Module 2

Question 1

What is Risk Management?

Answer 1

The process of identifying, prioritizing, managing, and monitoring risks to information systems

Question 2

What are the common ways to manage risk?

Answer 2

Risk acceptance, risk reduction, and risk transfer

Question 3

How is the term Hacker used?

Answer 3

To describe a threat actor

Question 4

White hat hackers

Answer 4

Ethical hackers use their skills for good, ethical, and legal purposes

Question 5

Grey hat hackers

Answer 5

Individuals who commit crimes and do unethical things, but not for personal gain or to cause damage

Question 6

Black hat hackers

Answer 6

Criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks

Question 7

What are the different types of threat actors?

Answer 7

Script kiddies, vulnerability brokers, hacktivists, cybercriminals, and state-sponsored hackers

Question 8

How have attack tools developed?

Answer 8

They became more sophisticated and highly automated

Question 9

What are some attack tools?

Answer 9

Password crackers, wireless hacking tools, network security scanning and hacking tools, packet crafting tools, packet sniffers, rootkit detectors, fuzzers to search vulnerabilities, forensic tools, debuggers, hacking operating systems, encryption tools, vulnerability exploration tools, and vulnerability scanners

Question 10

What are the different categories of attacks?

Answer 10

eavesdropping attacks, data modification attacks, IP address spoofing attacks, password-based attacks, denial-of-service attacks, man-in-the-middle attacks, compromised key attacks, and sniffer attacks

Question 11

Why do threat actors try to trick users into installing malware?

Answer 11

To help exploit end-device vulnerabilities

Question 12

Antimalware software cannot be updated quickly enough to stop new threats. (T/F)

Answer 12

True

Question 13

What are the three common types of malware?

Answer 13

Virus, worm, and Trojan horse

Question 14

What is a virus?

Answer 14

A type of malware that spreads by inserting a copy of itself into another program

Question 15

How do most viruses spread?

Answer 15

Through USB memory drives, CDs, DVDs, network shares, and email

Question 16

What is a Trojan horse?

Answer 16

A software that appears to be legitimate, but it contains malicious code that exploits the privileges of the user that runs it

Question 17

Where are Trojans often found?

Answer 17

In online games

Question 18

How are Trojans classified?

Answer 18

According to the damage they cause

Question 19

What are the different types of Trojans?

Answer 19

Remote-access, data-sending, destructive, proxy, FTP, security software, disabler, DoS, and keylogger

Question 20

How are worms similar to viruses?

Answer 20

They replicate and can cause the same type of damage

Question 21

What do Viruses need to run?

Answer 21

A host program

Question 22

How do worms run?

Answer 22

They can run by themselves

Question 23

What are the three components worm attacks consist of?

Answer 23

Enabling vulnerability, propagation mechanism, and payload

Question 24

What is the most dominant malware currently?

Answer 24

Ransomware

Question 25

How does ransomware work?

Answer 25

It denies access to the infected system or its data. The cybercriminals then demand payment to release the computer system

Question 26

Other malware besides viruses, worms, and Trojan horse

Answer 26

Spyware, adware, scareware, phishing, and rootkits

Question 27

Three major categories of attacks from outside the network

Answer 27

Reconnaissance, access, and DoS attacks

Question 28

What is reconnaissance?

Answer 28

Information gathering. Threat actors do unauthorized discovery and mapping systems, services, or vulnerabilities

Question 29

Examples of using Reconnaissance before access or DoS attacks

Answer 29

Performing an information query of a target, initiating a ping sweep of the target network, initiating a port scan of active IP addresses, running vulnerability scanners, and running exploitation tools

Question 30

What do access attacks exploit?

Answer 30

Known vulnerabilities in authentication services, FTP services, and web services

Question 31

Access attacks

Answer 31

Password attacks, spoofing attacks, trust exploitation attacks, port redirections, man-in-the-middle attacks, and buffer overflow attacks

Question 32

How does access attack social engineering work?

Answer 32

Attempts to manipulate individuals into performing unsafe actions or divulging confidential information

Question 33

Social engineering attack methods

Answer 33

Pretexting, phishing, spear phishing, spam, something for something, baiting, impersonation, tailgating, shoulder surfing, and dumpster diving

Question 34

Two major DoS attacks

Answer 34

overwhelming quantity of traffic, and maliciously formatted packets

Question 35

What is the difference between DoS and DDoS attacks?

Answer 35

DDoS attacks increase in magnitude because they originate from multiple, coordinated sources

Question 36

What are the terms that describe DDoS attacks?

Answer 36

zombies, bots, botnet, handlers, and botmaster

Question 37

What is Mirai?

Answer 37

A malware that targets IoT devices configured with default login information

Question 38

What does Mirai do?

Answer 38

It uses a brute-force dictionary attack. After successful access, it targets the Linux-based BusyBox utilities that are designed for these devices

Question 39

What is the goal of a threat actor when using a buffer overflow DoS attack?

Answer 39

To find a system memory-related flaw on a server and exploit it

Question 40

What does overwhelming the buffer memory with unexpected values do to a system?

Answer 40

It renders it inoperable, creating a DoS attack

Question 41

Many attacks use stealthy evasion techniques to disguise an attack payload (T/F)

Answer 41

True

Question 42

Evasion methods

Answer 42

encrypting and tunneling, resource exhaustion, traffic fragmentation, protocol-level misinterpretation, traffic substitution, traffic insertion, pivoting rootkits, and proxies

Question 43

Attack surface

Answer 43

The total sum of vulnerabilities in a given system that are accessible to an attack. It also describes different points where an attacker could get into a system, and where they could get data out of the system

Question 44

Exploit

Answer 44

The mechanism that is used to leverage a vulnerability to compromise an asset. They could be remote and local.

Question 45

Remote Exploit

Answer 45

Works over the network without any prior access to the target system. The attacker does not need an account in the end system to exploit the vulnerability.

Question 46

Local Exploit

Answer 46

The threat actor has some type of user or administrative access to the end system. It does not necessarily mean that the attacker has physical access to the end system

Question 47

Risk

Answer 47

The likelihood that a particular threat will exploit a particular vulnerability of an asset and result in an undesirable consequence

Question 48

Risk acceptance

Answer 48

This is when the cost of risk management options outweighs the cost of the risk itself. The risk is accepted

Question 49

Risk avoidance

Answer 49

This means avoiding any exposure to the risk by eliminating the activity or device that presents the risk. By eliminating an activity to avoid risk, any benefits gained from the operation or activity that is at risk

Question 50

Risk reduction

Answer 50

Reduces exposure to risk or reducing the impact of risk by taking action to decrease the risk.

Question 51

What is the most commonly used mitigation strategy?

Answer 51

Risk reduction

Question 52

What does risk reduction require?

Answer 52

Careful evaluation of the costs of loss, the mitigation strategy, and the benefits gained from the operation or activity that is at risk

Question 53

Risk transfer

Answer 53

Some or all of the risk is transferred to a willing third party such as an insurance company

Question 54

Countermeasure

Answer 54

The actions that are taken to protect assets by mitigating a threat or reducing risk

Question 55

Impact

Answer 55

The potential damage to the organization that is caused by the threat

Question 56

Which exploit requires inside network access such as a user with an account on the network? Local or remote?

Answer 56

Local exploit

Question 57

What is a script kiddie?

Answer 57

Refers to teenagers or inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically not for profit

Question 58

What is a vulnerability broker?

Answer 58

Grey hat hackers who attempt to discover exploits and report them to vendors sometimes for prizes or rewards

Question 59

What are hacktivists?

Answer 59

Grey hat hackers who rally and protest against different political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks

Question 60

What is a cybercriminal?

Answer 60

Black hat hackers who are either self-employed or working for large cybercrime organizations. Each year, cybercriminals are responsible for streaming billions of dollars from consumers and businesses

Question 61

What is a state-sponsored hacker?

Answer 61

Threat actors who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations. Most countries in the world participate

Question 62

Where do cybercriminals operate?

Answer 62

In an underground economy where they buy, sell, and trade exploits and tools. They also buy and sell personal information and intellectual property that they steal from victims

Question 63

What do cybercriminals target?

Answer 63

Small businesses and consumers, as well as enterprises and industries