Lecture 2b

Question 2

What is penetration testing?

Answer 2

Penetration testing attempts to exploit vulnerabilities to uncover new vulnerabilities

Question 3

Why is planning the most important step in a penetration test?

Answer 3

Planning prevents test creep and avoids unnecessary legal issues.

Question 4

Why conduct a penetration test instead of just a network scan?

Answer 4

Network scans find only surface problems and are often automated

Question 5

Who can perform penetration tests internally?

Answer 5

Internal security personnel.

Question 6

What are advantages of internal penetration testers?

Answer 6

Little or no additional cost

Question 7

What are disadvantages of internal penetration testers?

Answer 7

Inside knowledge may bias results

Question 8

Who are external penetration testers?

Answer 8

Contracted pen testing consultants.

Question 9

What are advantages of external pen testing consultants?

Answer 9

Expertise

Question 10

What is a disadvantage of external pen testing consultants?

Answer 10

Risk that sensitive information could be sold to competitors.

Question 11

What is crowdsourced penetration testing?

Answer 11

Using many testers via the internet with bug bounty programs rewarding vulnerability discovery.

Question 12

What are advantages of crowdsourced penetration testers?

Answer 12

Faster testing

Question 13

What do rules of engagement in penetration testing define?

Answer 13

The limitations or parameters of the test.

Question 14

Name three categories of rules of engagement.

Answer 14

Timing

Question 15

What does timing in rules of engagement specify?

Answer 15

When testing will occur including start/stop dates and if during business hours.

Question 16

What does scope in rules of engagement include?

Answer 16

Test boundaries like environment

Question 17

What is required before starting a penetration test under authorization rules?

Answer 17

Prior written approval signed by all parties.

Question 18

What does exploitation mean in rules of engagement?

Answer 18

The level of vulnerability exploitation allowed during the test.

Question 19

When should pen testers communicate with the organization?

Answer 19

At initiation

Question 20

What does cleanup involve after a penetration test?

Answer 20

Removing all test-related software

Question 21

What should a penetration test report include?

Answer 21

Objectives

Question 22

What are the two main phases of performing a penetration test?

Answer 22

Reconnaissance and penetration.

Question 23

What is footprinting in reconnaissance?

Answer 23

Gathering preliminary information from outside the organization.

Question 24

What is active reconnaissance?

Answer 24

Directly probing for vulnerabilities that may alert security.

Question 25

What is passive reconnaissance?

Answer 25

Gathering information without raising alarms

Question 26

What is war driving?

Answer 26

Searching for wireless signals while moving in a vehicle or on foot.

Question 27

What is war flying?

Answer 27

Searching for wireless signals using drones or UAVs.

Question 28

What does phase two penetration involve?

Answer 28

Simulating threat actor actions to compromise network systems progressively.

Question 29

What does pivoting mean in penetration testing?

Answer 29

Using one compromised system to access others toward the ultimate target.

Question 30

Why must penetration tests be manual and carefully designed?

Answer 30

To mimic threat actors and adapt to vulnerabilities thoughtfully.

Question 31

What is vulnerability scanning?

Answer 31

A frequent ongoing process to identify vulnerabilities and monitor cybersecurity progress.

Question 32

How does vulnerability scanning differ from penetration testing?

Answer 32

Scanning is continuous and automated; penetration testing is manual and periodic.

Question 33

What are two main types of vulnerability scans?

Answer 33

Credentialed and non-credentialed scans.

Question 34

What is a credentialed scan?

Answer 34

A scan using valid authentication credentials to mimic a threat actor.

Question 35

What is an intrusive scan?

Answer 35

A scan that attempts to exploit found vulnerabilities.

Question 36

What is a non-intrusive scan?

Answer 36

A scan that only detects vulnerabilities without exploiting them.

Question 37

What should be defined before conducting a vulnerability scan?

Answer 37

Target devices

Question 38

What is important when examining vulnerability scan results?

Answer 38

Assessing importance

Question 39

What are false positives in vulnerability scanning?

Answer 39

Alarms triggered without actual vulnerabilities.

Question 40

How can false positives be identified?

Answer 40

By correlating scan data with internal data like log files.

Question 41

What is threat hunting in relation to vulnerability scanning?

Answer 41

Using proactive searches to enhance vulnerability detection.

Question 42

What are two data management tools used for collecting and analysing vulnerability scan data?

Answer 42

Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR)

Question 43

What does SIEM stand for?

Answer 43

Security Information and Event Management

Question 44

List three typical features of a SIEM tool.

Answer 44

Aggregation, Correlation, Automated alerting and triggers

Question 45

What feature of SIEM ensures all logs are in sync by time?

Answer 45

Time synchronisation

Question 46

What is the purpose of event duplication in SIEM?

Answer 46

To identify and manage repeated events

Question 47

What additional analysis can SIEM perform related to threat actors' communications?

Answer 47

Sentiment analysis

Question 48

What is sentiment analysis used for in cybersecurity?

Answer 48

Identifying and categorising opinions to determine the writer's attitude

Question 49

What does SOAR stand for?

Answer 49

Security Orchestration Automation and Response

Question 50

How does SOAR differ from SIEM?

Answer 50

SOAR combines more comprehensive data gathering and automates incident responses

Question 51

What is threat hunting?

Answer 51

Proactively searching for cyber threats that have gone undetected in a network

Question 52

What critical premise does threat hunting start with?

Answer 52

Threat actors have already infiltrated the network

Question 53

Name two types of crowdsourced attack data used in threat hunting.

Answer 53

Advisories and bulletins, Cybersecurity threat feeds

Question 54

What is security management focused on?

Answer 54

Ensuring the protection of assets, people, and information

Question 55

Why is security management important for businesses?

Answer 55

To prevent legal consequences, financial losses, and reputation damage

Question 56

What are the three principles in the CIA triad?

Answer 56

Confidentiality, Integrity, Availability

Question 57

Define confidentiality in the CIA triad context.

Answer 57

Only approved individuals can access sensitive information

Question 58

Give an example illustrating confidentiality.

Answer 58

Protecting a credit card number used for online purchase from unauthorized access

Question 59

What does integrity ensure in information security?

Answer 59

Information is correct and unaltered by unauthorized persons or malicious software

Question 60

Give an example of an integrity violation.

Answer 60

Changing a purchase amount from $10,000 to $1

Question 61

What is availability in the CIA triad?

Answer 61

Authorized users can access information when needed

Question 62

Why is availability important in business operations?

Answer 62

It supports continuous operations and business continuity

Question 63

List one pro and one con of confidentiality from the CIA triad.

Answer 63

Pro: Privacy protection; Con: Complex access management

Question 64

List one pro and one con of integrity from the CIA triad.

Answer 64

Pro: Data accuracy; Con: Resource intensive

Question 65

List one pro and one con of availability from the CIA triad.

Answer 65

Pro: Continuous operations; Con: Vulnerable to DDoS attacks

Question 66

Name four types of external cybersecurity resources available to organizations.

Answer 66

Frameworks, Regulations, Legislation, Standards

Question 67

What is a cybersecurity framework?

Answer 67

A series of documented processes defining policies and procedures for security controls

Question 68

Name two common cybersecurity frameworks.

Answer 68

NIST, ISO

Question 69

What are the five core functions of the NIST Cybersecurity Framework?

Answer 69

Identify, Protect, Detect, Respond, Recover

Question 70

What does the Identify function in NIST CSF involve?

Answer 70

Understanding and managing cybersecurity risk related to systems, people, assets, data, and capabilities

Question 71

What is the purpose of the Protect function?

Answer 71

To develop and implement safeguards to limit or contain cybersecurity event impacts

Question 72

What does the Detect function focus on?

Answer 72

Timely discovery of cybersecurity events

Question 73

What is the main goal of the Respond function?

Answer 73

To take action to contain the impact of detected cybersecurity incidents

Question 74

What does the Recover function ensure?

Answer 74

Timely recovery to normal operations after cybersecurity incidents

Question 75

What are 'Categories' in the NIST CSF framework?

Answer 75

Groups of cybersecurity outcomes within each Function tied to specific activities

Question 76

What are 'Subcategories' in the NIST CSF framework?

Answer 76

Specific technical or management outcomes that support the Categories

Question 77

What are 'Informative References' in the NIST CSF?

Answer 77

Standards and guidelines illustrating methods to achieve Subcategory outcomes

Question 78

What is regulatory compliance?

Answer 78

The process of adhering to regulations set by professional organizations or government agencies

Question 79

Give examples of cybersecurity regulation categories.

Answer 79

Broadly applicable, Industry-specific, U.S. state, International regulations

Question 80

What is the role of legislation in cybersecurity?

Answer 80

Laws enacted by national, territorial, or state governments to govern cybersecurity practices

Question 81

What is a cybersecurity standard?

Answer 81

A document approved by recognized bodies providing framework, rules, or guidance for security

Question 82

Give an example of a cybersecurity standard.

Answer 82

Payment Card Industry Data Security Standard (PCI DSS)

Question 83

What are benchmarks or secure configuration guides?

Answer 83

Guidelines distributed by manufacturers to configure devices or software to be resilient to attacks

Question 84

List three platforms or devices that may have specific secure configuration guides.

Answer 84

Network infrastructure devices, Operating systems, Web servers

Question 85

Name some common information sources for cybersecurity.

Answer 85

Vendor websites, Conferences, Academic journals, Local industry groups, Social media

Question 86

What is a Request for Comments (RFC) in cybersecurity?

Answer 86

Documents authored by experts detailing technical standards or protocols

Question 87

What is penetration testing?

Answer 87

Attempting to exploit vulnerabilities like a threat actor would to assess security

Question 88

What is the first phase of a penetration test called?

Answer 88

Reconnaissance or footprinting

Question 89

Are vulnerability scans continuous or single events?

Answer 89

Vulnerability scans can be continuous or periodic, penetration tests are usually single events

Question 90

Which two tools are used for collecting and analysing security event data?

Answer 90

SIEM and SOAR