SENG 411 Cyber Security Quiz

Questions and Answers

What are the primary focuses of defense in cybersecurity?

• Prevention and threat detection (correct)
• Increasing attack surfaces and exploiting vulnerabilities
• Alerting stakeholders about potential vulnerabilities
• Hacking systems to test their resilience

What distinguishes a threat from a vulnerability in cybersecurity?

• Threats only arise if vulnerabilities are exploited.
• A vulnerability refers to a threat that is likely to occur.
• A vulnerability is an actual attack while a threat can be merely a suggestion.
• A threat is an actual attack whereas a vulnerability is a potential weakness. (correct)

Which of the following is NOT a basic component of cybersecurity?

• Encryption (correct)
• Threat
• Vulnerability
• Countermeasure

In the context of cybersecurity, what does a countermeasure aim to do?

Prevent a vulnerability from being exploited (D)

How was cyber warfare recognized as a significant threat in 2011?

The Pentagon classified it as the fifth domain of battle. (B)

What does the principle of confidentiality in information security ensure?

Information is accessible only to authorized users. (A)

Why is integrity important in information security?

It prevents unauthorized modifications to data. (A)

Which of the following is closely related to the availability principle in information security?

Disaster recovery plans. (D)

What does non-repudiation guarantee in the context of information security?

That the sender cannot deny sending a message. (C)

In the context of info assurance, what additional elements are combined with the CIA triad?

Authenticity and non-repudiation. (C)

Which method is primarily used to ensure data integrity?

Hash functions. (B)

To verify the identity of a user, which type of authentication is NOT commonly used?

Something you interact with (mouse). (D)

How is authenticity typically ensured in communications?

By checking identities and using digital signatures. (B)

What is the primary aim of information security?

To ensure the confidentiality, integrity, and availability of information (B)

Which of the following is NOT a component of the hacking methodology discussed?

Distributing malware (A)

What does the term 'APT' refer to in the context of malware threats?

Advanced Persistent Threat (C)

Which type of encryption involves a single key for both encryption and decryption?

Symmetric encryption (D)

Which session hijacking technique involves intercepting communication between the user and the server?

Man-in-the-Middle Attack (D)

What is one of the main purposes of digital forensics in security operations?

To analyze and preserve digital evidence (B)

What is a primary focus of risk management in security governance?

Identifying, assessing, and prioritizing risks (D)

Which of these topics is covered under mobile and cloud security?

Threats and countermeasures (A)

What is the primary focus of ethical hacking?

Test and improve security systems (A)

Which concept is closely associated with the analysis and prevention of social engineering threats?

User training and awareness (A)

What is considered a passive attack?

Intercepting and monitoring network traffic (A)

Which motive is related to disrupting the operational capabilities of a business?

Disrupting business continuity (B)

Which of the following is an active attack?

DNS and ARP poisoning (C)

What characterizes insider attacks?

Trusted individuals exploit privileged access. (B)

Which type of attack involves an attacker being in physical proximity to the target?

Close-in attack (C)

What is the main goal of distribution attacks?

To tamper with hardware or software prior to installation (D)

Which method is typically associated with footprinting?

Gaining information about a target's IP address range (C)

Which technique is commonly used in active attacks?

Spoofing attacks (D)

Which motive involves seeking revenge on an individual or organization?

Taking revenge (C)

What type of attack includes methods like dumpster diving and shoulder surfing?

Close-in attack (C)

What is the primary role of the blue team in cybersecurity?

Defend against attackers and red teams (C)

What is a disadvantage of conducting black box penetration testing?

It can leave parts of the infrastructure untested (D)

What is the purpose of penetration testing tools?

Simulate real-world attack scenarios (B)

What is a significant pro of white box penetration testing?

Maximizes the testing time available (B)

What must be established before beginning a penetration test?

Rules of Engagement including IP addresses (C)

Which of the following best describes 'defense in depth'?

Multiple protection layers across the infrastructure (D)

What is the definition of cyber resilience?

Maintaining functionality despite adverse cyber events (C)

What is a key limitation of black box testing compared to white box testing?

It has a narrower testing scope (B)

What is the primary purpose of vulnerability analysis?

To examine the effectiveness of security controls (C)

Which phase is NOT part of system hacking methodology?

Threat Modeling (C)

What do Tactics, Techniques, and Procedures (TTPs) help identify?

Behavior of threat actors during attacks (C)

Which of the following is NOT a category of Indicators of Compromise (IoCs)?

Environmental Indicators (A)

What best describes the role of the Cyber Kill Chain methodology?

To enhance intrusion detection and response (A)

Which of the following is a technique used in the social engineering stage of an attack?

Sending spoof emails to collect information (D)

Which type of actions does the procedures within TTPs describe?

The sequence of actions performed by attackers (B)

What type of data is NOT considered as an indicator of compromise?

Standard firewall configurations (D)

What is a key aspect of the MITRE ATT&CK Framework?

A globally accessible knowledge base of adversary tactics and techniques (C)

What is NOT one of the four categories of IoCs?

File Indicators (A)

Which of the following describes 'Tactics' in the context of TTPs?

Guidelines that outline how attackers approach their attacks (B)

Which of the following is a common sign of a potential intruder within a network?

Increased database read volume (C)

Which of these is NOT part of the phases that attackers follow according to the Cyber Kill Chain?

Data Collection (A)

Flashcards

Cyber Security

Protection of computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction, to ensure confidentiality, integrity, and availability.

Information Security (InfoSec)

Protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction, emphasizing confidentiality, integrity, and availability.

Confidentiality

Ensuring that information is only accessible to authorized users.

Integrity

Guaranteeing that information is accurate and hasn't been altered without authorization.

Availability

Ensuring that authorized users can access information and resources when needed.

Symmetric Encryption

Uses the same key for encryption and decryption.

Asymmetric Encryption

Uses separate keys for encryption and decryption.

Hacking Methodology

Systematic approaches used by hackers to gain unauthorized access to computer systems or networks.

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.

Social Engineering

Tricking people into revealing confidential information or performing actions that compromise security.

Information Security (InfoSec)

The practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Confidentiality

Ensuring that information is accessible only to authorized individuals or systems.

Integrity

Maintaining the trustworthiness and accuracy of data by preventing unauthorized changes.

Availability

Ensuring that information systems and data are accessible to authorized users when needed.

Authenticity

Verifying the identity of a user or entity before granting access.

Non-repudiation

Guaranteeing that a sender or receiver cannot deny sending or receiving a message or data.

Cyber Security

Protecting the use of cyberspace and anything in the digital realm from malicious attacks.

IT Security

The protection of information technologies.

Cybersecurity

Protecting digital assets and infrastructure from cyberattacks, minimizing risks and impacts.

Defense (in Cybersecurity)

The process of protecting critical digital assets by preventing attacks, hardening systems, and detecting threats.

Cyberwarfare

The use of digital attacks in warfare, considered a fifth domain of battle alongside land, sea, air, and space.

Vulnerability (in Cybersecurity)

A weakness in a system that, if exploited, can lead to damage or loss.

Risk (in Cybersecurity)

The potential for loss, damage, or destruction of an asset due to a threat exploiting a vulnerability.

Blue Team

The cyber security team that defends against attackers and red teams.

Red Team

Ethical hackers who simulate attacks to test security.

Penetration Test (PenTest)

Assessing security by simulating real-world attacks.

White Box PenTest

Security testing with full knowledge of the system.

Black Box PenTest

Security testing with no prior knowledge of the system.

Rules of Engagement (RoE)

Official permission for penetration testing, outlining specific boundaries and parameters.

Defense in Depth

Using multiple layers of security for enhanced protection.

Cyber Resilience

Ensuring continued operation despite cyber threats.

Cybersecurity Attacks

Attacks motivated by a goal (motive), utilizing specific methods to exploit vulnerabilities in a target system.

Attack Motives

Reasons behind cyberattacks, ranging from disrupting operations to gaining financial gain or achieving political objectives.

Passive Attacks

Cyberattacks that observe and monitor network traffic without altering data.

Active Attacks

Cyberattacks that actively alter or disrupt data and systems.

Close-in Attacks

Attacks where the attacker is physically near the target.

Insider Attacks

Attacks from within a trusted environment via privileged access to critical assets.

Distribution Attacks

Attacks that involve compromising systems before installation or use.

Footprinting

Gathering information about a target system before launching an attack.

Ethical Hacking Process

A step-by-step process mirroring attack methodology, but with ethical intent instead.

Reconnaissance

The pre-attack stage involving gathering data like IP addresses and employee information about the target.

Enumeration (Cybersecurity)

Actively querying a target system to gain info like user lists, routing tables, security flaws, and shared resources.

Vulnerability Analysis

Assessing a system's security weaknesses, including existing security measures.

System Hacking Methodology

A series of steps followed by attackers to breach a system: gain access, escalate privileges, maintain access, and cover tracks.

Cyber Kill Chain

A methodology for identifying and preventing malicious activity.

TTPs (Tactics, Techniques, Procedures)

Activities and methods used by attackers; categorized into tactics (overall approach), techniques (specific actions), and procedures (step-by-step actions).

Tactics (in TTPs)

The overall method or guidelines for attacking a target.

Techniques (in TTPs)

Specific methods used by attackers to achieve intermediate steps during an attack.

Procedures (in TTPs)

Sets of actions attackers follow to carry out tactics.

Indicators of Compromise (IoCs)

Clues, artifacts, or data indicating possible malicious activity.

MITRE ATT&CK Framework

A publicly available knowledge base of adversary tactics and techniques.

Amateur Attacker

A hacker with little to no experience and limited motivations.

Email Indicators (IoCs)

Clues related to emails, like sender, subject, or attachments that might indicate a malicious activity.

Network Indicators (IoCs)

Network-related artifacts, such as URLs, domain names, or IP addresses, that could reveal malicious activity.

Host-Based Indicators (IoCs)

Suspicious activity on a host machine, such as files, registry keys, or DLLs that should not be present, that might hint at breach.

Behavioral Indicators (IoCs)

Unusual behaviors on a system or network, like code injection or PowerShell script execution, that could point to malicious activity.

Study Notes

Course Information

• Course name: SENG 411 Cyber Security
• Instructor: Dr. Emin Emrah Özsavaş
• Email: [email protected]

Course Aims & Scope

• Describe the elements of cyber security
• Explain cyber threats and attacks
• Describe hacking methodologies
• Understand security controls and countermeasures
• Understand security governance

Textbooks & Material

• Ethical Hacking and Countermeasures Ver. 12, EC-Council 2022
• Praise for CISSP All-in-One Exam Guide, Fernando Maymi, Shon Harris, McGraw Hill 2022
• Practical Information Security Management: A Complete Guide to Planning and Implementation, Tony Campbell, Apress 2016

Syllabus

• Week 1: Introduction and Basics - Language of security, overview, Identity and Access Management, System Architectures - Identification, authentication, authorization, access control, system architecture concepts
• Week 2: Identity and Access Management, Systems Architectures - Access control, architecture concepts, identity and access management
• Week 3: Cryptography - Symmetric and asymmetric encryption, hash functions, digital signatures
• Week 4: Network Security - Network attacks, security architectures, countermeasures
• Week 5: Hacking Methodology - Footprinting and reconnaissance, scanning networks, enumeration, vulnerability analysis
• Week 6: Hacking Methodology and Sniffing - System hacking (gaining access, escalating privileges, maintaining access, clearing logs) sniffing concepts and techniques
• Week 7: Malware Threats - Malware concepts, APT, trojan, virus, worm, analysis, countermeasures
• Week 8: Social Engineering and Session Hijacking - Concepts, threats, countermeasures
• Week 9: Web Server and Web Application Security - Concepts, threats, countermeasures
• Week 10: Mobile and Cloud Security - Concepts, threats, countermeasures
• Week 11: Wireless, IoT, and OT Security - Concepts, threats, countermeasures
• Week 12: Security Operations, Role of AI/ML - Threat intelligence, digital evidence and incident response, digital forensics, AI/ML in security posture
• Week 13: Security Governance - Risk management, organizational security, security implementation, secure system development
• Week 14: General Review

Grading

• Assignments & quizzes
• Midterm exam
• Final exam

InfoSec Concepts

• Information Security: Protection of information from unauthorized access, use, disclosure, disruption, modification, or destruction. Confidentiality, integrity, and availability are key aspects.
• Information Technology Security (IT Security): Protection of information technologies.
• Cybersecurity: Protecting cyberspace from cyberattacks. Includes information and non-information assets.

CIA Triad

• Confidentiality: Access is limited to authorized users.
• Integrity: Data and resources are trustworthy and free of unauthorized changes.
• Availability: Resources are accessible when needed by authorized users.

InfoSec Details

• Vulnerability: Weakness in a system that can be exploited.
• Threat: An action that exploits a vulnerability.
• Attack: Intentional exploitation of a vulnerability.
• Countermeasure: Measures to resolve vulnerabilities and mitigate threats.
• Risk: Potential for loss, damage, or destruction of an asset, resulting from a threat exploiting a vulnerability.

Cyber Security

• Motive: Goal behind cyberattacks,
• Attacks: Motive + Method + Vulnerability
• Cyberwarfare: Cyberattacks related to conflict (fifth domain of battle).
• Cyber Resilience: Delivering the intended outcome despite adverse cyber events.

Hacking Methodology (CEH)

• Footprinting: Gathering information about the target.
• Scanning: Identifying active hosts and open ports.
• Enumeration: Actively probing the target system.
• Vulnerability Analysis: Identifying weaknesses.
• System Hacking: Gaining access, escalating privileges, maintaining access, and clearing logs.
• Cyber Kill Chain: Methodology for understanding and preventing attacks (reconnaissance, weaponization, delivery, exploitation, installation, and actions on objectives).
• Tactics, Techniques, and Procedures (TTPs): Activities, methods, and procedures employed by attackers (tactics are high-level, techniques are specific actions, and procedures are the sequence).
• Indicators of Compromise (IOCs): Clues or artifacts indicating a possible intrusion.
• MITRE ATT&CK: Framework for understanding and responding to cyberattacks.

Penetration Testing (PenTesting)

• Methods: Black-box (no prior knowledge), White-box (complete knowledge), Gray-box (limited knowledge)
• Goals: Assessing security before an attack.
• Tools: Software that simulates real-world attacks.
• Rules of Engagement (RoE): Clear permission before starting with appropriate constraints.

Teams

• Blue Team: Defensive security team
• Red Team: Attack team, simulates malicious activity

Types of Attackers

• Amateur: Uses readily available tools
• Hacker (Cracker): Knows hacking techniques (intentional)
• State-Funded Spy: Government-supported
• Terrorist: Actively harmful agendas

Ethical Hackers' Attributes

• Professional and ethical values.
• No hidden agenda.
• Obtain permission.
• Proper reporting.
• No damage to systems tested.
• Technical expertise (OS, networking, attacks)
• Organizational security policies and standards.