Introduction to Cyber Security Basics

Questions and Answers

PDF Questions PDF Answers

What is the primary goal of the Cyber Kill Chain framework?

To completely eliminate adversaries.

To analyze adversary campaigns.

To identify and prevent cyber intrusions. (correct)

To enhance cryptographic protocols.

At which stage of the Cyber Kill Chain must an adversary succeed to achieve their goal?

Any stage as long as they gather intelligence.

All stages up to Actions on Objectives. (correct)

Only the Delivery stage.

The Weaponization stage only.

Which stage of the Cyber Kill Chain involves adversaries conducting research to identify targets?

Command and Control

Delivery

Exploitation

Reconnaissance (correct)

What can deter an adversary at any stage of the Cyber Kill Chain?

Increased visibility of network traffic.

How can defenders gain intelligence from intrusions?

By analyzing every phase of the attack.

Which of these steps is NOT part of the Cyber Kill Chain?

Planning

What does an adversary aim to achieve at the Actions on Objectives stage?

To execute their final goal successfully.

Why is detecting reconnaissance challenging for defenders?

It is conducted discreetly and can be hard to recognize.

What role does a Chief Information Security Officer (CISO) fulfill in their organization?

Managing cyber security governance

Which of the following is NOT typically included in a cyber security risk assessment?

Conducting employee performance reviews

Which group is typically motivated by monetary gains?

Cyber Criminals

Why is not every system or asset within an organization considered an equal target?

Some systems yield higher impacts than others

Which of these high-impact attacks involved geopolitics significantly?

Stuxnet attack on Iranian Nuclear plant

What is one of the primary reasons attackers may target critical infrastructure?

To disable a nationally critical organization or system

Which of the following statements about cyber security controls is true?

They should aim to manage cyber risk effectively

What is a key component of a Cyber Crisis Management Playbook?

Procedures for addressing cyber incidents

What is the primary purpose of collecting website visitor logs?

For historical searching and alerting

Which step is NOT part of the weaponization process?

Harvester email addresses from website logs

What must defenders analyze to better understand malware?

The timeline of how and when malware was created

What is the consequence of reusing a weaponizer toolkit?

It indicates new malware campaigns may be emerging

What should adversaries prioritize around technologies or individuals?

Defenses based on reconnaissance activities

What characterizes 'malware off the shelf'?

It refers to widely shared common malware

Which action should be taken following the identification of weaponizer artifacts?

Document their reuse across APT campaigns

Which option does NOT assist in building detections for browsing behavior?

Harvesting email addresses from website visitors

Study Notes

Cyber Kill Chain Goals

• The primary goal of the Cyber Kill Chain framework is to understand the stages of an adversary's attack.
• To achieve their goal, an adversary must succeed at the Actions on Objectives stage of the Cyber Kill Chain.
• The Reconnaissance stage of the Cyber Kill Chain involves adversaries researching and identifying possible targets.

Deterrence and Intelligence

• Strong cyber security defenses can deter adversaries at any stage of the Cyber Kill Chain.
• Defenders can gain intelligence from intrusions by analyzing logs, network traffic, and other evidence.

Cyber Kill Chain Stages

• Exploitation is NOT part of the Cyber Kill Chain.
• Adversaries aim to achieve their objectives or steal valuable data at the Actions on Objectives stage.
• Reconnaissance is challenging to detect because adversaries can use a variety of methods, including open-source intelligence.

Roles and Responsibilities

• A Chief Information Security Officer (CISO) oversees their organization's overall cyber security strategy.
• Legal and regulatory requirements are NOT typically included in a cyber security risk assessment.

Cybercrime Motivations

• Financially motivated groups are typically driven by monetary gains.
• Not every system or asset within an organization is considered an equal target because some systems may be more valuable or sensitive than others.
• Geopolitics played a significant role in the NotPetya attack.

Attack Targets and Consequences

• Attackers may target critical infrastructure to disrupt essential services or cause economic damage.
• Cyber security controls can be layered and proactive, but require constant improvement and adaptation.
• A Cyber Crisis Management Playbook outlines procedures for responding to cyber security incidents.

Website Logs and Weaponization

• Collecting website visitor logs is primarily used to understand user behavior and improve website performance.
• Coding malware is NOT part of the weaponization process.

Malware Analysis and Weaponizer Toolkits

• To better understand malware, defenders must analyze its behavior, capabilities, and code.
• Reusing a weaponizer toolkit increases the risk of detection by defenders.

Adversary Prioritization and Weaponizer Artifacts

• Adversaries should prioritize technologies and individuals based on their value and vulnerability.
• 'Malware off the shelf' refers to pre-built malware that is readily available for purchase.
• Weaponizer artifacts should be identified and analyzed to help understand the adversary's tactics and techniques.

Browsing Behavior Detection

• Analyzing network traffic is NOT helpful in building detections for browsing behavior.

Description

This quiz covers the fundamental concepts of cyber security, including identifying assets and systems, protecting them from threats, detecting unauthorized activities, responding to breaches, and recovering from incidents. It also explores different types of attackers and their motivations in the cyber landscape.