Cyber Security Fundamentals

Question 1

Blockchain

Answer 1

Data structure containing transactional record (stored as blocks) that ensures security and transparency through a vast, p2p network with no controlling agency.

Question 3

TTPs

Answer 3

Tactics
Techniques
Procedures

Question 4

Port Hopping

Answer 4

Allows adversaries to randomly change ports and protocols during a session.

Question 5

Cloud Computing Service Models

Answer 5

SaaS
IaaS
PaaS

Question 6

SaaS

Answer 6

the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure

Question 7

PaaS

Answer 7

the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.

Question 8

IaaS

Answer 8

the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include OSs and applications.

Question 9

SaaS Model

Answer 9

SaaS cloud service is hosted by the CSP and available to consumers through a pay-as-you-go model.

Question 10

Main function of PaaS

Answer 10

The main function of PaaS is to give a useful framework for developers to manage new product apps, build apps, and test apps.

Question 11

Primary Function of IaaS

Answer 11

The primary function of IaaS is to provide visual data centers to bjusinesses.

Question 12

Promiscuous Share

Answer 12

In a promiscuous share, a legitimate share is created for a user, but that user then shares with other people who shouldn’t have access.

Question 13

Ghost (or Stale) Share

Answer 13

In a ghost share, the share remains active for an employee or vendor that is no longer working with the company or should no longer have access.

Question 14

Payment Card Industry’s Data Security Standard

Answer 14

The Payment Card Industry’s Data Security Standard (PCI DSS) establishes its own cybersecurity standards and best practices for businesses and organizations that allow payment card purchases.

Question 15

European Union General Data Protection Regulations

Answer 15

The European Union (EU) General Data Protection Regulations (GDPR) apply to any organization that does business with EU citizens.

Question 16

Cybercriminals

Answer 16

Cybercriminals are the most common attacker profile

They are also known for the proliferation of bots and botnet attacks, where endpoints are infected and then organized collectively by a command-and-control, or C&C, attack server.

Question 17

Hacktivists

Answer 17

Hacktivist groups perform high-profile attacks in an attempt to showcase their political or social cause.

Question 18

Cyberterrorists

Answer 18

Cyberterrorist attacks often are associated with state affiliations and are focused on causing damage and destruction.

Question 19

Script Kiddies

Answer 19

Script kiddie is the name associated with novice attackers who use publicly available attack tools without fully realizing the implications of their actions.

Question 20

Cybercrime Vendors

Answer 20

Capitalizing on the service model of cloud computing, many threat actors now rent or sell their malware and exploits – including business email compromise (BEC) and ransomware – as cybercrime-as-a-service (CCaaS) offerings on the dark web

Question 21

Cyber Attack Lifecycle

Answer 21

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. C&C
7. Act on Objective

Question 22

Reconnaissance

Answer 22

They research, identify, and select targets, often extracting public information from targeted employees’ social media profiles or from corporate websites, which can be useful for social engineering and phishing schemes.

Question 23

Weaponization (Attack)

Answer 23

Attackers determine which methods to use to compromise a target endpoint.

Question 24

Delivery (Attack)

Answer 24

Attackers next attempt to deliver their weaponized payload to a target endpoint via email, IM, drive-by download (an end user’s web browser is redirected to a webpage that automatically downloads malware to the endpoint in the background), or infected file share.

Question 25

Exploitation (Attack)

Answer 25

After a weaponized payload is delivered to a target endpoint, it must be triggered. An end user may unwittingly trigger an exploit by clicking a malicious link or opening an infected attachment in an email. An attacker also may remotely trigger an exploit against a known server vulnerability on the target network.

Question 26

Installation (Attack)

Answer 26

an attacker will escalate privileges on the compromised endpoint, for example, by establishing remote shell access and installing rootkits or other malware.

Question 27

Command and Control (Attack)

Answer 27

Attackers establish encrypted communication channels back to command-and-control (C2) servers across the internet so that they can modify their attack objectives and methods as additional targets of opportunity are identified within the victim network, or to evade any new security countermeasures that the organization may attempt to deploy if attack artifacts are discovered.

Question 28

Act on Objective (Attack)

Answer 28

Attackers often have multiple, different attack objectives, including data theft; destruction or modification of critical systems, networks, and data; and denial-of-service (DoS).

Question 29

The Common Vulnerability Scoring System (CVSS)

Answer 29

a method for enumerating a vulnerability's key characteristics and generating a numerical score that reflects the vulnerability's severity.

Question 30

Logic Bombs

Answer 30

A logic bomb is malware that is triggered by a specified condition, such as a given date or a particular user account being disabled.

Question 31

Spyware and Adware

Answer 31

Spyware and adware are types of malware that collect information, such as internet surfing behavior, login credentials, and financial account information, on an infected endpoint.

Question 32

Rootkits

Answer 32

A rootkit is malware that provides privileged (root-level) access to a computer.

Question 34

Backdoors

Answer 34

A backdoor is malware that allows an attacker to bypass authentication to gain access to a compromised system.

Question 36

Ransomware

Answer 36

Ransomware is malware that locks a computer or device (Locker ransomware) or encrypts data (Crypto ransomware) on an infected endpoint with an encryption key that only the attacker knows, thereby making the data unusable until the victim pays a ransom (usually with cryptocurrency, such as Bitcoin). Reveton and LockeR are two examples of Locker ransomware.

Question 38

Virus

Answer 38

A virus is malware that is self-replicating but must first infect a host program and be executed by a user or process.

Question 39

Worms

Answer 39

A worm is malware that typically targets a computer network by replicating itself to spread rapidly.

Question 40

Obfuscation

Answer 40

Advanced malware often uses common obfuscation techniques to hide certain binary strings that are characteristically used in malware and therefore easily detected by anti-malware signatures. Advanced malware might also use these techniques to hide an entire malware program.

Question 41

Polymorphism

Answer 41

Some advanced malware has entire sections of code that serve no purpose other than to change the signature of the malware, thus producing an infinite number of unique signature hashes. Techniques such as polymorphism and metamorphism are used to avoid detection by traditional signature-based anti-malware tools and software. For example, a change of just a single character or bit of the file or source code completely changes the hash signature of the malware.

Question 42

Distributed

Answer 42

Advanced malware takes full advantage of the resiliency built into the internet itself. Advanced malware can have multiple control servers distributed all over the world with multiple fallback options.

Question 43

Multi-functional

Answer 43

Updates from C2 servers can also completely change the functionality of advanced malware.

Question 44

Attacker's Execute 5 Steps

Answer 44

Step 1: Compromise and Control a System or Device Step 2: Prevent Access to the System Step 3: Notify Victim Step 4: Accept Ransom Payment Step 5: Return Full Access

Question 45

Vulnerability

Answer 45

Vulnerabilities are routinely discovered in software at an alarming rate. Vulnerabilities may exist in software when the software is initially developed and released, or vulnerabilities may be inadvertently created, or even reintroduced, when subsequent version updates or security patches are installed.

Question 46

Exploit

Answer 46

An exploit is a type of malware that takes advantage of a vulnerability in an installed endpoint or server software such as a web browser, Adobe Flash, Java, or Microsoft Office.

Question 47

How Exploits are Executed

Answer 47

1. Creation 2. Action 3. Techniques 4. Heap Spary

Question 48

Timeline of Eliminating a Vulnerability

Answer 48

1. Software Deployed 2. Vulnerability Discovered 3. Exploits Begin 4. Public Announcement of Vulnerability 5. Patch Released 6. Patch Deployed 7. Protected by Vendor Patch

Question 49

________ is one of the most prevalent types of cyberattacks that organizations face today.

Answer 49

BEC

Question 50

Spam vs Spim vs Vish

Answer 50

Spam - Email Spim - instant message Vish - voicemail / robocalling

Question 51

Spear Phising

Answer 51

Spear phishing is a targeted phishing campaign that appears more credible to its victims by gathering specific information about the target, giving it a higher probability of success.

Question 52

Whaling

Answer 52

Whaling is a type of spear phishing attack that is specifically directed at senior executives or other high-profile targets within an organization. A whaling email typically purports to be a legal subpoena, customer complaint, or other serious matter.

Question 53

Watering Hole

Answer 53

Watering hole attacks compromise websites that are likely to be visited by a targeted victim-for example, an insurance company website that may be frequently visited by healthcare providers.

Question 54

Pharming

Answer 54

A pharming attack redirects a legitimate website’s traffic to a fake site, typically by modifying an endpoint’s local hosts file or by compromising a DNS server (DNS poisoning).

Question 55

Bots

Answer 55

are individual endpoints that are infected with advanced malware that enables an attacker to take control of the compromised endpoint.

Question 56

Botnet

Answer 56

A botnet is a network of bots (often tens of thousands or more) working together under the control of attackers using numerous servers.

Question 57

Instance of Bots and Botnets

Answer 57

In a botnet, advanced malware works together toward a common objective, with each bot growing the power and destructiveness of the overall botnet.

Question 58

Actions for Disabling a Botnet

Answer 58

Disabling Internet Access Monitor Local Network Activity Remove Infected Devices and Botnet Software Install Current Patches

Question 59

DDoS

Answer 59

A DDoS attack is a type of cyberattack in which extremely high volumes of network traffic such as packets, data, or transactions are sent to the target victim’s network to make their network and systems (such as an e-commerce website or other web application) unavailable or unusable.

Question 60

APT

Answer 60

Advanced Persistent Threats are a class of threats that are far more deliberate and potentially devastating than other types of cyberattacks.

Question 61

WEP

Answer 61

The WEP encryption standard is no longer secure enough for Wi-Fi networks.

Question 62

WPA2

Answer 62

WPA2-PSK supports 256-bit keys, which require 64 hexadecimal characters.

Question 63

WPA3

Answer 63

WPA3 was published in 2018. Its security enhancements include more robust bruteforce attack protection, improved hotspot and guest access security, simpler integration with devices that have limited or no user interface (such as IoT devices), and a 192-bit security suite. Newer Wi-Fi routers and client devices will likely support both WPA2 and WPA3 to ensure backward compatibility in mixed environments.

Question 64

Evil Twin

Answer 64

way for an attacker to find a victim to exploit is to set up a wireless access point that serves as a bridge to a real network.

Question 65

Jasager

Answer 65

To understand a more targeted approach than the Evil Twin attack, think about what happens when you bring your wireless device back to a location that you’ve previously visited.

Question 66

SSLstrip

Answer 66

After a user connects to a Wi-Fi network that’s been compromised–or to an attacker’s Wi-Fi network masquerading as a legitimate network–the attacker can control the content that the victim sees. The attacker simply intercepts the victim’s web traffic, redirects the victim’s browser to a web server that it controls, and serves up whatever content the attacker desires.

Question 67

Doppelganger

Answer 67

Wi-Fi Attacks Doppelganger is an insider attack that targets WPA3-Personal protected Wi-Fi networks.

Question 68

Cookie Guzzler

Answer 68

Wi-Fi Attacks Muted Peer and Hasty Peer are variants of the cookie guzzler attack which exploit the Anti-Clogging Mechanism (ACM) of the Simultaneous Authentication of Equals (SAE) key exchange in WPA3-Personal.

Question 69

Zero Trust Security Model

Answer 69

The Zero Trust security model addresses some of the limitations of perimeter-based network security strategies by removing the assumption of trust from the equation.

Question 70

Core Zero Trust Principals

Answer 70

Ensure Resource Access Enforce Access Control Inspect and Log All Traffic

Question 71

PAN‑OS®

Answer 71

PAN‑OS® software runs Palo Alto Networks® next-generation firewalls. PAN-OS natively uses key technologies (App‑ID, Content‑ID, Device-ID, and User‑ID) to provide complete visibility and control of applications in use across all users, devices, and locations all the time. Inline ML and application and threat signatures automatically reprogram the firewall with the latest intelligence so allowed traffic is free of known and unknown threats.

Question 72

Panorama

Answer 72

Panorama network security management enables centralized control, log collection, and policy workflow automation across all next-generation firewalls (scalable to tens of thousands of firewalls) from a single pane of glass.

Question 73

Cloud-Based Subscription Services

Answer 73

Cloud-based subscription services, including DNS Security, URL Filtering, Threat Prevention, and WildFire® malware prevention, deliver real-time advanced predictive analytics, AI and machine learning, exploit/malware/C2 threat protection, and global threat intelligence to the Palo Alto Networks Security Operating Platform.

Question 74

Prisma Cloud

Answer 74

Prisma Cloud is the industry’s most comprehensive threat protection, governance, and compliance offering. It dynamically discovers cloud resources and sensitive data across AWS, GCP, and Azure to detect risky configurations and identify network threats, suspicious user behavior, malware, data leakage, and host vulnerabilities.

Question 75

Prisma Access

Answer 75

Prisma Access is a Secure Access Service Edge (SASE) platform that helps organizations deliver consistent security to their remote networks and mobile users. It’s a generational step forward in cloud security, using a cloud-delivered architecture to connect all users to all applications.

Question 76

Prisma SaaS

Answer 76

Prisma SaaS functions as a multimode cloud access security broker (CASB), offering inline and API-based protection working together to minimize the range of cloud risks that can lead to breaches.

Question 77

Cortex

Answer 77

is designed to simplify security operations and considerably improve outcomes. Cortex is enabled by the Cortex Data Lake, where customers can securely and privately store and analyze large amounts of data that is normalized for advanced AI and machine learning to find threats and orchestrate responses quickly.

Question 78

Cortex XDR

Answer 78

breaks the silos of traditional detection and response by natively integrating network, endpoint, and cloud data to stop sophisticated attacks. Taking advantage of machine learning and AI models across all data sources, it identifies unknown and highly evasive threats from managed and unmanaged devices.

Question 79

Cortex XSOAR

Answer 79

is the only security orchestration, automation, and response (SOAR) platform that combines security orchestration, incident management, and interactive investigation to serve security teams across the incident lifecycle.

Question 80

Cortex Data Lake

Answer 80

enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing an enterprise’s data. It automatically collects, integrates, and normalizes data across an organization's security infrastructure. The cloud-based service is ready to scale from the start, eliminating the need for local compute or storage, providing assurance in the security and privacy of data.

Question 81

AutoFocus

Answer 81

contextual threat intelligence service speeds an organization's ability to analyze threats and respond to cyberattacks. Instant access to community-based threat data from WildFire, enhanced with deep context and attribution from the Palo Alto Networks Unit 42 threat research team, saves time. Security teams get detailed insight into attacks with prebuilt Unit 42 tags that identify malware families, adversaries, campaigns, malicious behaviors, and exploits without the need for a dedicated research team.

Question 82

What are the three essential areas of cybersecurity strategy in the Palo Alto Networks portfolio?

Answer 82

Enterprise Cloud Future

Question 83

Which component of Palo Alto Networks prevention-first architecture is designed to simplify security operations and improve outcomes?

Answer 83

Cortex

Question 84

How do cybercriminals use automation and big data analytics?

Answer 84

To execute massively scalable and increasingly effective attacks

Question 85

What is one of the main challenges with the current security approach?

Answer 85

Inadequate focus on detection and remediation

Question 86

How do cybercriminals stay ahead of point security products?

Answer 86

By leveraging automation and big data analytics