Security Risks of Compromised Devices

Questions and Answers

What is a potential security risk if a user accesses corporate SaaS applications from a personal device that has been compromised?

• Improved security awareness
• Compromise of the company's data (correct)
• Data encryption
• Stronger passwords

What is the primary goal of conducting security awareness training?

• To mitigate threats against the end user (correct)
• To focus on authentication and authorization
• To implement technical security controls
• To educate users about password management

What is the primary attack vector used by cybercriminals to gain access to a network?

• Denial of Service attacks
• Phishing attacks
• Stealing credentials (correct)
• Malware attacks

What is an example of a Multi-Factor Authentication method?

ID/Password + One-time password (D)

What is the new perimeter in terms of security?

User's identity (A)

What is a primary concern with data at rest on a user's device?

Unauthorized or malicious process could read or modify the data (D)

What is a recommended countermeasure for data in transit?

Valid certificates with SSL/TLS (D)

What is the most common cause of the costliest data breaches?

Malware (viruses and Trojans) (B)

What is a risk associated with Bring Your Own Device (BYOD) practices?

Unauthorized or malicious process could read or modify the data (A)

What is the primary reason why the top three cybersecurity challenges are often correlated to?

Human error (D)

What is the primary goal of a targeted attack?

To compromise different systems across the network (D)

What is a recommended method for protecting data at rest on-premise or in the cloud?

Disk encryption (A)

What is the term used to describe the process of navigating a network after gaining initial access?

Lateral movement (A)

What is the name of the ransomware attack that shocked the world in May 2017?

Wannacry (B)

Why do targeted attacks often involve a long period of planning and public reconnaissance?

To gather information about the target system (B)

What should the Blue Team do when the Red Team successfully breaches the system?

Triage the incident, scope the breach, and create a remediation plan (A)

What is the purpose of cataloging evidence as an Indication of Compromise (IoC)?

To determine the severity of the breach (A)

What is the primary goal of the Blue Team's remediation plan?

To isolate or evict the adversary and recover from the breach (C)

What is the benefit of conducting a triage of the incident?

To determine the urgency of the need for protection (B)

What is the assumption underlying the Blue Team's response to a breach?

That a breach is inevitable if someone wants to get in (C)

What is the primary intent of government-sponsored cyber attacks?

To steal information that can be used against the hacked party (D)

What is the main reason companies failed to protect themselves from Wannacry?

Failure to implement an effective vulnerability management program (A)

What is the main benefit of the Red and Blue Team approach in cybersecurity?

Simulating attacks to demonstrate their effectiveness (A)

What is the significance of the 59-day gap between the patch release and the Wannacry attack?

It highlights the importance of timely vulnerability management (C)

What is the recommended response to government-sponsored cyber attacks?

Investing more in threat intelligence, machine learning, and analytics (B)

What is the primary focus of the Mean Time to Compromise (MTTC) metric?

The time it takes to compromise a target from the initiation of an attack (A)

What is the primary responsibility of the Blue Team in terms of security metrics?

Estimated Time to Detection (ETTD) and Estimated Time to Recovery (ETTR) (B)

What is the primary action the Blue Team should take when the Red Team breaches the system?

Save evidence of the breach (B)

What is the limitation of the Estimated Time to Detection (ETTD) and Estimated Time to Recovery (ETTR) metrics?

They are not 100% precise and may not accurately reflect the time of the breach (C)

What is the ultimate goal of the Red Team in terms of privilege escalation?

To gain administrative privilege on the target (D)

What is the main objective of the Red Team in a penetration testing exercise?

To break through the current security controls (B)

What is a crucial skill set for members of the Red Team?

All of the above (D)

What is the Blue Team's primary responsibility?

To ensure the assets are secure and rapidly remediate vulnerabilities (D)

What is the significance of the Red Team being aware of current trends and attacks?

To understand how current attacks are taking place (D)

What is the ultimate goal of penetration testing?

To improve the organization's security posture (B)

What is a crucial aspect of the Red Team's composition?

Members with different skill sets (A)

What is the primary benefit of conducting penetration testing?

To improve the organization's security posture and rapidly remediate vulnerabilities (B)

What is the role of the Red Team in an organization?

To perform an attack and penetrate the environment (B)

What is the significance of the Red Team's awareness of the organization's industry?

To understand the current threat landscape (D)

What is the ultimate goal of the Blue Team?

To ensure the assets are secure and rapidly remediate vulnerabilities (A)

Flashcards are hidden until you start studying