Introductory Class

Question 1

Incident

Answer 1

is a security event that compromises an information asset’s integrity, confidentiality, or availability.

Question 2

Breach

Answer 2

is an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.

Question 3

Assets

Answer 3

depend on the type of organization; for example, a bank’s asset is its money while the assets of a software company are in its computer code

Question 4

Vulnerabilities

Answer 4

exist in both software and hardware. The discovery of such vulnerabilities is only a matter of time.

Question 5

Exploitation

Answer 5

is the sse of a vulnerability to gain access to an organization.

Question 6

Risk

Answer 6

is the level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring.

Question 7

Threat

Answer 7

is any circumstance or event that can adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and denial of service; also, the potential for a threat source to successfully exploit a particular information system vulnerability.

Question 8

Pen-test

Answer 8

also known as penetration testing, is the method of employing hacker tools and techniques to evaluate security and implemented controls. Another way of understanding a pen test is to discover both known and unknown vulnerabilities.

Question 9

Confidentiality

Answer 9

preserves authorized restrictions on information access and disclosure, including the means of protecting personal privacy and proprietary information.

Question 10

Integrity

Answer 10

guards against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.

Question 11

Availability

Answer 11

ensures timely and reliable access to and use of information

Question 12

Defense-in-Depth

Answer 12

is an information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization.

Question 13

Security controls

Answer 13

include safeguards, measures, or steps taken to avoid, transfer, mitigate, reduce, or share the risks to organizational assets.

Question 14

Exposure

Answer 14

is the combination of the likelihood and the impact levels of risk.

Question 15

Red Team

Answer 15

is a group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise cybersecurity by demonstrating the impacts of successful attacks and what works for the defenders (i.e., the Blue Team) in an operational environment. Also known as the Cyber Red Team.

Question 16

Blue Team

Answer 16

is a group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period; 2) in a representative operational context (e.g., as part of an operational exercise); and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team).

Question 17

Pentest

Answer 17

is a method of testing where testers target individual binary components or the application as a whole to determine whether intra- or intercomponent vulnerabilities can be exploited to compromise the application, its data, or its environmental resources.

Question 18

Malware

Answer 18

is hardware, firmware, or software intentionally included or inserted into a system for a harmful purpose.

Question 19

Rogue access point

Answer 19

is an unauthorized access point connected to a network.

Question 20

Ransomware

Answer 20

disables the victim’s access to data until a ransom is paid. (e.g., Ryuk).

Question 21

Fileless malware

Answer 21

changes files native to the OS (e.g., Astaroth).

Question 22

Spyware

Answer 22

collects user activity data without the user’s knowledge (e.g., DarkHotel).

Question 23

Adware

Answer 23

serves unwanted advertisements (e.g., Fireball types of malware and their characteristics).

Question 24

Trojans

Answer 24

disguise themselves as desirable code (e.g., Emotet)

Question 25

Worms

Answer 25

spread through a network by replicating themselves (e.g., Stuxnet).

Question 26

Rootkits

Answer 26

give hackers remote control of a victim's device (e.g., Zacinlo)

Question 27

Keyloggers

Answer 27

monitor a user’s keystrokes (e.g., Olympic Vision)

Question 28

Bots

Answer 28

launch a broad flood of attacks (e.g., Echobot)

Question 29

Mobile malware

Answer 29

infects mobile devices (e.g., Triada).

Question 30

Malware

Answer 30

is a broad term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that installs risky software. Once inside the system, malware can do the following: Block access to key components of the network (ransomware). Install malware or additional harmful software. Covertly obtain information by transmitting data from the hard drive (spyware). Disrupt certain components and render the system inoperable.

Question 31

Phishing

Answer 31

involves sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.

Question 32

On-Path attacks

Answer 32

are also known as eavesdropping attacks, which occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.The following are two common points of entry for On-Path attacks: Attackers can insert themselves between a visitor’s device and the network on unsecured public Wi-Fi. Without knowing, the visitor passes all information through the attacker. Once the malware has breached a device, an attacker can install software to process all of the victim’s information.

Question 33

Denial of Service attacks

Answer 33

flood systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this type of attack. It may also be known as a Distributed Denial of Service (DDoS) attack.

Question 34

SQL injection

Answer 34

is a Structured Query Language (SQL) injection that occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker may carry out a SQL injection by simply submitting malicious code into a vulnerable website search box. Learn how to defend against SQL injection attacks.

Question 35

Zero-day exploits

Answer 35

hit after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.

Question 36

DNS tunneling

Answer 36

utilizes the Domain Name System (DNS) protocol to communicate non-DNS traffic over port 53. DNS tunneling sends HTTP and other protocol traffic over DNS. There are various legitimate reasons to utilize DNS tunneling. However, there are also malicious motivations for using DNS tunneling virtual private network (VPN) services. This tactic is used to disguise outbound traffic like DNS, concealing data typically shared through an internet connection. DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure for malicious use. It can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system.

Question 37

Accept

Answer 37

Risk is accepted, and no measures are implemented to reduce its probability or impact.

Question 38

Avoid:

Answer 38

Choose operations that do not lend themselves to a particular risk (e.g., relocating a factory from a region prone to a particular natural disaster to one that is not prone to that disaster).

Question 39

Mitigate

Answer 39

Implement controls to reduce the probability and impact of the threat/risk materializing.

Question 40

Share

Answer 40

Engage others in the operations, so multiple parties assume the risk.

Question 41

Transfer

Answer 41

Through the purchase of insurance, an organization can transfer risk to another party.

Question 42

Payment Card Industry - Data Security Standard (PCI-DSS)

Answer 42

The Payment Card Industry (PCI) has a Data Security Standard (DSS) with penalties for noncompliance by vendors. It is one of the most popular industry standards. If a company utilizes any payment card for any operation, it is a must for the selected service provider to be PCI-DSS compliant.

Question 43

The Health Insurance Portability and Accountability Act (HIPAA)

Answer 43

This congressional act specifies and requires data privacy and protection for medical information.

Question 44

California Consumer Privacy Act (CCPA)

Answer 44

This act extends privacy protections to the internet. Under CCPA, consumers may request and access the personally identifiable information (PII) data stored by companies. Businesses are required to provide a notice to consumers before their data can be sold.

Question 45

General Data Protection Regulation (GDPR

Answer 45

This regulation was adopted during March 2014 to replace European Union (EU) privacy directive 95/46/EC (EU, n.d.). GDPR is one of the toughest privacy and security laws passed by the EU. Its reach extends to any organization collecting and using data related to people within its member countries. Violators of the GDPR face harsh fines.

Question 46

Computer security incident

Answer 46

is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

Question 47

An event

Answer 47

is any observable occurrence in a system or network. Events include a user connecting to a file share, a server receiving a request for a webpage, a user sending email, or a firewall blocking a connection attempt. Adverse events have negative consequences, such as system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malware that destroys data.

Question 48

Central incident response team

Answer 48

handles incidents throughout the organization.

Question 49

Distributed incident response team

Answer 49

may be one of several teams within an organization with responsibility for a particular logical or physical segment of the organization.

Question 50

Coordinating team

Answer 50

is an incident response team that provides advice to other teams without having authority over those teams.

Question 51

Identify

Answer 51

Asset management, business environment, governance, risk assessment, risk management strategy

Question 52

Protect

Answer 52

Access control, awareness training, data security, information protection processes and procedures, maintenance, protective technology

Question 53

Detect

Answer 53

Anomalies and events, security continuous monitoring, detection processes

Question 54

Respond

Answer 54

Response planning, communications, analysis, mitigation, improvements

Question 55

Recover

Answer 55

Recovery planning, improvements, communications

Question 56

Categorize

Answer 56

Classify the system and information processed, stored, and transmitted based on impact analysis

Question 57

Select

Answer 57

Choose an initial set of controls for the system and tailor the controls as needed to reduce risk to an acceptable level based on an assessment of risk. Focus: Select, tailor, and document the controls necessary to protect the information system and organization commensurate with the risk to organizational operations and assets, individuals, other organizations, and the nation.

Question 58

Implement

Answer 58

Identify and activate the necessary controls and describe how they are employed within the system and its operating environment. Focus: Initiate the controls in the security and privacy plans for the system and the organization and document the specific details of the control implementation in a baseline configuration.

Question 59

Assess

Answer 59

Evaluate the controls to determine if they are implemented correctly, operating as intended, and producing the desired outcomes concerning satisfying the security and privacy requirements. Focus: Determine if the controls selected for implementation are implemented correctly, operating as intended, and producing the desired outcome concerning meeting the security and privacy requirements for the system and the organization.

Question 60

Authorize

Answer 60

Certify and enable the system or common controls based on determining that the risk to organizational operations and assets, individuals, other organizations, and the nation is acceptable. Focus: Provide organizational accountability by requiring a senior management official to determine if the security and privacy risk (including risk to the supply chain) to organizational operations and assets, individuals, other organizations, or the nation based on the operation of a system or the use of common controls is acceptable.

Question 61

Monitor

Answer 61

Observe the system and the associated controls on an ongoing basis, including assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system. Focus: Maintain an ongoing situational awareness about the security and privacy posture of the information system and the organization in support of risk management decisions.