S3
61 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following is NOT a practice related to Authorization and Authentication?

  • Least Privilege
  • Whitelisting
  • Need to Know
  • Firewall (correct)

    • What is the primary difference between Need to Know and Least Privilege principles?

  • Need to Know applies to data, while Least Privilege applies to access to a system. (correct)
  • Need to Know is a more restrictive principle than Least Privilege.
  • Need to Know is used during the provisioning stage, while Least Privilege is implemented after the user has been provisioned.
  • Need to Know is used for physical security, while Least Privilege is used for logical security.

    • What is the primary goal of Whitelisting?

  • Identifying and removing malicious software from a system.
  • Creating a list of trusted users who are allowed to access a system.
  • Allowing only approved applications to run on a system. (correct)
  • Blocking unauthorized users from accessing a system.

    • Which of the following authentication technologies is considered a form of multi-factor authentication?

    <p>Biometrics</p> Signup and view all the answers

    What is the main purpose of Context Aware Authentication?

    <p>Using user location and other data points to validate user identity.</p> Signup and view all the answers

    What is the main purpose of a digital signature?

    <p>To ensure the integrity of a message by verifying the sender's identity.</p> Signup and view all the answers

    Which of the following is NOT a component of the NIST Cybersecurity Framework?

    <p>Maintain</p> Signup and view all the answers

    What is the primary purpose of the Common Vulnerabilities and Exposures (CVE) Dictionary?

    <p>To provide a standardized way of identifying and reporting cybersecurity vulnerabilities.</p> Signup and view all the answers

    Which of the following is NOT a type of security control?

    <p>Directive</p> Signup and view all the answers

    What is the main difference between Discretionary Access Control and Mandatory Access Control?

    <p>Discretionary Access Control is more flexible than Mandatory Access Control.</p> Signup and view all the answers

    Which access control method allows administrators to set permissions based on specific criteria defined by rules?

    <p>Rule-Based Access Control</p> Signup and view all the answers

    Which of the following is a network security tool used to identify suspicious activity and alert administrators?

    <p>Intrusion Detection System</p> Signup and view all the answers

    Which of the following is NOT a corrective control?

    <p>Security Audits</p> Signup and view all the answers

    What is the concept of 'Defense in Depth' in cybersecurity?

    <p>Using multiple layers of security to protect systems and data.</p> Signup and view all the answers

    Which of the following is NOT a recommended practice for password management, as per NIST SP800-63B?

    <p>Passwords should be based on personal information like names or birthdays.</p> Signup and view all the answers

    What is the purpose of the 'Protect' function within the NIST Cybersecurity Framework?

    <p>Developing and implementing safeguards to prevent vulnerabilities from being exploited.</p> Signup and view all the answers

    Which of the following is an example of a preventative control?

    <p>Encryption</p> Signup and view all the answers

    What is the most critical component of an incident response plan?

    <p>Human capital</p> Signup and view all the answers

    Which model of incident response teams is best suited for geographically widespread organizations?

    <p>Distributed Incident Response Team</p> Signup and view all the answers

    During which phase of the General Incident Response Plan does the organization ensure no further damage occurs?

    <p>Containment</p> Signup and view all the answers

    What type of event is defined as any intentional or unintentional event with negative consequences on systems?

    <p>Adverse Event</p> Signup and view all the answers

    Which of the following is NOT a testing method for incident response plans?

    <p>User Training Sessions</p> Signup and view all the answers

    What does the Mean Time to Repair metric measure in incident response?

    <p>Time taken to actually fix the problem</p> Signup and view all the answers

    Which organization is known for creating various recovery frameworks besides NIST?

    <p>ISO</p> Signup and view all the answers

    Which of the following losses would be covered by a cyber insurance policy?

    <p>Cyber extortion losses</p> Signup and view all the answers

    Which of the following is NOT considered a threat agent in cybersecurity?

    <p>Algorithmians</p> Signup and view all the answers

    What is the main purpose of a Denial of Service (DoS) attack?

    <p>To disrupt network operations by flooding the system</p> Signup and view all the answers

    Which of the following attacks involves injecting malicious SQL code to manipulate a database?

    <p>SQL Injection</p> Signup and view all the answers

    How does a Reverse Shell attack initiate communication?

    <p>By sending a malicious email that bypasses the firewall</p> Signup and view all the answers

    Which of the following is a characteristic of a brute-force attack?

    <p>Systematic testing of all possible passwords</p> Signup and view all the answers

    What type of malware installs a copy on a computer's memory and can remain active even after a reboot?

    <p>Resident Virus</p> Signup and view all the answers

    Which attack uses methods not originally intended for data transmission to communicate?

    <p>Covert Channels</p> Signup and view all the answers

    What is the main goal of a Social Engineering attack?

    <p>To manipulate individuals into divulging confidential information</p> Signup and view all the answers

    Which type of attack aims to manipulate application behavior by forcing operations to execute out of order?

    <p>Race Condition</p> Signup and view all the answers

    Which of the following is an example of spoofing in cybersecurity?

    <p>Creating a fake email address to impersonate an organization</p> Signup and view all the answers

    Which of the following correctly describes the primary goal of Data Loss Prevention (DLP)?

    <p>To detect and prevent attempts to transfer sensitive info out of the organization electronically.</p> Signup and view all the answers

    What is the main difference between privacy and confidentiality?

    <p>Privacy gives individuals control over personal data while confidentiality protects unauthorized access to that data.</p> Signup and view all the answers

    In which way does obfuscation protect sensitive information?

    <p>By replacing sensitive data with less valuable data.</p> Signup and view all the answers

    What type of encryption uses both a public key for encryption and a private key for decryption?

    <p>Asymmetric encryption</p> Signup and view all the answers

    What is the purpose of conducting a walk-through in a security context?

    <p>To evaluate program logic and simulate disaster scenarios.</p> Signup and view all the answers

    Which of the following is NOT a part of a Security Assessment Report (SAR)?

    <p>Detailed cost analysis</p> Signup and view all the answers

    What does the 're-click rate' measure in phishing simulations?

    <p>Percentage of employees who click on multiple phishing emails.</p> Signup and view all the answers

    Which type of Data Loss Prevention (DLP) system focuses on endpoint devices?

    <p>Endpoint-Based DLP</p> Signup and view all the answers

    Which encryption method is often considered the highest form of data protection?

    <p>Encryption in general</p> Signup and view all the answers

    Which of the following best describes the role of a Security Program Champion?

    <p>A team member who champions security efforts across departments.</p> Signup and view all the answers

    What is the name of the security protocol that encrypts wireless internet connections between routers, switches, and mobile devices?

    <p>WiFi Protected Access (WPA)</p> Signup and view all the answers

    Which of the following is NOT a commonly used methodology for threat modeling?

    <p>NIST</p> Signup and view all the answers

    What is the primary goal of 'system hardening' in cybersecurity?

    <p>Reducing the number of access points attackers can exploit</p> Signup and view all the answers

    Which of the following cyberattacks targets specific employees within an organization?

    <p>Spear phishing</p> Signup and view all the answers

    Which of the following is NOT a risk related to cloud computing?

    <p>Device mismanagement</p> Signup and view all the answers

    What is the primary purpose of a Bring Your Own Device (BYOD) policy?

    <p>To allow employees to access company data from their personal devices</p> Signup and view all the answers

    Which of the following is a type of social engineering attack that uses a phone call to deceive a victim?

    <p>Vishing</p> Signup and view all the answers

    What is the purpose of 'Network Segmentation' in cybersecurity?

    <p>To isolate different parts of the network from each other</p> Signup and view all the answers

    Which of the following is NOT a key component of the COSO Internal Control Framework?

    <p>Threat Modeling</p> Signup and view all the answers

    Which of the following is a common example of "Device Spoofing" in the context of IoT (Internet of Things) security?

    <p>Using a fake IoT device to gain access to a network</p> Signup and view all the answers

    What is the primary purpose of "Reconnaissance" in the stages of a cyberattack?

    <p>Collecting information about the target</p> Signup and view all the answers

    What is the main focus of the "STRIDE" threat modeling methodology?

    <p>Identifying potential threats and vulnerabilities</p> Signup and view all the answers

    Which of the following is NOT a characteristic of a "Watering Hole Attack"?

    <p>Adding malicious code to prepackaged software</p> Signup and view all the answers

    What is the main difference between "Phishing" and "Spear Phishing"?

    <p>Phishing attacks are less sophisticated and less targeted than spear phishing attacks</p> Signup and view all the answers

    Which of the following is a core principle of "Database Hardening"?

    <p>Assigning different privilege levels between admin users</p> Signup and view all the answers

    What is the primary aim of "Endpoint Hardening" in cybersecurity?

    <p>Minimizing the attack surface on individual devices</p> Signup and view all the answers

    Study Notes

    Cybersecurity Threats and Attacks

    • Cybersecurity protects organizational IT infrastructure and data from malicious actors through technology, internal controls, and best practices.
    • Threat agents include attackers, hackers, adversaries (with incentives to hack), government/state-sponsored actors, hacktivists (for social/political causes), insiders, and external threats.

    Types of Cyberattacks

    • Network-Based Attacks: Exploit network infrastructure to disrupt operations. Examples include:
      • Backdoors/trapdoors
      • Covert channels
      • Buffer overflows
      • Denial-of-service (DoS) attacks (including DDoS)
      • Man-in-the-middle (MITM) attacks
      • Port scanning
      • Ransomware
      • Reverse shell attacks
      • Replay attacks
      • Return-oriented programming (ROP) attacks
      • Spoofing (including ARS, DNS, and hyperlink spoofing)
    • Application-Based Attacks: Target applications. Examples include:
      • SQL injection
      • Cross-site scripting (XSS)
      • Race conditions
      • Mobile code attacks (overwrite, multi-partite, parasitic, polymorphic, resident viruses)
    • Host-Based Attacks: Focus on individual hosts (laptops, servers, mobile devices). Examples include:
      • Brute-force attacks
      • Keylogger attacks
      • Malware (viruses, worms, Trojans, adware, spyware)
      • Rogue mobile apps
    • Social Engineering Attacks: Manipulate individuals to gain access. Examples include:
      • Phishing (including spear phishing, business email compromise/whaling, and pharming)
      • Pretexting
      • Catfishing
      • Vishing
    • Physical Attacks (On-Premises): Target physical hardware. Examples include:
      • Intercepting discarded equipment
      • Piggybacking
      • Tampering (e.g., rewiring cabling, adding unauthorized devices)
      • Theft
    • Supply Chain Attacks: Target vulnerabilities in software or hardware supply chains. Examples include:
      • Embedded malware
      • Foreign-sourced attacks
      • Pre-installed malware
      • Vendor attacks
      • Watering hole attacks

    Stages of a Cyberattack

    • Reconnaissance: Information gathering about target.
    • Gaining Access: Entering targeted system through vulnerabilities.
    • Escalation of Privileges: Increasing access levels.
    • Maintaining Access: Remaining in the system.
    • Network Exploitation/Exfiltration: Malicious activity, data theft.
    • Covering Tracks: Removing evidence of intrusion.
    • Cloud Computing: Additional industry exposure, malware injection, compliance violations, data loss, loss of control/visibility, multi-cloud/hybrid management, IP theft.
    • Mobile Technologies: Application malware, lack of updates/encryption, physical threats, unsecured Wi-Fi, location tracking.
    • Internet of Things (IoT): Device mismanagement (changing defaults), device spoofing, expanded attack surface, cyberattacks, information theft, outdated firmware, malware/network attacks.

    Threat Modeling Methodologies

    • PASTA (Process for Attack Simulation and Threat Analysis): Structured approach to simulations.
    • VAST (Visual, Agile, and Simple Threat): Scalable threat analysis.
    • STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service, Elevation of Privilege): Common threat categories.

    Security Mitigation Strategies

    • COSO Framework: Business objectives (Operations, Record Keeping, Compliance). Five components of Internal Control (Control environment, Risk Assessment, Information & Communication, Monitoring, Control Activities).
    • Security Policies: Comprehensive guidelines for security implementation. Examples include Acceptable Use Policy, Bring Your Own Device (BYOD) policy, Network Segmentation/Isolation.
    • Security Technologies: VPNs, SSID use, system hardening, MAC filtering.
    • Authentication/Authorization: Zero trust, least privilege, need-to-know, whitelisting. Authentication methods include context-aware, digital signatures, SSO, MFA, PIN, smart cards, tokens, biometrics.
    • Password Management: Recommendations like complexity (length, character types), frequency of changes, and avoiding personal information.
    • Vulnerability management: NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover). CVE Dictionary.
    • Layered Security: Combining physical, logical, and administrative controls for defense in depth.

    Security Assessment Methods

    • Security Assessment Reports (SARs): Document findings, including summary, methodology, findings, recommendations, and action plans.
    • Security Awareness: Training and awareness programs. Phishing simulations, champions, engagement, materials.

    Confidentiality and Privacy

    • Confidentiality vs. Privacy: Confidentiality protects unauthorized access/disclosure of information, privacy protects individual rights; individuals control it.
    • Obfuscation, Tokenization, Masking, Encryption: Techniques for protecting sensitive data.
    • Data Loss Prevention (DLP): Prevents unauthorized data transfer. Types include network-based, cloud-based, endpoint-based.
    • Safeguards for data at rest: Physical, Digital, Access Controls, Change Management, Backups.
    • Walk Throughs: Understanding security/privacy procedures. Types such as Read, Structured, and Fire Drills.

    Incident Response

    • Incident Response Plan (IRP): Procedures, people, and info for detecting, responding to, and reducing consequences of attacks.
    • Incident Response Timeline: IRP showing incident occurrence, detection, containment, eradication, recovery to normal operations.
    • NIST Response Team Models: Centralized, Distributed, Coordinating.
    • General Incident Response Plan (PDCERRL): Preparation, Detection, Containment, Eradication, Reporting, Recovery, Learning.
    • Testing IRP Plans: Simulations, metrics, post-incident reviews, periodic audits, continuous monitoring.
    • Insurable Losses: Business interruption, extortion, response costs, system replacement, legal fees, reputation damage, information/identity theft.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz explores various types of cybersecurity threats and attacks, including network-based and application-based attacks. Understand the different threat agents and their motivations, as well as the specific tactics used in these cyberattacks. Test your knowledge on how to protect organizational IT infrastructure.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser