Threats, Vulnerabilities, and Mitigations

Question 1

Threat Actors

What is a Nation State type threat actor?

Answer 1

Government-backed cyber operatives.

These are government sponsored entities that engage in cyber operations to further their national interests. Often possessing substantial resources and advanced technical capabilities, nation states can launch sophisticated attacks, such as espionage, data theft, and even sabotage.

Chapter 5

Question 2

What is an Advanced Persistend Threat (APT)?

Answer 2

An APT is a sophisticated and focused cyberattack launched by well-funded and highly skilled opponents, such as nation-backed agents or organized cybercriminal groups. APTs are recognized for their ability to break into a specific system or network, stay hidden for a long time, and quietly steal important data or cause damage bit by bit over an extended period.

Question 3

What is an Unskilled attacker?

Answer 3

Novice with limited hacking skills.

Unskilled attackers lack technical prowess and often resort to using off-the-shelf tools or purchasing tools from the dark web. These individuals might include script kiddies or other individuals with minimal understanding of hacking methodologies

Chapter 5

Question 4

What is a Hactivist?

Answer 4

Activist hacker with political or social agenda.

Hacktivists are individuals or groups driven by ideological, political, or social motives. They employ cyber tactics to promote a cause, raise awareness, or enact change.

Chapter 5

Question 5

What is an Insider threat?

Answer 5

Trusted insider posing cybersecurity risks.

Insider threats originate from within an organization and can be particularly challenging to detect. These threat actors include employees, contractors, or business partners who misuse their access to compromise data, systems, or networks. Insider threats can be unintentional (such as employees falling victim to phishing attacks) or intentional when disgruntled personnel seek revenge or financial gain.

Chapter 5

Question 6

What is an Organized crime threat actor?

Answer 6

Criminal group seeking financial gain via cybercrime.

These threat actors operate like cybercriminal enterprises, engaging in activities such as ransomware attacks, credit card fraud, and identity theft. Their operations are characterized by a hierarchical structure, division of labor, and a focus on monetary gains. The increasing monetization of cyberattacks has turned organized crime into a major cybersecurity concern.

Chapter 5

Question 7

What is Shadow IT?

Answer 7

*Unauthorized, unregulated tech use within an organization. *

Shadow IT refers to technology used within an organization without proper approval or oversight from the IT department. While not necessarily malicious, shadow IT can create
vulnerabilities and expose an organization to security risks.

Chapter 5

Question 8

Define an Internal threat actor.

Answer 8

These originate from within an organization’s own ranks, often taking advantage of their familiarity with systems, networks, and processes. They can be employees, contractors, or even
business partners.

Chapter 5

Question 9

Define an External threat actor.

Answer 9

These come from outside the organization and include a wide range of entities, from individual hackers to organized crime groups and nation states. External threat actors typically lack
direct knowledge of the target’s internal systems, which may lead them to rely on reconnaissance and social engineering to gain access.

Chapter 5

Question 10

What are the three common message based attack vectors?

Answer 10

Email: Phishing, malicious attachments
Short Message Service (SMS): Text-based scams, malicious links, and smishing
Instant messaging (IM): Chat-based phishing, malware distribution, and social engineering

Chapter 6

Question 11

What is an image-based attack vector?

Answer 11

Malware hidden in images, steganography

Cyber attackers exploit image-based vulnerabilities to embed harmful code or links. These
seemingly harmless images can lead to unauthorized access, ransomware attacks, and system compromises.

Chapter 6

Question 12

What is a file-based attack vector?

Answer 12

Malicious files, trojans, ransomware distribution

Malicious files exploit software vulnerabilities, launching cyberattacks when opened. These files execute harmful code, enabling hackers to breach systems, steal data, or gain control remotely.

Chapter 6

Question 13

Explain what a voice call attack vector is.

Answer 13

Vishing, social engineering via voice

Attackers can manipulate voice calls to deceive users into revealing personal information, gaining unauthorized access, or perpetrating financial fraud. An example of this is caller ID spoofing, in which the attacker ingeniously disguises the true origins of a call, making it look like someone else is contacting you.

Chapter 6

Question 14

What is a removable device attack vector?

Answer 14

Malware on USBs, data theft

Removable devices, from USB drives to external hard drives, offer a convenient means of data transfer. When introduced into a network or system, infected removable devices can spread malware, compromise security, and enable unauthorized access.

Chapter 6

Question 15

What is vulnerable software attack vector?

Answer 15

Exploiting software vulnerabilities for attacks.

Vulnerabilities often arise from coding errors, design flaws, or outdated components within the software, making it susceptible to various cyber threats such as viruses, malware, and cyberattacks.

Chapter 6

Question 16

Wha are the two types of software vulerability scanning.

Answer 16

Client-based scanning: Client-based scanning (in which an agent resides on each host) operates as a tool for automating vulnerability discovery and classification, efficiently reporting to a central management server.
Agentless scanning: On the flip side, agentless-based scanning, which is the preferred method for threat actors during reconnaissance, is employed to scan hosts without necessitating any installations. Examples of agentless-based scanning are Nmap and Wireshark.

Chapter 6

Question 17

What are the vulnerabilities for each of the following unsecured networks:
Wireless
Wired
Bluetooth

Answer 17

Wireless: Hacking via Wi-Fi networks, Bluetooth. A wireless network using open system authentication lacks encryption. This means that any data exchanged between a guest’s device and a hotel’s network, for instance, is sent in plain text that cybercriminals with the right tools can intercept to eavesdrop on this data, potentially accessing sensitive information.
Wired: Attacks on physically connected systems. Without proper encryption and access controls, unauthorized physical access to network ports can lead to data breaches and malware attacks. To preserve the integrity and reliability of these networks, implementing stringent access controls, encryption protocols, and consistent security assessments is crucial. We should also remove the patch cables for ports that are not being used.
Bluetooth: Exploiting device connections, data interception. A personal area network (PAN) is a Bluetooth network. Bluetooth features, such as easy pairing, can open the door to security breaches. While designed to simplify device connections, it can also inadvertently allow unauthorized access when left unchecked. Attackers equipped with specialized tools can exploit the relaxed pairing process, potentially infiltrating devices and compromising sensitive data.

Chapter 6

Question 18

What are open service ports a weakness?

Answer 18

Exploiting open ports for unauthorized access.

Open ports provide entry points to networked systems and applications. Attackers scan for these openings and exploit them to gain unauthorized access or execute malicious code. Regular port scanning and closing unnecessary ports are vital steps in minimizing this attack surface.

Chapter 6

Question 19

Why are default credentials a weakness?

Answer 19

Attacks using unchanged factory settings.

Default credentials (often set by manufacturers for ease of installation) are a glaring point of weakness. Attackers leverage default usernames and passwords to gain unauthorized access to systems and applications, and these default credentials are posted on several websites.

Chapter 6

Question 20

What are the three types of supply chains that can be exploited?

Answer 20

Managed service providers (MSPs): Breaching via service providers
Vendors: Exploiting vulnerabilities through external partners
Suppliers: Attacking through the supply chain network

Chapter 6

Question 21

What is human vector/social engineering?

Answer 21

Manipulating human psychology for breaches.

Chapter 6

Question 22

What is (spear) phishing?

Answer 22

Deceptive emails for data theft

Spear phishing is a more targeted variant of phishing. It involves attacks directed at specific groups, such as the board of directors at a company. These emails are tailored to create a sense of authenticity and urgency, enticing the victim to click on a link embedded in the email, which typically leads to a malicious website or triggers a malware download.

Chapter 6

Question 23

What is smishing?

Answer 23

SMS-based deceptive tactics

Smishing:Smishing extends phishing to text messages, tricking recipients into clicking malicious links. A seemingly harmless SMS might prompt you to click a link that downloads malware onto your device.

Chapter 6

Question 24

What is Vishing?

Answer 24

Voice-based social engineering attacks

Chapter 6

Question 25

What is Business email compromise (BEC):

Answer 25

Targeted email scams for fraud

Compromising a legitimate business email account to orchestrate financial fraud. They might carry out an invoice scam where they change payment details on a legitimate invoice, thereby redirecting funds to the attacker’s account.

Chapter 6

Question 26

What is pretexting attack?

Answer 26

Fabricating scenarios to manipulate targets

Chapter 6

Question 27

What is a watering hole attack?

Answer 27

Compromising websites for targeted attacks

Chapter 6

Question 28

What is typosquatting?

Answer 28

Exploiting typos in domain names
To look like the real domain.

Chapter 6

Question 29

What is a Memory injection application vulnerability?

Answer 29

Unauthorized code inserted into a program’s memory space

Chapter 7

Question 30

What is a Buffer overflow vulnerability?

Answer 30

Data exceeding allocated memory, leading to potential exploits

Chapter 7

Question 31

What is a Race condition vulnerability?

Answer 31

Conflicts arise when multiple processes access shared resources

Chapter 7

Question 32

What is TOC and TOU?

Answer 32

Timing mismatches exploited during checks and usage

Chapter 7

Question 33

What is a Malicious update?

Answer 33

Attackers introducing harmful code through software updates

Chapter 7

Question 34

What are Operating System (OS) Vulnerabilities Web-Based
Vulnerabilities?

Answer 34

Weakness in a website or web application

Chapter 7

Question 35

What is SQL Injection (SQLI)?

Answer 35

Attackers manipulating input to exploit database vulnerabilities

Chapter 7

Question 36

What is Cross-Site Scripting (XSS)?

Answer 36

Malicious scripts injected into web pages

Chapter 7

Question 37

Hardware vulnerabilities

What is Firmware?

Answer 37

Low-level software controlling hardware

Chapter 7

Question 38

What is End-of-life vulnerability?

Answer 38

Security gaps due to discontinued hardware support

Chapter 7

Question 39

What are Legacy vulnerabilities?

Answer 39

Older hardware with outdated security measures

Chapter 7

Question 40

What is VM escape?

Answer 40

Unauthorized breakout from a VM to the host system

Chapter 7

Question 41

What is VM sprawl?

Answer 41

Unmanaged VMs installed on your network

Chapter 7

Question 42

What is a Resource reuse vulnerability?

Answer 42

Overuse of shared resources, leading to vulnerabilities

Chapter 7

Question 43

Cloud-specific vulnerabilities are…?

Answer 43

Vulnerabilities unique to cloud computing environments

Chapter 7

Question 44

What are Service provider Risks?

Answer 44

Risks from third-party services used in the supply chain

Chapter 7

Question 45

What are Hardware provider risks?

Answer 45

Vulnerabilities originating from hardware suppliers

Chapter 7

Question 46

What are Software provider Risks?

Answer 46

Risks tied to software components from external providers

Chapter 7

Question 47

Cryptographic vulnerabilities

Answer 47

Weaknesses in encryption methods that attackers exploit

Chapter 7

Question 48

Misconfiguration vulnerabilities

Answer 48

Errors in a system setup, leading to security holes

Chapter 7

Question 49

Side loading

Answer 49

Installing apps from unofficial sources, risking malicious software

Chapter 7

Question 50

Jailbreaking

Answer 50

Bypassing iOS restrictions, compromising device security

Chapter 7

Question 51

Zero-day vulnerabilities

Answer 51

Unknown software flaws exploited by attackers before fixes are available

Chapter 7

Question 52

Ransomware

Answer 52

Attacker demands payment for decryption

Chapter 8

Question 53

What are the characteristics of Trojans?

Answer 53

Unauthorized system access, unexpected system changes

Chapter 8

Question 54

What are the characteristics of Worms?

Answer 54

Rapid network congestion, unusual traffic patterns

Chapter 8

Question 55

What are the characteristics of Spyware?

Answer 55

Unexplained data exfiltration, suspicious process activity

Chapter 8

Question 56

What are the characteristics of Bloatware?

Answer 56

Excessive resource consumption, slowed system performance

Chapter 8

Question 57

What are the characteristics of Viruses?

Answer 57

Infected files or software, replication in files and memory

Chapter 8

Question 58

What are the characteristics of Keyloggers?

Answer 58

Keystroke logging, unusual data transfer

Chapter 8

Question 59

What are the characteristics of Logic bombs?

Answer 59

Specific trigger events, sudden system crashes

Chapter 8

Question 60

What are the characteristics of Rootkits?

Answer 60

Hidden processes, unauthorized access

Chapter 8

Question 61

What are the characteristics of Brute force attacks?

Answer 61

Repeated login attempts, account lockouts

Chapter 8

Question 62

What is RFID cloning?

Answer 62

Unauthorized RFID tag usage, duplication

Chapter 8

Question 63

What are physical, Environmental attacks?

Answer 63

Physical damage, tampering with hardware

Chapter 8

Question 64

DDoS attacks

Answer 64

Service unavailability

Chapter 8

Question 65

Amplified DDoS

Answer 65

Magnifying attack traffic for greater disruption

Chapter 8

Question 66

Reflected DDoS

Answer 66

Redirecting and multiplying attack traffic for disruption

Chapter 8

Question 67

DNS attacks

Answer 67

DNS query anomalies, spoofed responses

Chapter 8

Question 68

Wireless attacks

Answer 68

Unauthorized network access, signal interference

Chapter 8

Question 69

On-path attacks

Answer 69

Unauthorized interception of data, traffic redirection

Chapter 8

Question 70

What is a Credential replay attack?

Answer 70

Reused or intercepted login credentials

Chapter 8

Question 71

What is a Malicious code network attack?

Answer 71

Altered or malicious scripts, code injection

Chapter 8

Question 72

What is an Injection attack?

Answer 72

Unauthorized code or data insertion

Chapter 8

Question 73

Buffer overflow

Answer 73

Excessive data overwrites program memory

Chapter 8

Question 74

What is a Replay attack?

Answer 74

Repetition of intercepted data

Chapter 8

Question 75

What is a Privilege escalation attack?

Answer 75

Unauthorized access to higher privileges

Chapter 8

Question 76

Forgery

Answer 76

Manipulation of data or credentials

Chapter 8

Question 77

Directory traversal

Answer 77

Unauthorized access to directory paths

Chapter 8

Question 78

Password spraying

Answer 78

Repeated login attempts with common passwords

Chapter 8

Question 79

Brute force

Answer 79

Repeated login attempts with various password combinations

Chapter 8

Question 80

What is a Downgrade cryptographic attack?

Answer 80

Weakening encryption protocols covertly

Chapter 8

Question 81

What is a Collision cryptographic attack?

Answer 81

Forcing hash functions to collide

Chapter 8

Question 82

What is a Birthday cryptographic attack?

Answer 82

**Unmasking cryptographic hash collisions secretly

Chapter 8

Question 83

Account lockout

Answer 83

Repeated failed login attempts

Chapter 8

Question 84

Concurrent session usage

Answer 84

Simultaneous logins from multiple locations

Chapter 8

Question 85

Blocked content

Answer 85

Restricted access to specific resources

Chapter 8

Question 86

Impossible traveling

Answer 86

Logins from geographically distant locations that are too far apart

Chapter 8

Question 87

Resource consumption

Answer 87

Abnormal system resource usage

Chapter 8

Question 88

Resource inaccessibility

Answer 88

Critical resources becoming unavailable

Chapter 8

Question 89

Out-of-cycle logging

Answer 89

Irregular logging patterns

Chapter 8

Question 90

What is a Published/documented indicator?

Answer 90

Sensitive information unintentionally exposed

Chapter 8

Question 91

Missing logs

Answer 91

Gaps in log data, potential tampering

Chapter 8

Question 92

Segmentation

Answer 92

Dividing networks into smaller segments

Chapter 9

Question 93

Access control

Answer 93

Regulating user access to sensitive resources:
**Access control list (ACL): **Digital gatekeeper with a guest list, filtering authorized access
Permissions: Digital keys, granting entry or locking users from resources

Chapter 9

Question 94

Application allow list

Answer 94

Allow trusted software, blocks untrusted applications

Chapter 9

Question 95

Isolation

Answer 95

Separates and protects critical assets

Chapter 9

Question 96

Patching

Answer 96

Regular updates to fix software vulnerabilities

Chapter 9

Question 97

Encryption

Answer 97

Secures data by making it unreadable to unauthorized parties

Chapter 9

Question 98

Monitoring

Answer 98

Dynamically identifies and addresses security threats

Chapter 9

Question 99

Least privilege

Answer 99

Users and processes get only essential permissions

Chapter 9

Question 100

Configuration enforcement

Answer 100

Maintains systems per security standards

Chapter 9

Question 101

Decommissioning

Answer 101

Identifies and retires unneeded assets

Chapter 9

Question 102

What are 7 Hardening techniques?

Answer 102

*Strengthen host security against various threats:

Encryption: Transforming data into secret code for digital security
Endpoint protection: Safeguarding devices from cyber threats with proactive security
Host-based firewall: Protects individual hosts from network threats
Host-based intrusion prevention system (HIPS): Monitors and blocks intrusions at the host level
Disabling ports/protocols: Closes unused pathways to reduce vulnerabilities
Default password changes: Enhances security by changing initial passwords
Removal of unnecessary software:Reduces attack surface by uninstalling surplus applications*

Chapter 9