Job Interview Prep

Question 1

NIST 800-37

Answer 1

Risk Management Framework (RMF)

Question 2

Explain steps of RMF (NIST 800-37)

Answer 2

Categorize risk, choose controls, implement controls, assess, and continuously monitor controls

Question 3

NIST 800-53

Answer 3

Security and Privacy Controls

Question 4

NIST 800-61

Answer 4

Incident Handling/Response

Question 5

NIST 800-61 (Incident Response Lifecycle)

Answer 5

PDACERP (Prep, Detection, Analysis, Containment, Eradication, Recovery, Post)

Question 6

NIST CSF

Answer 6

NIST Cybersecurity Framework (IPDRR) (Identify, Protect, Detect, Respond, Recover)

Question 7

CIS Security Controls

Answer 7

Center for Internet Security (18 areas of security controls)

Question 8

CIS vs NIST 800-53

Answer 8

CIS is most common controls (narrow), NIST 800-53 much more broad

Question 9

Authenticated vs Unauthenticated Vulnerability Scans

Answer 9

One has access to login credentials for a more in-depth scan, whereas unauthenticated scans don’t have credentials and would be something like what an attacker would see

Question 10

Fuzzy Hashing

Answer 10

Fuzzy hashing helps you to perform similarity analysis - match two files with minor differences based on the fuzzy hash values.

Question 11

C2

Answer 11

Command and Control Infrastructure, also known as C2 or C&C, is the set of tools and techniques that attackers use to maintain communication with compromised devices following initial exploitation.

Question 12

TTPs

Answer 12

TTPs stands for Tactics, Techniques & Procedures. This includes the whole MITRE ATT&CK Matrix, which means all the steps taken by an adversary to achieve his goal, starting from phishing attempts to persistence and data exfiltration.

Question 13

MITRE ATT&CK Matrix

Answer 13

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Question 14

Pass-the-Hash (PtH) attack

Answer 14

A Pass-the-Hash (PtH) attack is a technique where an attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication and lateral access to other networked systems.

Question 15

OSINT

Answer 15

(Open-Source Intelligence)

Question 16

Email Harvesting

Answer 16

Email harvesting is the process of obtaining email addresses from public, paid, or free services.

Question 17

spearphishing attack

Answer 17

phishing email targeted on a specific person

Question 18

watering hole attack

Answer 18

a targeted attack designed to aim at a specific group of people by compromising the website they are usually visiting and then redirecting them to the malicious website of an attacker’s choice.