Unit 1 - Danger

Question 1

Another term for rogue wireless hotspots is “_____ ____” hotspots.

Answer 1

Another term for rogue wireless hotspots is “evil twin” hotspots.

Question 2

What is an evil twin attack?

Answer 2

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.

• Best way to avoid is to never use public wi-fi hotspots.
• Use VPN’s
• Only access HTTPS websites
• Use two factor login

Question 3

What is a ransomware attack?

Answer 3

A ransomware attack is a form of malware attack in which an attacker seizes the user’s data, folders, or entire device until a ‘ransom’ fee is paid. Ransomware attack exploits the open security vulnerabilities by infecting a PC or a network with a phishing attack, or malicious websites.

Question 4

Explain Targeted nations.

Answer 4

Malware that is so sophisticated and expensive to create that security experts believe only a nation state or group of nations could possibly have the influence and funding to create it. Such malware can be targeted to attack a nation’s vulnerable infrastructure, such as the water system or power grid.

Question 5

List five types of threat actors.

Answer 5

Threat actors include, but are not limited to, amateurs, hacktivists, organized crime groups, state-sponsored, and terrorist groups. Threat actors are individuals or groups of individuals who perform cyberattacks. Cyberattacks are intentional malicious acts meant to negatively impact another individual or organization.

Question 6

Describe amateur threat actors.

Answer 6

Amateurs, also known as script kiddies, have little or no skill. They often use existing tools or instructions found on the internet to launch attacks. Some are just curious, while others try to demonstrate their skills by causing harm. Even though they are using basic tools, the results can still be devastating.

Question 7

Describe hacktavist threat actors.

Answer 7

Hacktivists are hackers who protest against a variety of political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles and videos, leaking sensitive information, and disrupting web services with illegitimate traffic in distributed denial of service (DDoS) attacks.

Question 8

Things to consider when asking how secure a device is?

Answer 8

• Who wrote the firmware?
• Did the programmer pay attention to security flaws?
• Is your connected home thermostat vulnerable to attacks?
• What about your digital video recorder (DVR)?
• If security vulnerabilities are found, can firmware in the device be patched to eliminate the vulnerability?
• Many devices on the internet are not updated with the latest firmware. Some older devices were not even developed to be updated with patches. These two situations create opportunity for threat actors and security risks for the owners of these devices.

Question 9

What is PII?

Answer 9

Personally identifiable information (PII) is any information that can be used to positively identify an individual. , email, phone numbers)

Question 10

Examples of PII include?

Answer 10

Examples of PII include:

Name
Social security number
Birthdate
Credit card numbers
Bank account numbers
Government issued ID
Address information (street

Question 11

What is PHI?

Answer 11

A subset of PII is protected health information (PHI). The medical community creates and maintains electronic medical records (EMRs) that contain PHI

Question 12

In the U.S., handling of PHI is regulated by what organization.

Answer 12

In the U.S., handling of PHI is regulated by the Health Insurance Portability and Accountability Act (HIPAA).

Question 13

What organization in the European Union works to protect a broad range of PII?

Answer 13

In the European Union the General Data Protection Regulation (GDPR) protects a broad range of personal information in including health records.

Question 14

What is PSI?

Answer 14

Personal security information (PSI) is another type of PII. This information includes usernames, passwords, and other security-related information that individuals use to access information or services on the network. According to a 2019 report by Verizon, the second most common way that threat actors breached a network was by using stolen PSI.

Question 15

An attacker sends a piece of malware as an email attachment to employees in a company. What is one probable purpose of the attack?

A. cracking the admin password for a critical server
B. probing open ports on the firewall on the border network.
C. searching and obtaining trade secrets.
D. denying external access to a web server that is open to the public.

Answer 15

C. Searching and obtaining trade secrets

This is a malware attack. The purpose of a typical malware attack is to disrupt computer operations, gather sensitive information, or gain access to a private computer system. Cracking a password cannot be carried out by a simple malware attack because it requires intensive CPU and memory, which will make its operation noticeable. A reconnaissance attack would be used to probe open ports on a border firewall. Similarly, denying external access to a web server is a DoS attack launched from outside the company.

Question 16

What is cyberwarfare?

A. It is an attack only on military targets.
B. It is an attack on major corporation.
C. It is an attack designed to disrupt, corrupt, or exploit national interests.
D. It is an attack that only involves robots and bots

Answer 16

C. It is an attack designed to disrupt, corrupt, or exploit national interests.

Cyberwarfare is a subset of information warfare (IW). Its objective is to disrupt (availability), corrupt (integrity) or exploit (confidentiality or privacy). It can be directed against military forces, critical infrastructures, or other national interests, such as economic targets. It involves several teams that work together. Botnet might be one of several tools to be used for launching the attack.

Question 17

What type of malware has the primary objective of spreading across the network?

A. botnet
B. worm
C. Trojan horse
D. Virus

Answer 17

B. Worm

The main purpose of a worm is to self-replicate and propagate across the network. A virus is a type of malicious software that needs a user to spread. A trojan horse is not self-replicating and disguises itself as a legitimate application when it is not. A botnet is a series of zombie computers working together to wage a network attack. ​

Question 18

What is a potential risk when using a free and open wireless hotspot in a public location?

A. The internet connection can become too slow when many users access the wireless hotspot.
B. Network traffic might be hijacked and information stolen.
C. Purchase of products from vendors might be required in exchange for the internet access.
D. Too many users trying to connect to the internet may cause a network traffic jam.

Answer 18

B. Network traffic might be hijacked and information stolen.

Many free and open wireless hotspots operate with no authentication or weak authentication mechanisms. Attackers could easily capture the network traffic in and out of such a hotspot and steal user information. In addition, attackers might set up a “rogue” wireless hotspot to attract unsuspecting users to it and then collect information from those users.

Question 19

At the request of investors, a company is proceeding with cyber attribution with a particular attack that was conducted from an external source. Which security term is used to describe the person or device responsible for the attack?

A. fragmenter
B. tunneler
C. threat actor
D. skeleton

Answer 19

C. threat actor

Some people may use the common word of “hacker” to describe a threat actor. A threat actor is an entity that is involved with an incident that impacts or has the potential to impact an organization in such a way that it is considered a security risk or threat.

Question 20

What name is given to an amateur hacker?

A. black hat
B. red hat
C. blue team
D. script kiddie

Answer 20

D. script kiddie

Script kiddies is a term used to describe inexperienced hackers.

Question 21

What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran?

Answer 21

The Stuxnet malware program is an excellent example of a sophisticated cyberwarfare weapon. In 2010, it was used to attack programmable logic controllers that operated uranium enrichment centrifuges in Iran.