30 Questions
What is the primary goal of an adversary in a security context?
To disrupt or prevent proper operation of a secure system
What is a cyber adversary model used for?
To categorize types of attackers based on their characteristics
What are the resources of an adversary referred to?
The assets and tools available to an adversary
What are the components of a cyber adversary model based on?
The characteristics of the attacker
What is the purpose of categorizing adversaries based on their characteristics?
To help organizations better anticipate and defend against cyber threats
What is an adversary in the context of security?
An attacker with malicious intent
What are the resources that cyber adversaries can possess to carry out malicious activities?
Hacking tools, financial resources, and malwares
What do the technical skills and expertise of an adversary refer to?
Capabilities
What is the primary goal of an adversary's intent?
To obtain or manipulate specific data within a system
What is an example of a motivation for conducting cyber attacks?
For financial gain
What is the difference between an adversary's intent and motivation?
Intent is the goal, while motivation is the underlying reason
What is an example of an adversary's capability?
The ability to steal data from a device
What is the primary motive behind an attacker's intent to steal private information?
To extort money from the victim
What does risk aversion refer to in the context of cyber attacks?
The level of care an adversary takes in their decisions
What is technical access?
Exploiting a vulnerability
What is the attack surface of an enterprise network?
The sum of all the points where an attacker could attempt unauthorized access
What is the primary goal of implementing Zero-trust Policies in a network?
To require authentication for all users and devices
What is the term used to describe the method that bad actors use to break into or sneak into a network or system?
Attack Vector
What is an example of credential-based access?
Using stolen username and password
Which of the following is NOT an example of an attack vector?
Network Security Solution
What is the difference between intent and motivation in the context of cyber attacks?
Intent is the goal, motivation is the reason for achieving the goal
What is the purpose of an attack tree?
To model the steps needed for a successful attack
What is the result of a successful attack according to the attack tree model?
A complete set of requirements from the nodes at the bottom to those at the top
Why is it important to regularly check for vulnerabilities in a network?
To identify potential entry points for attackers
What is a key benefit of using attack trees in understanding cyber security risk?
Providing a visualization of the problem to develop a deeper understanding of the risk
What do nodes represent in an attack tree?
Any action from an attacker
What is the purpose of the root node in an attack tree?
To represent the core issue being addressed
How is an attack tree built?
By following a series of steps, including identifying the core issue, creating the root node, and adding nodes and branches
What is the goal of the final step in building an attack tree?
To ensure each branch of the tree ends in a leaf node
What is the purpose of an attack tree's branches?
To represent the dependencies between nodes
Test your understanding of cyber adversary models, including components, attack surfaces, digital and physical attack surfaces, attack vectors, and attack trees. Learn how to reduce attack surface areas and build an attack tree.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free