Security Risks of Compromised Devices

Questions and Answers

What is a potential security risk if a user accesses corporate SaaS applications from a personal device that has been compromised?

Improved security awareness

Compromise of the company's data (correct)

Data encryption

Stronger passwords

What is the primary goal of conducting security awareness training?

To mitigate threats against the end user (correct)

To focus on authentication and authorization

To implement technical security controls

To educate users about password management

What is the primary attack vector used by cybercriminals to gain access to a network?

Denial of Service attacks

Phishing attacks

Stealing credentials (correct)

Malware attacks

What is an example of a Multi-Factor Authentication method?

ID/Password + One-time password

What is the new perimeter in terms of security?

User's identity

What is a primary concern with data at rest on a user's device?

Unauthorized or malicious process could read or modify the data

What is a recommended countermeasure for data in transit?

Valid certificates with SSL/TLS

What is the most common cause of the costliest data breaches?

Malware (viruses and Trojans)

What is a risk associated with Bring Your Own Device (BYOD) practices?

Unauthorized or malicious process could read or modify the data

What is the primary reason why the top three cybersecurity challenges are often correlated to?

Human error

What is the primary goal of a targeted attack?

To compromise different systems across the network

What is a recommended method for protecting data at rest on-premise or in the cloud?

Disk encryption

What is the term used to describe the process of navigating a network after gaining initial access?

Lateral movement

What is the name of the ransomware attack that shocked the world in May 2017?

Wannacry

Why do targeted attacks often involve a long period of planning and public reconnaissance?

To gather information about the target system

What should the Blue Team do when the Red Team successfully breaches the system?

Triage the incident, scope the breach, and create a remediation plan

What is the purpose of cataloging evidence as an Indication of Compromise (IoC)?

To determine the severity of the breach

What is the primary goal of the Blue Team's remediation plan?

To isolate or evict the adversary and recover from the breach

What is the benefit of conducting a triage of the incident?

To determine the urgency of the need for protection

What is the assumption underlying the Blue Team's response to a breach?

That a breach is inevitable if someone wants to get in

What is the primary intent of government-sponsored cyber attacks?

To steal information that can be used against the hacked party

What is the main reason companies failed to protect themselves from Wannacry?

Failure to implement an effective vulnerability management program

What is the main benefit of the Red and Blue Team approach in cybersecurity?

Simulating attacks to demonstrate their effectiveness

What is the significance of the 59-day gap between the patch release and the Wannacry attack?

It highlights the importance of timely vulnerability management

What is the recommended response to government-sponsored cyber attacks?

Investing more in threat intelligence, machine learning, and analytics

What is the primary focus of the Mean Time to Compromise (MTTC) metric?

The time it takes to compromise a target from the initiation of an attack

What is the primary responsibility of the Blue Team in terms of security metrics?

Estimated Time to Detection (ETTD) and Estimated Time to Recovery (ETTR)

What is the primary action the Blue Team should take when the Red Team breaches the system?

Save evidence of the breach

What is the limitation of the Estimated Time to Detection (ETTD) and Estimated Time to Recovery (ETTR) metrics?

They are not 100% precise and may not accurately reflect the time of the breach

What is the ultimate goal of the Red Team in terms of privilege escalation?

To gain administrative privilege on the target

What is the main objective of the Red Team in a penetration testing exercise?

To break through the current security controls

What is a crucial skill set for members of the Red Team?

All of the above

What is the Blue Team's primary responsibility?

To ensure the assets are secure and rapidly remediate vulnerabilities

What is the significance of the Red Team being aware of current trends and attacks?

To understand how current attacks are taking place

What is the ultimate goal of penetration testing?

To improve the organization's security posture

What is a crucial aspect of the Red Team's composition?

Members with different skill sets

What is the primary benefit of conducting penetration testing?

To improve the organization's security posture and rapidly remediate vulnerabilities

What is the role of the Red Team in an organization?

To perform an attack and penetrate the environment

What is the significance of the Red Team's awareness of the organization's industry?

To understand the current threat landscape

What is the ultimate goal of the Blue Team?

To ensure the assets are secure and rapidly remediate vulnerabilities