week 4 content Flashcards

1
Q

___ team - A group authorized and organized to emulate a potential adversary’s attack or exploitation against an organizations network

A

red team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

___ team - The group responsible for defending an organizations security posture against all adversary, internal or external

A

blue team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

___ team - A collaborative cybersecurity group that brings together red and blue teams to test and improve security posture

A

purple team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

___-_ - an individual or a group that performs malicious acts against cyber resources generally for monetary gain or disruption of service

A

adversary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

___ - Techniques, tactic and procedures. A tactic is the highest level description of the behavior, while technique give more detailed description of behavior in the context of a tactic. Procedures are lowest level, highly detailed description in the context of a technique

A

TTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

____ ____ - A globally accessible knowledge base framework of adversary tactics and techniques based on real world observations.

A

Mitre attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

____ - Living Off the Land Binaries are binaries of a non-malicious nature, local to the operating system, to camouflage malicious activity

A

LOLBINS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_____ - common vulnerabilities and exposures is a database of publicly disclosed information security code flaws

A

CVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

____ ____ - use a single or small list of commonly used passwords against many different accounts for credential access

A

password spraying

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

____ ___ - use of credentials obtained from breach dumps of unrelated accounts to gain access to target accounts through credential overlap

A

credential stuffing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Threat actors place a high priority on targeting _____in their attacks

A

networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Attacks that target a network or a process that relies on a network include:
* ______ attacks
*______ attacks
*_____attacks
* _____attacks
*_____attacks

A

Interception attacks
Layer 2 attacks
DNS
Distributed denial of service attacks
Malicious codding and scripting attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Interception attacks

In an ____, a threat actor is positioned in a communication between two parties
* The goal of it is to eavesdrop on the conversation or impersonate one of the parties
- it has two phases:
- ____ the traffic
- ____ the transmissions

a ___ attack makes a copy of a legitimate transmission before sending it to the
recipient

threat actors use several techniques for stealing an active session ID:
___ attacks: (hijacks and altered communication between two users)
____ attacks: (cross-site scripting, Trojans, and malicious JavaScript coding)

A _____ attack intercepts communication between parties to steal or manipulate the data
* It occurs between a browser and the underlying computer

usually begins with a ___infecting the computer and installing an
“extension” into the browser configuration

A

MITM (man in the middle)
intercept the traffic
decrypt the transmissions

replay attack

network attacks
endpoint attacks

MItb (man in the browser)

trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Advantages to a MITB attack:

difficult to ___
remains ___
resides in the web browser, hard to ___

A

recognize
dormant
detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Layer 2 attacks

Layer 2, the Data Link Layer, is responsible for dividing the data into packets. A comprise here can affect the entire communication

____ ____ - Relies upon MAC spoofing, which is imitating another computer by means of
changing the MAC address

media access control attacks

MAC ____ attack - threat actors discover a valid MAC address of a device connected to a switch
they spoof the MAC address on and the switch changes its MAC address table to reflect the MAC address with the port to which the attacker’s device is connected

A MAC _____attack is another attack based on spoofing, MAC cloning, and the MAC address table of a switch A threat actor overflows the switch with Ethernet packets that have been spoofed so that every packet contains a different source MAC address

A

ARP poisoning

MAC cloning attack

MAC flooding attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

___ is a hierarchical name system for matching computer names
and IP addresses

A

DNS (domain name system)

17
Q

DNS attacks
_____ a DNS address so that the computer is silently redirected to a different device

  • A successful DNS attack has two consequences:
    URL _____
    domain _____

DNS _____ : modifies a local lookup table on a device to point to a different domain

DNS ____: is intended to infect an external DNS server with IP addresses that point
to malicious sites

A

substitutes

URL redirection
domain reputation

DNS poisoning
DNS hijacking

18
Q

Two locations for DNS poisoning
*_____ ___ table
______ ____ server

A

Two locations for DNS poisoning
* Local host table
* External DNS server

19
Q

DNS hijacking

has the advantage of ____ all users accessing the server

Attackers attempt to exploit a ____ ___ and convince the authentic DNS server to accept fraudulent DNS entries sent from the attackers’ DNS serve

A

redirecting

protocol flaw

20
Q

Distributed Denial of Service Attack
(DDoS)
is a deliberate attempt to prevent authorized users from
accessing a system by _____ it with requests

users are aware that their systems are part of a DDoS attack (T/F)

A

overwhelming
F

21
Q

Malicious Coding and Scripting Attacks
uses:
___
___ ___ (VBA)
___
__/___ ___

A

powershell
visual basic
python
Linux/unix bash

22
Q

Malicious Coding and Scripting Attacks
Visual basic for applications

is an ___-___ Microsoft programming language

used to create ___

microsoft implemented several protections
- ___ view
- trusted ___
- trusted ____

A

event driven
macros

protected view
trusted documents
trusted location

23
Q

In which type of attack is the threat actor positioned between two parties and alters the
transmission to eavesdrop or impersonate one of the parties?
a. MITB
b. MAC cloning
c. MITM
d. Session replay

A

Answer: c. MITM
In a man-in-the-middle (MITM) attack, a threat actor is positioned between two parties
with the goal of eavesdropping or impersonating a party. In an MITM attack, the
transmission is altered whereas in a session replay attack, a copy is made of a
legitimate transmission for the purpose of replaying it later.

24
Q

Packet Capture and Replay Tools

  • ____ is a popular GUI packet capture and analysis tool
  • ____ is a command-line packet analyzer
  • ____ is a tool for editing packets and then “replaying” the packets back onto the
    network to observe their behavior

It can detect unusual behavior that could
- indicate the presence of ____

- search for unusual \_\_\_\_ or \_\_\_ \_\_ \_\_\_

- discover regular \_\_\_\_ to a threat actor’s command and control (C&C) server
A

Wireshark
Tcpdump
Tcpreplay

malware
unsual domains
IP address endpoints
connections

25
Which of the following is a GUI tool that it used to capture and analyze packets? a. Tcpdump b. PowerShell c. Tcpreplay d. Wireshark
Answer: d. Wireshark Wireshark is a GUI packet capture and analysis tool. Tcpdump is a command-line packet analyzer, Tcprelay is used to edit and replay packets, and PowerShell is a scripting tool
26
Physical Security Controls Physical security involves preventing a threat actor from ___ ___ the network Physical security controls include: * ____ ___ defenses * ___ ___ ___ controls * ___ ___ security
physically accessing External perimeter Internal physical security Computer hardware
27
External Perimeter Defenses ___ ____ is an attempt to make the physical presence of a building as nondescript as possible * When its not possible, external perimeter defenses must be used barriers: acts as passive security devices ____is usually a permanent structure to keep unauthorized personnel out. It is usually accompanied by signage that explains the area is restricted * A ____ is generally designed to block the passage of traffic but not designed to keep out individuals * A ____ is a short but sturdy vertical post that is used as a vehicular traffic barricade to prevent a car from ramming into a secured area ____ - human security guards, drones, robot sentries ___ - To supplement the work of security guards, sensors can be placed in strategic locations to alert guards by generating an audible alarm of an unexpected or unusual action
Industrial camouflage Fencing barricade bollard personnel Sensors
28
Internal Physical Security Controls includes: ____ - require a key or other device types: ___ ____: uses buttons ___ ___: uses phone ___ ___: scans for
locks electronic locks smart locks fingerprint locks
29
Internal Physical Security Controls Secure areas A ____ ___ in cybersecurity is an area that separates threat actors from defenders A _____ is designed as an air gap to separate a nonsecure area from a secured area. monitors and controls two interlocking doors to a vestibule
demilitarized zone (DMZ) mantrap
30
Internal Physical Security Controls protected cable distribution (PDS) is a system of ___ ___ used to protect classified information that is being transmitted between two secure areas two types of PDS: * In a ____ carrier PDS, the data cables are installed in a conduit constructed of special electrical metallic tubing and all connections between segments are permanently sealed with welds or special sealants * In an _____ carrier PDS, the carrier system is deployed with specialized optical fibers in the conduit that can sense acoustic vibrations that occur when an intruder attempts to gain access to cables
cable conduits hardened carrier alarmed carrier
31
Internal Physical Security Controls Computer Hardware Security is the physical security that involves protecting endpoint hardware A ___ ___ can be inserted into the security slot of a portable device to secure the device For storage, a laptop can be placed in a ___/___ Computer systems, printers, and similar electronic devices emit ____ fields, which can result in interference ____ ___ can be defined as picking up electromagnetic fields and reading data that is producing them A ___ ___ is a metallic enclosure that prevents entry or escape of an electromagnetic field. A Faraday cage can prevent electromagnetic spying and remote wiping of electronic devices
cable lock safe/vault electromagnetic fields Electromagnetic spying Faraday cage
32