Cybersecurity Principles

Questions and Answers

Within the context of cybersecurity, what does the CIA triad primarily aim to ensure?

• Confidentiality, Integrity, Availability. (correct)
• Compliance, Integrity, Availability.
• Confidentiality, Identification, Anonymity.
• Control, Isolation, Authentication.

Which scenario exemplifies the use of multi-factor authentication?

• Answering a security question to reset a forgotten password.
• Entering a password to access an email account.
• Using a fingerprint scan in conjunction with a PIN to access a banking app. (correct)
• Receiving an email confirmation after creating a new online account.

What is the primary function of the AAA framework in cybersecurity?

• Auditing, Archiving, and Analyzing network traffic.
• Application, Access, and Aggregation of security protocols.
• Authentication, Authorization, and Accounting of user actions. (correct)
• Assessment, Approval, and Avoidance of potential threats.

Which of the following best describes a 'threat vector' in the context of cybersecurity?

The method or path an attacker uses to gain access to a system or network. (C)

Which of the following actions would LEAST likely protect against ransomware attacks?

Clicking on links in emails from unrecognized senders to verify their identity. (B)

How does understanding 'threat vectors' assist a cybersecurity technician in protecting an organization's resources?

It allows for the identification of potential pathways attackers might exploit to gain unauthorized access. (C)

Which of the following scenarios represents the most effective application of the AAA framework?

Authenticating users with a username and password, authorizing them based on their role, and auditing their access to sensitive data. (D)

What would be the most effective approach in defending against ransomware attacks?

Regularly backing up critical data to an isolated system and keeping software updated. (B)

What is the primary security risk associated with botnets?

They enable attackers to use compromised devices for large-scale attacks like DDoS or spam campaigns. (B)

An employee receives an email claiming to be from the IT department, requesting immediate password verification through a provided link. What type of security threat does this scenario most likely represent?

A phishing attempt. (D)

Which security goal is MOST directly compromised when a disgruntled employee intentionally modifies sensitive financial records within a company database?

Integrity (A)

A hospital needs to ensure patient data is accessible to doctors during an emergency, even if their primary data center fails. Which of the following availability controls would be MOST effective?

Establishing a redundant, geographically separate backup system. (A)

Which scenario most clearly illustrates a vulnerability within a cyber ecosystem?

A software program contains a coding flaw that allows hackers to inject malicious code. (B)

Which of the following scenarios BEST demonstrates the use of hashing to ensure data integrity?

Calculating an MD5 checksum of a file before and after transmission. (A)

An organization's cybersecurity strategy should primarily aim to mitigate what?

The potential exploitation of system vulnerabilities by cyber threats. (C)

A company wants to enhance the confidentiality of its sensitive data both at rest and in transit. Which combination of security controls would BEST achieve this?

Encryption and access control lists. (D)

What is the difference between a cyber threat and a cyber vulnerability?

A cyber vulnerability is a weakness that can be exploited, while a cyber threat is a potential danger that can exploit the weakness. (B)

An online retailer experiences a Distributed Denial of Service (DDoS) attack, rendering its website inaccessible to customers. Which security principle has been MOST directly violated?

Availability (D)

What is the PRIMARY purpose of implementing version control systems within a software development environment?

To maintain data integrity by tracking and managing changes to code. (C)

Why is cybersecurity crucial for enabling technological innovation?

It facilitates the safe and reliable adoption of new technologies like IoT and AI. (D)

Which of the following scenarios represents the most significant impact of a successful cyberattack on national security?

Disruption of a country's power grid, leading to widespread outages. (A)

Which AAA component is PRIMARILY responsible for verifying a user's identity?

Authentication (D)

What is the main goal of Role-Based Access Control (RBAC)?

To restrict system access based on a user's organizational role. (A)

In the context of cybersecurity, what does 'preserving reputation and trust' primarily involve?

Implementing robust measures to safeguard data and ensure customer confidence. (B)

What is the most appropriate action to take when a cybersecurity technician identifies a vulnerability in a system?

Document the vulnerability, assess its potential impact, and implement remediation measures. (C)

What is the projected impact that cybercrime has on organizations, individuals, and governments?

Cybercrime costs are projected to rise to trillions annually. (D)

Which of the following controls would be MOST effective in maintaining the integrity of sensitive data stored in a database?

Using digital signatures and hashing algorithms to detect unauthorized modifications. (C)

An organization wants to ensure that its critical systems remain operational even during a power outage. Which availability control would be the MOST suitable?

Using redundant power supplies and backup generators. (D)

A company suspects that a disgruntled employee has intentionally altered financial records in a database. Which control would be MOST effective in detecting and auditing these changes?

Implementing audit logs and monitoring systems to track all database modifications. (C)

Which scenario BEST illustrates a violation of the principle of confidentiality?

An unauthorized user gains access to sensitive customer data through a phishing attack. (A)

Which scenario best illustrates how cybersecurity contributes to 'preserving reputation and trust' for an organization?

An organization invests in training employees to identify phishing attempts, preventing potential data leaks and maintaining customer confidence. (C)

How does cybersecurity primarily support 'enabling technological innovation' in modern society?

By creating a safe environment for the development and deployment of new technologies like IoT and AI. (A)

Which of the following scenarios represents the MOST significant threat to data integrity?

An attacker exploits a vulnerability to gain unauthorized access and intentionally modify critical data. (B)

A hospital needs to ensure that patient data is accessible to doctors at all times, even in the event of a system failure. Which availability control would be MOST effective?

Using redundant servers and data replication to ensure data availability. (B)

What is the MOST direct impact of a successful cyberattack on a nation's critical infrastructure, such as its power grid?

Significant financial losses and potential disruption of essential services. (A)

Which of the following actions would BEST protect against Distributed Denial of Service (DDoS) attacks?

Implementing a web application firewall (WAF) with DDoS protection capabilities. (A)

Which scenario BEST demonstrates the difference between a cyber threat and a cyber vulnerability?

A firewall misconfiguration (vulnerability) allows a hacker (threat) to access a database. (D)

How does implementing a robust AAA (Authentication, Authorization, and Accounting) framework enhance cybersecurity?

By providing a structured approach to verify user identity, grant appropriate access, and track user activities. (D)

An organization prioritizes protecting its sensitive customer data to avoid financial losses and maintain customer trust. Which security goals align with this objective?

Confidentiality and Integrity. (A)

Why is understanding the 'cyber ecosystem' important for a cybersecurity technician?

It provides a comprehensive view of interconnected systems, devices, and users, allowing for more effective security strategies. (A)

What is the MOST effective way to mitigate a 'security risk'?

Implementing controls to reduce the likelihood or impact of the associated threat exploiting a vulnerability. (A)

A company wants to implement a cybersecurity strategy that not only protects data but also ensures they can trace any unauthorized activity back to a specific user. Which security principle is MOST relevant?

Non-repudiation. (C)

An organization discovers a new vulnerability in their web server software. What is the MOST effective immediate action to mitigate the risk associated with this vulnerability?

Immediately apply the vendor-supplied patch or implement a workaround if a patch is unavailable. (C)

A cybersecurity technician is designing a system to protect sensitive data. Which approach BEST balances security with usability?

Restricting access to data based on the principle of least privilege and regularly auditing user permissions. (D)

Which action would LEAST likely protect against ransomware attacks?

Disabling all network firewalls to improve network performance. (C)

An organization observes a sudden increase in outbound network traffic to unusual IP addresses, coupled with multiple failed login attempts on various systems. What type of security threat does this most likely indicate?

A botnet infection attempting to spread or carry out malicious activities. (A)

A cybersecurity technician discovers that several employees have fallen victim to a phishing campaign, resulting in compromised user credentials. What is the MOST effective immediate step to contain the incident?

Isolate affected systems from the network and revoke the compromised credentials. (D)

Flashcards

CIA Triad

Confidentiality, Integrity, and Availability. These are the core principles of information security.

AAA Framework

Authentication, Authorization, and Accounting. These are the five critical elements in AAA framework.

Multi-Factor Authentication

Using more than one method of authentication to verify a user's identity.

Threat Vector

A path or method that attackers use to gain access to a system or network.

Ransomware

A type of malware that encrypts a victim's files and demands a ransom to restore access.

Cybersecurity

Protecting computer systems and networks from information disclosure, theft, or damage.

Information Security Threat

Something that could potentially harm a system or organization.

Vulnerability

A weakness or gap in security defenses that a threat can exploit.

Example of Multi-Factor Authentication

Using multiple verification methods across different categories (something you know, something you have, or something you are).

Botnet

A network of infected computers controlled by a hacker to perform malicious tasks.

Cybersecurity Definition

Protecting cyberspace from cyber threats and vulnerabilities.

Cyberspace

A complex network of activities carried out through interconnected computer systems and devices.

Cyber Threat

Unauthorized access, data theft, system takeover, or malicious code propagation.

Cyber Vulnerability

A weakness or loophole in systems that can lead to cyberattacks.

Security Risk

The potential for harm or loss to an organization's assets due to exploitable vulnerabilities.

Protecting Sensitive Data

Protecting personal, financial, and business information from breaches.

National Security (Cyber)

Defending against cyberattacks targeting critical infrastructure.

Preserving Reputation

Robust cybersecurity measures preserving customer trust and brand value.

Confidentiality

Ensuring data is accessible only to authorized individuals or systems.

Integrity

Ensuring data remains accurate, consistent, and unaltered unless authorized.

Availability

Ensuring systems, services, and data are accessible when needed by authorized users.

Confidentiality Failure

Unauthorized access, weak passwords and data leaks can cause this to fail.

Integrity Failure

Intentional alteration, user error or a software error can cause this to fail.

Availability Failure

Distributed Denial of Service (DDoS) attacks, hardware failures, and natural disasters can cause this to fail.

Encryption

Encryption is used to protect data at rest and in transit.

Availability Controls

A security measure consisting of redundancy, load balancing and regular maintenance.

Access controls

Ensures that only authenticated users are granted access to resources.

RBAC Definition

Role-Based Access Control.

Data Protection

Protecting personal, financial, and confidential business information from unauthorized access.

National Security

Defending vital systems like power grids and healthcare networks from online attacks.

Reputation Preservation

Maintaining customer trust and brand reputation through effective cybersecurity measures.

Social Engineering

Exploiting human psychology to trick individuals into divulging confidential information.

Multi-Factor Authentication (MFA)

Verifying a user's identity using multiple independent authentication factors.

Study Notes

• A threat is a potential occurrence that can damage and disrupt operations and activities.
• Threat actors use cyber threats to infiltrate and steal data, such as personal information, financial data, and login credentials.

Threat Sources

• Threats can originate from:
  • Natural events like fires, floods, and power failures
  • Unintentional actions by unskilled administrators, accidents, or untrained employees
  • Intentional acts from both internal (disgruntled employees, service providers, contractors) and external sources (hackers, criminals, terrorists).

Threat Actors/Agents

• Black Hats: Extraordinary skills, engage in malicious/destructive activities.
• White Hats: Use hacking skills defensively, are also known as security analysts.
• Gray Hats: Work offensively and defensively.
• Suicide Hackers: Not worried of jail and aim to bring down critical infrastructure
• Script Kiddies: Lacking skills and use scripts/tools developed by others.
• Cyber Terrorists: Motivated by religious or political beliefs, aiming to cause fear through disruption.
• State-Sponsored Hackers: Government employed, to penetrate information systems.
• Hacktivists: Promote a political agenda by defacing or disabling websites.
• Hacker Teams: Skilled hackers jointly researching.
• Industrial Spies: Corporate espionage through competitor spying to steal information.
• Insiders: Trusted employees who may violate rules or cause harm with their access.
• Criminal Syndicates: Groups performing planned long term embezzling through sophisticated attacks
• Organized Hackers: Rented criminals to piffer money from victims

Attributes of Threat Actors

• Internal: Trusted insiders with authorized access
• External: Outsiders without authorized access.
• Highly sophisticated threat actors are more successful.
• Resources/funding: How attacks are support financially
• Intent/motivation: Actors can be connected to political or personal goals

Threat Vectors

• A threat vector is a medium through which an attacker gains system access
• Direct access, removable media, wireless connections, and email.
• Cloud services, ransomware/malware, supply chain, and business partners.

Malware Details

• Malware that damages or disables computer systems, giving limited or full control creating theft and aud
• Malware may track websites visited, degrade system performance, cause hardware failure, or steal data.
• The distribution includes instant messenger applications, downloading files, portable hardware, bugs in software, untrusted sites, and bluetooth.

Detailed Components of Malware

• Crypter to protect from reverse engineering.
• Downloader to get malware from the Internet.
• Dropper to install malware files covertly.
• Exploit to access info or install malware.
• Injector to inject code into other vulnerable running processes and changes how they execute to hide or prevent its removal
• Obfuscator to conceal code and purpose.
• Packer to bundle file for security bypass.
• Payload that controls a computer system.
• Malicious Code can steal data and create backdoors

Types of Malware

• Trojans, viruses, ransomware, computer worms, rootkits, PUAs, spyware, keyloggers and fileless malware.

Identifying Trojan activity

• Computer blinks, settings change, websites open without user input, antivirus turns off and popup appears

Default Passwords

• Change password when prompted
• Do not change password (unsecure) and leave as default (brute force attack)

System Sprawling

• Vulnerability rises within a organizational network an increases.

Operating System Flaws

- Attacks uses OS systems, trojans and spyware
- Results to data theft and manipulation

Network Security

• Security policies implemented to keep consistent for implementation, awareness and lack of information </existing_notes>