant Threat (APT)

Question 33

Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action

Answer 33

Threat Vector

Question 34

Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors

Answer 34

Tactics, Techniques, and Procedures (TTPs)

Question 35

Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment

Answer 35

Attack Surface

Question 36

Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats

Answer 36

Deceptive and Disruption Technologies

Question 37

Threat Vectors include...

Answer 37

Messages Images Files Voice Calls Removable Devices Unsecure Networks

Question 38

Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

Answer 38

Port Triggering

Question 39

Bogus DNS Entries Creating Decoy Directories Dynamic Page Generation Port Triggering Spoofing Fake Telemetry Data

Answer 39

Disruption Technologies