Cybersecurity Fundamentals

Question 1

Microblogging

Answer 1

Microblogging web services allow a subscriber to broadcast short messages to other subscribers. Examples include Tumblr and Twitter.

Question 2

Social Curation

Answer 2

Social curation shares collaborative content about particular topics. Social bookmarking is a type of social curation. Examples include Cogenz, Instagram, Pinterest, and Reddit.

Question 3

Blockchain

Answer 3

Blockchain is essentially a data structure containing transactional records (stored as blocks) that ensures security and transparency through a vast, decentralized peer-to-peer network with no single controlling authority. Cryptocurrency, such as Bitcoin, is an example of a blockchain application.

Question 4

Data Mining

Answer 4

Data mining enables patterns to be discovered in large datasets by using machine learning, statistical analysis, and database technologies.

Question 5

Mixed Reality

Answer 5

Mixed reality includes technologies, such as virtual reality (VR), augmented reality (AR), and extended reality (XR), that deliver an immersive and interactive physical and digital sensory experience in real time.

Question 6

Natural Language Search

Answer 6

Natural language search is the ability to understand human spoken language and context (rather than a Boolean search, for example) to find information.

Question 7

TTP

Answer 7

Tactics
Techniques
Procedures

Question 8

Port Hopping

Answer 8

Port hopping allows adversaries to randomly change ports and protocols during a session.

Question 9

Using Non-Standard Ports

Answer 9

An example of using non-standard ports is running Yahoo! Messenger over TCP port 80 (HTTP) instead of the standard TCP port for Yahoo! Messenger (5050).

Question 10

Tunneling

Answer 10

Another method is tunneling within commonly used services, such as running peer-to-peer (P2P) file sharing or an IM client such as Meebo over HTTP.

Question 11

Hiding Within SSL Encryption

Answer 11

Hiding in SSL encryption masks the application traffic, for example, over TCP port 443 (HTTPS). More than half of all web traffic is now encrypted.

Question 12

Cloud Service Models and Examples

Answer 12

SaaS - Google, MSFT, Zoom

PaaS - AWS, Azure, GCP

IaaS - AWS, Azure, GCP

Question 13

SaaS

Answer 13

In a SaaS model, the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure.

Question 14

PaaS

Answer 14

In a PaaS model, the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.

Question 15

IaaS

Answer 15

In an IaaS model, the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include OSs and applications.

Question 16

Primary Function of SaaS

Answer 16

to provide cloud-based apps to consumers.

Question 17

Primary Function of PaaS

Answer 17

The main function of PaaS is to give a useful framework for developers to manage new product apps, build apps, and test apps.

Question 18

Primary Function of IaaS

Answer 18

The primary function of IaaS is to provide visual data centers to businesses.

Question 19

Malicious Insiders

Answer 19

The least common but real SaaS application risk is the internal user who maliciously shares data for theft or revenge purposes.

Question 20

Accidental Data Exposure

Answer 20

Well-intentioned end users are often untrained and unaware of the risks their actions pose in SaaS environments.

Question 21

Accidental Share

Answer 21

An accidental share happens when a share meant for a particular person is accidentally sent to the wrong person or group.

Question 22

Promiscuous Share

Answer 22

In a promiscuous share, a legitimate share is created for a user, but that user then shares with other people who shouldn’t have access.

Question 23

Ghost (or Stale) Share

Answer 23

In a ghost share, the share remains active for an employee or vendor that is no longer working with the company or should no longer have access.

Question 24

Cybercriminals

Answer 24

Cybercriminals are the most common attacker profile.

They are also known for the proliferation of bots and botnet attacks, where endpoints are infected and then organized collectively by a command-and-control, or C&C, attack server.

Question 25

State-Affiliated Groups

Answer 25

High-profile attacks against infrastructure, governments, voting systems, or major corporations are often linked to state-affiliated groups.

Question 26

Hacktivists

Answer 26

Hacktivist groups perform high-profile attacks in an attempt to showcase their political or social cause.

Question 27

Cyberterrorists

Answer 27

Cyberterrorist attacks often are associated with state affiliations and are focused on causing damage and destruction.

Question 28

Script Kiddies

Answer 28

Script kiddie is the name associated with novice attackers who use publicly available attack tools without fully realizing the implications of their actions.

Question 29

Cybercrime Vendors

Answer 29

Capitalizing on the service model of cloud computing, many threat actors now rent or sell their malware and exploits – including business email compromise (BEC) and ransomware – as cybercrime-as-a-service (CCaaS) offerings on the dark web.

Question 30

Cyberattack Lifcycle

Answer 30

Reconnaissance Weaponization Delivery Exploitation Installation C&C Act on Object

Question 31

MITRE ATT&CK

Answer 31

document the tactics, techniques and procedures (TTPs) that advanced persistent threats (APTs) use against enterprise networks.

Question 32

C-SCRM

Answer 32

Cyber Supply Chain Risk Management processes must rapidly adapt to changes in the threat landscape.

Question 33

CVE

Answer 33

Common Vulnerabilities and Exposures is a system for referencing publicly known vulnerabilities by identifiers. The goal of the system is to make it easier to share vulnerability data across stakeholders, including software vendors, tool vendors, security practitioners, and end users.

Question 34

Cortex XDR retrieves latest information from NIST

Answer 34

Addons > Host Insights > Vulnerability Assessment > CVEs

Question 35

Which path or tool is used by attackers?

Answer 35

Threat Vector

Question 36

Which kind of server is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands?

Answer 36

Command and Control

Question 37

Malware

Answer 37

Malware usually has one or more of the following objectives: to provide remote control for an attacker to use an infected machine, to send spam from the infected machine to unsuspecting targets, to investigate the infected user’s local network, and to steal sensitive data.

Question 38

Advanced/Modern Malware

Answer 38

Advanced or modern malware generally refers to new or unknown malware. These types of malware are highly sophisticated and often have specialized targets. Advanced malware typically can bypass traditional defenses.

Question 39

Logic Bombs

Answer 39

A logic bomb is malware that is triggered by a specified condition, such as a given date or a particular user account being disabled.

Question 40

Spyware and Adware

Answer 40

Spyware and adware are types of malware that collect information, such as internet surfing behavior, login credentials, and financial account information, on an infected endpoint.

Question 41

Rootkits

Answer 41

A rootkit is malware that provides privileged (root-level) access to a computer.

Question 42

Bootkits

Answer 42

A bootkit is malware that is a kernel-mode variant of a rootkit, commonly used to attack computers that are protected by full-disk encryption.

Question 43

Backdoors

Answer 43

A backdoor is malware that allows an attacker to bypass authentication to gain access to a compromised system.

Question 44

Anti-AV

Answer 44

Anti-AV is malware that disables legitimately installed antivirus software on the compromised endpoint, thereby preventing automatic detection and removal of other malware.

Question 45

Ransomware

Answer 45

Ransomware is malware that locks a computer or device (Locker ransomware) or encrypts data (Crypto ransomware) on an infected endpoint with an encryption key that only the attacker knows, thereby making the data unusable until the victim pays a ransom (usually with cryptocurrency, such as Bitcoin). Reveton and LockeR are two examples of Locker ransomware. Locky, TeslaCrypt/EccKrypt, Cryptolocker, and Cryptowall are examples of Crypto ransomware.

Question 46

Trojan Horses

Answer 46

A Trojan horse is malware that is disguised as a harmless program but actually gives an attacker full control and elevated privileges of an endpoint when installed. Unlike other types of malware, Trojan horses are typically not self-replicating.

Question 47

Virus

Answer 47

A virus is malware that is self-replicating but must first infect a host program and be executed by a user or process.

Question 48

Worms

Answer 48

A worm is malware that typically targets a computer network by replicating itself to spread rapidly. Unlike viruses, worms do not need to infect other programs and do not need to be executed by a user or process.

Question 49

Obfuscation Malware

Answer 49

Advanced malware often uses common obfuscation techniques to hide certain binary strings that are characteristically used in malware and therefore easily detected by anti-malware signatures. Advanced malware might also use these techniques to hide an entire malware program.

Question 50

Polymorphism

Answer 50

Some advanced malware has entire sections of code that serve no purpose other than to change the signature of the malware, thus producing an infinite number of unique signature hashes. Techniques such as polymorphism and metamorphism are used to avoid detection by traditional signature-based anti-malware tools and software. For example, a change of just a single character or bit of the file or source code completely changes the hash signature of the malware.

Question 51

Distributed

Answer 51

Advanced malware takes full advantage of the resiliency built into the internet itself. Advanced malware can have multiple control servers distributed all over the world with multiple fallback options. Advanced malware can also leverage other infected endpoints as communication channels, thus providing a near-infinite number of communication paths to adapt to changing conditions or update code as needed.

Question 52

Multi-functional

Answer 52

Updates from C2 servers can also completely change the functionality of advanced malware. This multifunctional capability enables an attacker to use endpoints strategically to accomplish specific tasks, such as stealing credit card numbers, sending spam containing other malware payloads (such as spyware), or installing ransomware for the purpose of extortion.

Question 53

Attacker's Execute Five Steps

Answer 53

Step 1 - Compromise and Control and System Step 2 - Prevent Access to System Step 3 - Notify Victim Step 4 - Accept Ransom Payment Step 5 - Return Full Access

Question 54

Vulnerability

Answer 54

Vulnerabilities are routinely discovered in software at an alarming rate. Vulnerabilities may exist in software when the software is initially developed and released, or vulnerabilities may be inadvertently created, or even reintroduced, when subsequent version updates or security patches are installed.

Question 55

Exploit

Answer 55

An exploit is a type of malware that takes advantage of a vulnerability in an installed endpoint or server software such as a web browser, Adobe Flash, Java, or Microsoft Office.

Question 56

Patching Vulnerabilities Steps

Answer 56

1. Discovery 2. Development of Patch 3. Test and Deploy Patch

Question 57

Zero Day

Answer 57

The delay between the discovery of a vulnerability and development and release of a patch is known as a zero-day threat

Question 58

Process to create an expolited data file

Answer 58

1. Embed a small piece of malicious code into file. 2. memory corruption techniques.

Question 59

Steps to execute an exploit

Answer 59

1. Creation 2. Action 3. Techniques 4. Heap Spray

Question 60

What type of malware can have multiple control servers distributed all over the world with multiple fallback options?

Answer 60

Advanced or modern

Question 61

Which type of malware disables protection software?

Answer 61

Anti-AV

Question 62

What are the two main types of ransomware?

Answer 62

Locker Crypto

Question 63

Spear Phishing

Answer 63

Spear phishing is a targeted phishing campaign that appears more credible to its victims by gathering specific information about the target, giving it a higher probability of success.

Question 64

Whaling

Answer 64

Whaling is a type of spear phishing attack that is specifically directed at senior executives or other high-profile targets within an organization.

Question 65

Watering Hole

Answer 65

Watering hole attacks compromise websites that are likely to be visited by a targeted victim-for example, an insurance company website that may be frequently visited by healthcare providers.

Question 66

Pharming

Answer 66

A pharming attack redirects a legitimate website’s traffic to a fake site, typically by modifying an endpoint’s local hosts file or by compromising a DNS server (DNS poisoning).

Question 67

Spam

Answer 67

Spreading unsolicited content to target endpoints via email

Question 68

Spim

Answer 68

Spreading unsolicited content to target endpoints via IM

Question 69

Vishing

Answer 69

Performing a phishing attack via voicemail or robocalling.

Question 70

Bots

Answer 70

(or zombies) are individual endpoints that are infected with advanced malware that enables an attacker to take control of the compromised endpoint.

Question 71

botnet

Answer 71

is a network of bots (often tens of thousands or more) working together under the control of attackers using numerous servers.

Question 72

ZeuS and SpyEye

Answer 72

Financial botnets

Question 73

DoS vs DDoS

Answer 73

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target.

Question 74

APTs

Answer 74

Advanced persistent threats, or APTs, are a class of threats that are far more deliberate and potentially devastating than other types of cyberattacks. APTs are generally coordinated events that are associated with cybercriminal groups.

Question 75

Lazarus

Answer 75

APT

Question 76

WEP

Answer 76

The WEP encryption standard is no longer secure enough for Wi-Fi networks.

Question 77

WPA2

Answer 77

WPA2-PSK supports 256-bit keys, which require 64 hexadecimal characters.

Question 78

WPA3

Answer 78

WPA3 features include improved security for IoT devices such as smart bulbs, wireless appliances, smart speakers, and other screen-free gadgets that make everyday tasks easier.

Question 79

Evil Twin

Answer 79

a wireless access point that serves as a bridge to a real network. An attacker can inevitably bait a few victims with “free Wi-Fi access.”

Question 80

Jasager

Answer 80

Responds to Wi Fi as Yes, and then connects them to the internet.

Question 81

SSLstrip

Answer 81

The attacker simply intercepts the victim’s web traffic, redirects the victim’s browser to a web server that it controls, and serves up whatever content the attacker desires.

Question 82

Emotet

Answer 82

Trojan

Question 83

SSLstrip Strategy

Answer 83

When a user connected to a compromised Wi-Fi network attempts to initiate an SSL session, the modified access point intercepts the SSL request.

Question 84

Doppelganger

Answer 84

Doppelganger is an insider attack that targets WPA3-Personal protected Wi-Fi networks.

Question 85

Cookie Guzzler

Answer 85

Muted Peer and Hasty Peer are variants of the cookie guzzler attack which exploit the Anti-Clogging Mechanism (ACM) of the Simultaneous Authentication of Equals (SAE) key exchange in WPA3-Personal.

Question 86

Zero Trust Principals

Answer 86

Ensure Resource Access Enforce Access Control Inspect and Log All Traffic