Cyber Attacks and Threats

Questions and Answers

What type of attack involves tricking individuals into divulging sensitive information by impersonating a trusted entity?

• Shoulder Surfing
• Dumpster Diving
• Hoaxes
• Phishing (correct)

What is the primary goal of threat intelligence in the context of security incident response?

• To gather and analyze data on potential threats (correct)
• To identify and prioritize vulnerabilities
• To detect and respond to incidents
• To implement security controls and countermeasures

Which type of malware is designed to encrypt files and demand payment in exchange for the decryption key?

• Virus
• Trojan
• Ransomware (correct)
• Crypto-malware

What is the term for the unauthorized access and exploitation of a vulnerability in a system or application?

Exploit (B)

What is the primary goal of penetration testing in the context of security incident response?

To identify vulnerabilities and weaknesses (D)

What is the term for the process of identifying and prioritizing vulnerabilities in a system or application?

Vulnerability scanning (B)

What is the primary goal of incident response planning in the context of security incident response?

To develop a plan for responding to incidents (A)

What is the term for the unauthorized access and use of another person's identity, often for financial gain?

Identity theft (B)

What is the primary goal of digital forensics in the context of security incident response?

To gather and analyze evidence of a cybercrime (C)

What is the term for the process of protecting sensitive information from unauthorized access or theft?

Data protection (D)

What was the method of malware delivery in the 2013 Target data breach?

Phishing attack through email (C)

What is the primary benefit of having a small supplier base in terms of supply chain security?

Tighter control over vendors and their security policies (A)

What is the main concern with trusting a new server/router/switch/firewall/software in terms of supply chain security?

The device may be infected with malware or have backdoors (C)

What is the recommended approach to ensure proper security in supply chain security?

Implementing strict controls over policies and procedures (A)

What is the primary purpose of Common Vulnerabilities and Exposures (CVE)?

To provide a community-managed list of vulnerabilities (A)

What is the key takeaway from the 2013 Target data breach in terms of supply chain security?

The vulnerability of third-party vendors in the supply chain (B)

What is the main function of the Cyber Threat Alliance (CTA)?

To validate and score threat intelligence submissions (D)

What is the primary purpose of Structured Threat Information eXpression (STIX)?

To describe cyber threat information (B)

What is the main goal of predictive analysis in threat intelligence?

To analyze large amounts of data to find suspicious patterns (A)

What is the purpose of indicators of compromise (IOC)?

To monitor for unusual network activity (C)

What is the primary purpose of a vulnerability database?

To provide a list of known vulnerabilities for researchers (B)

What is the main goal of threat research?

To understand the tactics and tools of attackers (D)

What is the primary purpose of request for comments (RFC)?

To analyze threats and propose solutions (D)

What is the main benefit of attending conferences for threat intelligence?

To learn about new threats and technologies from researchers and industry experts (A)

What is the primary purpose of a threat intelligence service?

To monitor for potential threats in real-time (B)