IS 414 Flashcards

Question

Can you eliminate risk?

Answer 1

No, You can only mitigate it.

Answer 2

-Octave Forte -NIST SP 800-30 -ISO 27005

Answer 3

Often times automated ---Endpoint management tools ---SNMP network monitoring ---Ad hoc scripting Identification often includes valuation ---Cost to replace ---Value provided to org. ---Value to hacker --- cost of noncompliance with laws or regulation (fines)

Answer 4

1. Decreased Productivity 2. Replacement Cost 3. Expenses Incurred Handling Loss 4. Fines or Legal Judgments 5. Diminished Competitive Advantage 6. Reputation

Answer 5

The CIA Triad is a foundational model in cybersecurity that ensures the security of information systems. It consists of three key principles: Confidentiality – Ensuring that information is accessible only to authorized individuals. --- Example: Using encryption to protect sensitive data from unauthorized access. Integrity – Ensuring that data remains accurate, unaltered, and trustworthy. ---Example: Implementing checksums and hash functions to verify that files have not been tampered with. Availability – Ensuring that information and systems are accessible when needed. ---Example: Using redundant servers and backup power supplies to prevent downtime. Together, these principles help maintain the security and functionality of information systems.

Answer 6

-Effective Controls decrease threats and/or decrease likelihood -Process Controls -Security Controls - - Physical - - Network - - Host

Answer 7

Qualitative: Risk Level Matrix Quantitative: CVSS

Answer 8

Nmap is a network scanning tool used for port scanning, host discovery, and service enumeration. It helps security professionals map a network, identify active devices, and determine what services and operating systems are running. Example Use: A penetration tester uses Nmap to scan a company’s IP range to find open ports and running services before attempting an attack.

Answer 9

Nessus is a vulnerability scanner used to identify security flaws in a network. It detects misconfigurations, missing patches, and known vulnerabilities by scanning systems against an extensive vulnerability database. Example Use: A company runs Nessus to scan its network for unpatched software vulnerabilities and compliance issues.

Answer 10

A stop at any of these steps kills the entire cyber attack: Cyber Kill Chain (Attack Stages) Reconnaissance – Gather target info (OSINT, scanning). Weaponization – Create malware/exploit. Delivery – Send payload (email, USB, website). Exploitation – Execute attack via vulnerability. Installation – Deploy malware/backdoor. Command & Control (C2) – Connect to attacker’s server. Actions on Objectives – Steal data, disrupt, or ransom. Purpose: Helps detect, prevent, and respond to cyberattacks.

Answer 11

The amount of exposure a system has to attacks.

Answer 12

OS Fingerprinting responds to scans in certain ways from Nmap or Nessus that helps us guess which OS it is.

Answer 13

TAP (Traffic Access Point): A hardware device that passively copies network traffic for monitoring without interfering with normal operations. TAPs are hardware-based, ensuring full packet capture without dropping data.

Answer 14

SPAN (Switched Port Analyzer): A switch feature that mirrors network traffic from one or more ports to a monitoring port for analysis. Explanation: SPAN is software-based, but can miss packets under heavy loads due to switch prioritization.

Answer 15

A critical vulnerability in OpenSSL that allowed attackers to steal sensitive data from memory of affected servers. Explanation: * Exploited a bug in OpenSSL’s Heartbeat feature, allowing access to unencrypted passwords, private keys, and session data. * Affected millions of websites, including Yahoo and government agencies. Example: * Attackers used Heartbleed to steal private encryption keys, allowing them to decrypt sensitive user communications.

Answer 16

Definition: A decoy system designed to attract attackers and study their behavior. Explanation: * Can be low-interaction (fake services) or high-interaction (realistic OS). * Helps organizations learn about new attack techniques and distract attackers from real assets. Example: * A company sets up a honeypot server with fake credentials, tricking attackers into revealing their tactics.

Answer 17

Definition: An attacker takes control of an active user session by stealing or guessing a session token. Explanation: * Can be done through packet sniffing, predictable session IDs, or XSS attacks. * Often targets web applications and online banking sessions. Example: * A hacker steals a victim’s authentication cookie using an XSS exploit, then logs in as the victim without needing credentials.

Answer 18

Hardening refers to strengthening the security of a system, application, or network by reducing vulnerabilities and attack surfaces. ________________________________________ Goals of Hardening * Reduce attack surface by removing unnecessary services, applications, and privileges. * Increase system resilience against cyber threats like malware, unauthorized access, and exploits. * Ensure compliance with security standards (e.g., NIST, CIS, ISO 27001). * Prevent unauthorized access by enforcing least privilege and strong authentication. ________________________________________ How and Why to Do Hardening? How to Harden a System: 1. Apply security patches and updates to fix vulnerabilities. 2. Disable unnecessary services and applications to reduce the attack surface. 3. Enforce strong authentication and access control (e.g., MFA, least privilege). 4. Implement security monitoring and logging to detect anomalies. 5. Enable encryption for data protection. 6. Use firewalls and anti-malware solutions to block threats. Why Hardening is Important? * Minimizes security risks by removing potential attack vectors. * Improves system stability and reliability by preventing exploits. * Reduces insider threats by restricting access and monitoring activities.

Answer 19

fix security vulnerabilities and improve performance. How It Works: * Regularly check for patches from vendors (e.g., Microsoft, Linux, Adobe). * Test patches in a controlled environment before deployment. * Apply patches promptly to prevent exploitation of known vulnerabilities. * Automate patching where possible using tools like WSUS, SCCM, or third-party solutions. Example: * The WannaCry ransomware attack exploited an unpatched SMB vulnerability in Windows. Organizations that applied the MS17-010 patch were protected

Answer 20

Definition: A firewall is a security system that monitors and controls network traffic based on predefined security rules. Types of Firewalls: * Packet Filtering Firewall: Examines packets and blocks traffic based on IP addresses, ports, and protocols. * Stateful Firewall: Tracks active connections and blocks unauthorized sessions. * Application-Layer (Next-Gen) Firewall: Inspects application data (e.g., HTTP, FTP) to detect threats. Example: * A firewall blocks incoming traffic from an attacker’s IP address after detecting repeated failed login attempts

Answer 21

Software that detects, blocks, and removes malicious programs such as viruses, worms, Trojans, and ransomware. How It Works: * Signature-based detection: Compares files against a database of known malware signatures. * Behavioral analysis: Identifies suspicious activities, such as unauthorized file encryption (ransomware). * Heuristic scanning: Detects unknown malware by analyzing code patterns and behaviors. Example: * An anti-malware solution detects a malicious email attachment containing a trojan and quarantines the file before it executes

Answer 22

A controlled, isolated environment where untrusted or suspicious code is executed without affecting the main system. How It Works: * Suspicious files, applications, or scripts are executed in a virtual environment. * The system monitors behavior and determines if the code is malicious before allowing execution. Example: * A security analyst runs a suspicious email attachment in a sandbox to check for malware without endangering the network

Answer 23

Encryption is the process of converting plaintext into unreadable ciphertext using an algorithm and a secret key. Types of Encryption: * Symmetric Encryption (AES, DES): Uses a single key for encryption and decryption. * Asymmetric Encryption (RSA, ECC): Uses a public key for encryption and a private key for decryption. * Hashing (SHA-256, MD5): Converts data into a fixed-length hash value that cannot be reversed. Example: * HTTPS encryption protects sensitive data (passwords, credit card info) during online transactions

Answer 24

Best Practices for Strong Passwords: * Minimum length of 12-16 characters * Use a mix of uppercase, lowercase, numbers, and symbols * Avoid common words and predictable sequences * Use password managers to store complex passwords * Implement Multi-Factor Authentication (MFA) Example: * Instead of using “password123”, use “G$9k&4!bTz7@Qp” stored in a password manager

Answer 25

Security measures applied to smartphones, tablets, and other mobile devices to prevent unauthorized access, malware, and data breaches. Key Strategies: * Enable encryption: Encrypt internal storage and SD cards. * Use biometrics & strong PINs: Prevent unauthorized access. * Disable unnecessary permissions & apps: Reduce attack surface. * Keep OS and apps updated: Patch vulnerabilities. * Use Mobile Device Management (MDM): Enforce security policies in corporate environments. Example: * An organization enforces device encryption and remote wipe capabilities on all employee smartphones

Answer 26

B. Reducing vulnerabilities ✅

Answer 27

A. Malware can be executed safely without harming the main system ✅

Answer 28

C. They monitor and filter network traffic based on security rules ✅

Answer 29

B. It protects data even if the device is physically stolen ✅

Answer 30

B. Enabling remote wipe capabilities ✅

Answer 31

A defensible network is designed with layers of security to detect, delay, and respond to cyber threats effectively. Explanation: * Uses network segmentation, zero trust principles, and least privilege access. * Incorporates firewalls, IDS/IPS, logging, and monitoring for proactive security. Example: * A company segments its internal network so that sensitive HR and finance systems are isolated from general employee access.

Answer 32

An attack that floods a target system with traffic or requests, making it unavailable to legitimate users. Explanation: * DoS (Denial-of-Service): Single-source attack, overloading a system. * DDoS (Distributed DoS): Multiple compromised devices (botnets) flood a target. Example: * A hacker uses a botnet to overwhelm an online retailer’s website with fake traffic, causing downtime and lost revenue.

Answer 33

A security device that monitors network traffic and actively blocks malicious activity before it reaches a system. Explanation: * Works inline with network traffic (compared to an IDS, which is passive). * Can block attacks like SQL injections, malware, and port scans. Example: * An IPS detects and blocks an attacker’s attempt to exploit a web server vulnerability in real time.

Answer 34

Intrusion Detection Systems (IDS) Definition: A system that monitors network traffic for suspicious activity but does not take direct action. Explanation: * Host-based IDS (HIDS): Monitors system logs and files for anomalies. * Network-based IDS (NIDS): Monitors network traffic for suspicious patterns. Example: * A NIDS alerts security analysts to unusual outbound connections that could indicate a data exfiltration attempt

Answer 35

Man-in-the-Middle (MitM) Attack Definition: An attacker intercepts and alters communication between two parties without their knowledge. Explanation: * Can be done via rogue Wi-Fi hotspots, ARP spoofing, or SSL stripping. * Often used for eavesdropping, credential theft, or injecting malicious content. Example: * A hacker sets up a fake public Wi-Fi network at a coffee shop and captures users’ login credentials when they access their bank accounts

Answer 36

KRACK (Key Reinstallation Attack) Evil Twins Rogue APs (Access Points) ARP/DNS Spoofing

Answer 37

An attack on WPA2 encryption that allows an attacker to decrypt Wi-Fi traffic. * Example: An attacker forces a device to reuse an encryption key, allowing them to intercept network traffic.

Answer 38

A fake Wi-Fi access point that mimics a legitimate one to trick users into connecting. * Example: A hacker sets up a fake "Starbucks Free Wi-Fi" to steal passwords.

Answer 39

Unauthorized Wi-Fi access points connected to a secure network. * Example: An employee plugs in their own Wi-Fi router, unintentionally exposing the corporate network to attackers.

Answer 40

Manipulating network address resolution to redirect traffic to a malicious actor. * Example: An attacker spoofs DNS records, directing users to a fake banking website

Answer 41

Protecting data, applications, and services hosted in cloud environments from cyber threats. Explanation: * Shared responsibility model: Cloud providers secure infrastructure; users secure data and access controls. * Risks include misconfigured storage (S3 buckets), insider threats, and API vulnerabilities. Example: * A company fails to properly configure cloud storage, exposing sensitive customer data to the public

Answer 42

o Virtualization is the process of creating a virtual version of computing resources, such as servers, storage, networks, or operating systems, rather than relying on physical hardware. It allows multiple virtual machines (VMs) to run on a single physical machine, each with its own OS and applications. Benefits of Virtualization o Resource Efficiency – Maximizes hardware utilization by running multiple VMs on a single physical server. o Cost Savings – Reduces the need for physical hardware, lowering capital and operational costs. o Scalability – Enables quick deployment and scaling of virtualized environments. o Isolation & Security – Each VM operates independently, reducing the risk of malware spreading between them. o Disaster Recovery – Virtual machines can be backed up, cloned, and easily restored. o Portability – VMs can be moved across different physical machines, even in different locations

Answer 43

o A hypervisor (or Virtual Machine Monitor, VMM) is the software that allows multiple virtual machines to share the same physical hardware. It manages the allocation of CPU, memory, and other resources to each VM.

Answer 44

Type-1 Hypervisor (Bare-Metal Hypervisor) o Runs directly on the physical hardware without a host operating system. o More efficient and secure because it has direct access to system resources. o Used in enterprise environments and cloud computing. o Use Case: Large-scale data centers and cloud providers like AWS, Google Cloud, and Azure use Type-1 hypervisors for efficient resource allocation and scalability. o ________________________________________ o Type-2 Hypervisor (Hosted Hypervisor) o Runs on top of an existing operating system (like Windows, macOS, or Linux). o Easier to set up but has more overhead since it relies on the host OS for resource management. o Used for development, testing, and running multiple OS environments on a single machine. o Use Case: Developers use Type-2 hypervisors to test applications across different operating systems on a single device

Answer 45

The process of subtly extracting information from a target without raising suspicion. Example: An attacker casually asks an employee about company security policies during a friendly chat.

Answer 46

Using prior exposure to influence perception or behavior. Example: A scam email includes a fake security warning to make the recipient more likely to comply with a request.

Answer 47

Authority Reciprocity Commitment & Consistency Social Proof Liking Scarcity

Answer 48

People tend to comply with figures of authority. * Example: An attacker impersonates a high-ranking executive in a phishing email, demanding urgent action (e.g., wiring money or resetting credentials).

Answer 49

People feel obligated to return favors. * Example: A scammer offers a "free" security audit in exchange for login credentials or confidential information.

Answer 50

Once people commit to something, they tend to stick with it. * Example: An attacker first gets a small agreement from a target (e.g., confirming their role) and later requests access to sensitive information

Answer 51

People follow the actions of others, especially in uncertain situations. * Example: A phishing email claims that "90% of employees have already completed this security training—click here to finish yours!"

Answer 52

People are more likely to comply with requests from those they like. * Example: An attacker builds rapport with a target over shared interests before making a request.

Answer 53

People place higher value on things that seem limited or urgent. * Example: A phishing email warns that an account will be locked in 24 hours unless the target acts immediately.

Answer 54

Techniques used to build trust and familiarity with a target. Example: An attacker mirrors the speech and interests of a target to make them feel comfortable and open up.

Answer 55

– Creating a fabricated scenario to obtain information or access. Example: A hacker pretends to be an IT support technician to trick an employee into revealing login credentials.

Answer 56

Posing as someone else to gain trust and manipulate a target. Example: An attacker dresses as a delivery driver to gain entry into a secure building

Answer 57

Mass email scams designed to steal information. Example: A fake PayPal email asks users to update their passwords via a malicious link.

Answer 58

: Targeted phishing attacks against specific individuals. Example: A fake email tailored for a CFO tricks them into wiring money

Answer 59

Voice-based phishing attacks over the phone. Example: A scammer calls pretending to be a bank representative to obtain account details

Answer 60

Gathering personal information to guess or crack passwords. Example: An attacker studies a target’s social media for pet names, birthdays, and favorite bands to generate likely passwords

Answer 61

Rogen and James Franco (writer/actor/director Kim Jong-Un North Korea moviegoers free-speech advocates hackers and nation-state actors Sony leadership and employees

Answer 62

Basic security controls Some access controls Poor IT infrastructure and patch management Poor threat detention Underestimated nation-state cyber threats

Answer 63

Sony had a reputation of being hackable. Sony was putting questionable stuff on CD's that also made the user's stuff more vulnerable. "The Interview" movie made North Korea mad, threatened Sony. Sony employees had easy passwords, unencrypted emails. Started by spearphishing using false Apple ID links to a fake sign in page that stole account passwords. Not current antivirus programs. Hackers moved unilaterally across Sony systems, transfers of data went undetected for months. Hackers put violent images and warnings on Sony computers announcing hack. Systems shut down extremely. Lost data. Data was released to public. Leaked movies, salaries, criminal background checks, medical data, etc. First time FBI attributed cyberattack to a nation-state In response, Sony adjusted data storage practices, only retained info in current-use projects, rest to be encrypted and stored separate. Downgrading admin privileges. Limited employee internet access until they rebuilt a more secure network.

Answer 64

Did right: involved the FBI and others quickly to mitigate further damage. Regained public trust Worked with government agencies Made long-term cybersecurity improvements after the fact Did wrong: Lack of Strong Cybersecurity Measures Failure to Detect & Respond Quickly Weak Internal Security Policies Insufficient Backups & Recovery Plans Delayed and Controversial Response

Answer 65

Refers to the desire of individuals to control or have some influence over data about themselves?

Answer 66

Confidentiality focuses on protecting an organization's intellectual property. Privacy deals with protecting customer information rather than internal company information

Answer 67

8 GDPR privacy rights (also called data subject rights): The right to be informed – Individuals must be informed about the collection and use of their personal data. The right of access – Individuals can request access to their personal data and understand how it is being used. The right to rectification – Individuals can request corrections to inaccurate or incomplete personal data. The right to erasure (right to be forgotten) – Individuals can request the deletion of their personal data under certain conditions. The right to restrict processing – Individuals can request to limit or restrict how their personal data is used. The right to data portability – Individuals can obtain and reuse their personal data across different services. The right to object – Individuals can object to the processing of their personal data, including for marketing purposes. Rights related to automated decision-making and profiling – Individuals have rights related to decisions made without human involvement, including profiling.

Answer 68

Rights related to automated decision-making and profiling – Individuals have rights related to decisions made without human involvement, including profiling.

Answer 69

The right to object – Individuals can object to the processing of their personal data, including for marketing purposes.

Answer 70

The right to data portability – Individuals can obtain and reuse their personal data across different services.

Answer 71

The right to restrict processing – Individuals can request to limit or restrict how their personal data is used.

Answer 72

The right to erasure (right to be forgotten) – Individuals can request the deletion of their personal data under certain conditions.

Answer 73

The right to rectification – Individuals can request corrections to inaccurate or incomplete personal data.

Answer 74

The right of access – Individuals can request access to their personal data and understand how it is being used.

Answer 75

The right to be informed – Individuals must be informed about the collection and use of their personal data.

Answer 76

Covered Entity - plan, provider, or clearinghouse transmitting health info electronically Required implementation specification - Must be implemented Addressable implementation specification - Somewhat optional - Either must be implemented, an alternate, or demonstrate that specification is not required

Answer 77

Covered Entity - plan, provider, or clearinghouse transmitting health info electronically

Answer 78

Required implementation specification - Must be implemented

Answer 79

Addressable implementation specification - Somewhat optional - Either must be implemented, an alternate, or demonstrate that specification is not required

Answer 80

Definition: The second phase of the Cyber Kill Chain, where attackers create a deliverable payload (e.g., malware, exploit) to compromise the target. Key Actions: - Coupling an exploit with a backdoor - Creating malicious documents (e.g., PDFs, Word files) - Developing weaponized malware (e.g., trojans, ransomware) Example: Attackers craft a phishing email with a malicious attachment that exploits a software vulnerability.

Answer 81

Phase 3. How do I get it to my target? Key Methods: - Phishing emails (malicious attachments or links) - Drive-by downloads (compromised websites) - USB drops (infected removable media) - Exploiting vulnerabilities in exposed services Example: A hacker sends a phishing email with a malicious PDF that exploits a software vulnerability when opened.

Answer 82

Fourth phase in the cyber kill chain. The delivered payload is executed to exploit a vulnerability and gain control over the target system. Key Actions: - Running malicious code on the target device - Exploiting software vulnerabilities (e.g., zero-days, buffer overflows) - Gaining initial foothold and privilege escalation Example: A phishing email delivers a malicious PDF, which exploits an unpatched Adobe Reader vulnerability to execute malware.

Answer 83

Fifth part of the cyber kill chain. Where attackers establish persistence by installing malware or backdoors on the compromised system. Key Actions: - Installing remote access trojans (RATs) - Creating scheduled tasks or registry modifications - Deploying rootkits or bootkits for stealth Example: An attacker installs a RAT that allows continuous remote access, even after a system reboot.

Answer 84

The sixth phase of the Cyber Kill Chain, where attackers establish a communication channel with the compromised system to maintain remote control. Hacker is able to remotely control the malware once installed on the victims' machines Key Actions: - Using malware to create a covert communication channel - Employing protocols like HTTP, HTTPS, DNS tunneling, or custom C2 frameworks - Encrypting C2 traffic to evade detection Example: A compromised system connects to a malicious server via an encrypted HTTPS request, allowing attackers to issue commands remotely.

Answer 85

The final phase of the Cyber Kill Chain, where attackers achieve their ultimate goal, such as data theft, system disruption, or destruction. Key Actions: - Data exfiltration (stealing sensitive information) - Privilege escalation (gaining higher access) - Lateral movement (spreading within the network) - Destruction or encryption (deploying ransomware or wiping data) Example: An attacker exfiltrates customer data from a database and sells it on the dark web.

Answer 86

The Guardians of Peace (GOP) was the hacker group responsible for the 2014 Sony Pictures hack. They infiltrated Sony’s network, stealing and leaking confidential data, including unreleased films, employee emails, and financial records. The attack also involved destructive malware that wiped company systems.

Answer 87

Interception modification Interruption Fabrication

Answer 88

Confidentiality (threatened by interception) Integrity (modification) Availability (Interruption) Authenticity (fabrication) Non-Repudiation (fabrication)

Answer 89

Symmetric - a single private cryptographic key is used by sender and receiver for encryption and decryption Stream cipher - encrypt one bit at a time Block cipher - encrypt group bits at a time Asymmetric - Public key is sent, Receiver has their private key to decrypt

Answer 90

Advanced Encryption Standard -very fast encryption

IS 414 Flashcards

(115 cards)