Review Questions SYS701 - 2

Questions and Answers

Which of the following measures is not commonly used to assess threat intelligence?

• Timeliness
• Detail (correct)
• Accuracy
• Relevance

Which one of the following motivations is most commonly attributed to hacktivists?

• Ethical
• War
• Financial gain
• Political/philosophical beliefs (correct)

Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work?

• Unknown attacker
• Semi-authorized attacker
• Authorized attacker (correct)
• Unauthorized attacker

Which one of the following attackers is most likely to be associated with an APT?

Nation-state actor (A)

Which organization did the U.S. government help create to share knowledge between organizations in specific verticals?

ISACs (D)

Which of the following threat actors typically has the greatest access to resources?

Nation-state actors (A)

Of the threat vectors shown here, which one is most commonly exploited by attackers who are at a distant location?

Email (A)

Which one of the following is the best example of a hacktivist group?

Anonymous (D)

What type of assessment is particularly useful for identifying insider threats?

Behavioral (A)

Cindy is concerned that her organization may be targeted by a supply chain attack and is conducting a review of all of her vendor and supplier partners. Which one of the following organizations is least likely to be the conduit for a supply chain attack?

Talent provider (D)

Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack?

Supply chain (A)

Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs?

Internet RFCs (B)

Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository?

API keys (C)

Which one of the following threat research tools is used to visually display information about the location of threat actors?

Threat map (A)

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?

IoC (B)

Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term best describes this use of technology?

Shadow IT (A)

Tom's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern Tom the most from a security perspective?

Unavailability of future patches (A)

Which one of the following information sources would not be considered an OSINT source?

Port scans (C)

Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which of the following terms best describe Snowden's activities? (Choose two.)

Hacktivist (C), Insider (A)

Renee is a cybersecurity hobbyist. She receives an email about a new web-based grading system being used by her son's school and she visits the site. She notices that the URL for the site looks like this:

www.myschool.edu/grades.php&studentID=1023425

She realizes that 1023425 is her son's student ID number and she then attempts to access the following similar URLs:

www.myschool.edu/grades.php&studentID=1023423

www.myschool.edu/grades.php&studentID=1023424

www.myschool.edu/grades.php&studentID=1023426

www.myschool.edu/grades.php&studentID=1023427

When she does so, she accesses the records of other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee's work?

Semi-authorized hacking (C)

Flashcards

Threat Intelligence Assessment

Measures used to evaluate threat intelligence effectiveness.

Motivation of Hacktivists

Political or philosophical beliefs driving hacktivism.

Authorized Attacker

A person granted permission to test system vulnerabilities.

APT Attackers

Advanced Persistent Threat attackers often linked to nations.

ISACs

Organizations aiding in knowledge sharing among sectors.

Resource Access by Threat Actors

Nation-state actors typically have high resource access.

Commonly Exploited Threat Vector

Email is a frequently exploited threat vector from afar.

Example of Hacktivist Group

Anonymous, known for politically motivated hacking.

Identifying Insider Threats

Behavioral assessments help in finding insider threats.

Supply Chain Attack Conduit

Talent providers are least likely conduits for supply chain attacks.

Supply Chain Threat Vector

Malicious firmware in devices denotes a supply chain issue.

Resource for TLS Research

Internet RFCs provide specifications for Transport Layer Security.

Sensitive Info Concern

API keys found in public repositories are very concerning.

Threat Research Tool

Threat maps visually show locations of threat actors.

Malicious Software Hash Values

Indicators of Compromise (IoCs) refers to malware hash values.

Use of Unauthorized Technology

Shadow IT refers to unauthorized technology use for work.

Concern Over CRM Support

Unavailability of future patches poses security risks.

Not an OSINT Source

Port scans are not considered Open Source Intelligence.

Edward Snowden's Activities

Snowden's actions are described as hacktivism due to disclosure for ethics.

Renee's Hacking Work

Semi-authorized hacking refers to testing without full permission but with some consent.