18 Questions
The Cyber Kill Chain® is a model developed by academics and professionals to explain the vulnerability of systems to attack.
False
MITRE ATT&CK is a model used to illustrate attacks and vulnerabilities in systems.
True
The WannaCry ransomware attack was not discussed in the content of the text.
False
Engaging with external academic and professional resources is not important for a future career in cyber security.
False
Using the CLMS resources is mentioned as an important step in understanding advanced persistent threats.
False
Risk is not a significant topic in the field of cyber security.
False
An untargeted attack involves selective attacks on organizations.
False
Phishing, ransomware, and compromised credentials are examples of intentional threats caused by deliberate actions.
True
Reducing the attack surface refers to increasing the vulnerabilities through which unauthorized users can access a system.
False
APTs typically require low levels of investment in time and money due to their simplistic nature.
False
The Cyber Kill Chain® is a model designed to enhance APTs and make them more complex.
False
The attack surface could be divided into physical, digital, and weather-related surfaces.
False
The Cyber Kill Chain® has seven stages that can be disrupted or prevented by adopting appropriate cyber security controls.
True
The Simplified NCSC Kill Chain developed by the UK's National Cyber Security Centre has four stages.
True
The MITRE ATT&CK model was developed by The MITRE Corporation in 2013 and strictly follows a set order of tactics.
False
Each tactic in the MITRE ATT&CK model is further divided into different techniques used by attackers to compromise a computer system.
True
The 'Initial Access' tactic within the MITRE ATT&CK model contains five techniques.
False
Understanding assets, vulnerabilities, threats, and attacks is not essential in comprehending cyber security concepts.
False
Study Notes
Types of Attacks
- Untargeted attacks: involve indiscriminate attacks on organisations
- Advanced Persistent Threats (APTs): utilise multiple attack vectors over an extended period to compromise a system
Attack Vectors
- Examples of intentional threats caused by deliberate actions
- Include: Phishing, Ransomware, Third-party vendors and business partners, Compromised credentials, Misconfiguration, Unpatched vulnerabilities, No or inadequate encryption, Insider threats
Attack Surface
- The total number of vulnerabilities through which an unauthorised user can access a system
- Systems with large attack surfaces are more vulnerable than those with small surfaces
- Can be divided into three separate surfaces: digital attack surface, physical attack surface, and social engineering attack surface
Cyber Kill Chain
- A model for identifying and neutralising APTs
- Consists of seven steps, all of which must be successful for the attack to succeed
- Developed by Lockheed Martin in 2011
Simplified NCSC Kill Chain
- A simplified version of the Cyber Kill Chain with just four stages
- Developed by the UK's National Cyber Security Centre (NCSC) in 2016
MITRE ATT&CK
- A model developed by the MITRE Corporation in 2013
- Divided into different tactics with no strict order to follow
- Each tactic is further subdivided into techniques used by attackers to compromise a computer system
Test your knowledge on cybersecurity threats and attack vectors such as phishing, ransomware, compromised credentials, and insider threats. Learn about untargeted attacks, attack vectors, and the concept of attack surface.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
