Prac 1 Flashcards
(20 cards)
- After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?
a. Security administrator
b. Security technician
c. Security officer
d. Security manager
Analysis:
a. Incorrect. A security administrator manages daily operations of security technology and may analyze and design security solutions within a specific entity as well as identifying users’ needs.
b. Incorrect. This position is generally an entry-level position for a person who has the necessary technical skills. Technicians provide technical support to configure security hardware, implement security software, and diagnose and troubleshoot problems.
c. Incorrect. A security officer is not one of the generally recognized security positions.
d. Correct. The security manager reports to the CISO and supervises technicians, administrators, and security staff.
- Which of the following is true regarding the relationship between security and convenience?
a. Security and convenience are inversely proportional.
b. Security and convenience have no relationship.
c. Security is less importance than convenience.
d. Security and convenience are equal in importance.
Analysis:
a. Correct. The relationship between these two is inversely proportional so that as security is increased, convenience is decreased.
b. Incorrect. There is a relationship between security and convenience.
c. Incorrect. Security is never less important than convenience.
d. Incorrect. Security and convenience are not equal in importance.
- Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it?
a. Confidentiality
b. Integrity
c. Availability
d. Assurance
Analysis:
a. Incorrect. Confidentiality ensures that only authorized parties can view the information.
b. Correct. Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data.
c. Incorrect. Availability ensures that data and resources are accessible to authorized users in a timely manner.
d. Incorrect. Assurance is not part of the CIA Triad.
- Which of the following is not used to describe those who attack computer systems?
a. Threat actor
b. Hacker
c. Malicious agent
d. Attacker
Analysis:
a. Incorrect. In cybersecurity, a threat actor is individuals or entities who are responsible for cyber incidents against the technology equipment of enterprises and users.
b. Incorrect. In the past, the term hacker referred to a person who used advanced computer skills to attack computers
c. Correct. A threat actor is also called a malicious actor, not a malicious agent.
d. Incorrect. The generic term attackers is commonly used.
- Which of the following is not true regarding security?
a. Security is a goal.
b. Security includes the necessary steps to protect from harm.
c. Security is a process.
d. Security is a war that must be won at all costs.
Analysis:
a. Incorrect. Sometimes security is defined as the state of being free from danger, which is the goal of security.
b. Incorrect. Since complete security can never be fully achieved, the focus of security is more often on the process instead of the goal. In this light, security can be defined as the necessary steps to protect from harm.
c. Incorrect. Since complete security can never be fully achieved, the focus of security is more often on the process instead of the goal.
d. Correct. Information security should not be viewed as a war to be won or lost. Just as crimes such as burglary can never be completely eradicated, neither can attacks against technology devices. The goal is not a complete victory but, instead, maintaining equilibrium: as attackers take advantage of a weakness in a defense, defenders must respond with an improved defense. Information security is an endless cycle between attacker and defender.
- Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose?
a. Fortune
b. Fame
c. Financial gain
d. Personal security
Analysis:
a. Incorrect. Later threat actors purposed fortune, not the first cyberattackers.
b. Correct. Early cyberattackers were trying to show off their skills to generate fame.
c. Incorrect. Financial security is the same as fortune, and later threat actors pursued fortune.
d. Incorrect. Threat actors do not try to achieve personal security through their attacks.
- Which of the following ensures that only authorized parties can view protected information?
a. Authorization
b. Confidentiality
c. Availability
d. Integrity
Analysis:
a. Incorrect. Authorization provides approval to access.
b. Correct. Confidentiality ensures that only authorized parties can view the information.
c. Incorrect. Availability ensures that data is accessible to only authorized users in a timely manner.
d. Incorrect. Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data.
- Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
a. Black hat hackers
b. White hat hackers
c. Gray hat hackers
d. Red hat hackers
Analysis:
a. Incorrect. Black hat hackers are threat actors who violate computer security for personal gain (such as to steal credit card numbers) or to inflict malicious damage (corrupt a hard drive).
b. Correct. Also known as ethical attackers, these white hat hackers attempt to probe a system (with an organization’s permission) for weaknesses and then privately provide that information back to the organization.
c. Incorrect. Gray hat hackers are attackers who attempt to break into a computer system without the organization’s permission (an illegal activity) but not for their own advantage; instead, they publicly disclose the attack in order to shame the organization into taking action.
d. Incorrect. There is no category of red hat hackers.
- Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.
a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network
b. through a long-term process that results in ultimate security
c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources
d. through products, people, and procedures on the devices that store, manipulate, and transmit the information
Analysis:
a. Incorrect. All analog devices and not just limited analog devices can be protected through security.
b. Incorrect. Security never results in ultimate protection.
c. Incorrect. The appropriateness of the interaction does not play a role in security.
d. Correct. The products, people, and procedures on the devices that store, manipulate, and transmit the information provide the security.
- Which of the following groups have the lowest level of technical knowledge?
a. Script kiddies
b. Hactivists
c. State actors
d. Insiders
Analysis:
a. Correct. Script kiddies are individuals who want to perform attacks, yet they lack the technical knowledge to carry out these attacks. Script kiddies instead do their work by downloading freely available automated attack software (scripts) and use it to perform their malicious acts.
b. Incorrect. Hactivists generally have good technical knowledge.
c. Incorrect. State actors have excellent technical knowledge.
d. Incorrect. Insiders generally have good technical knowledge.
- Which of the following groups use Advanced Persistent Threats?
a. Brokers
b. Criminal syndicates
c. Shadow IT
d. State actors
Analysis:
a. Incorrect. These sell their knowledge of a weakness to other attackers or governments.
b. Incorrect. Criminal syndicates are moving from traditional criminal activities to more rewarding and less risky online attacks.
c. Incorrect. Shadow IT are employees who become frustrated with the slow pace of acquiring technology, so they purchase and install their own equipment or resources in violation of company policies.
d. Correct. These attacks use innovative attack tools (advanced) and once a system is infected it silently extracts data over an extended period of time (persistent). APTs are most commonly associated with state actors.
- Which of the following is not a reason why a legacy platform has not been updated?
a. Limited hardware capacity
b. An application only operates on a specific OS version
c. Neglect
d. No compelling reason for any updates
Analysis:
a. Incorrect. Because an update may depend upon the system’s hardware, having limited hardware capacity may prevent an update.
b. Incorrect. Some applications can only operate on a specific OS version.
c. Incorrect. Overlooking a system that is rarely used can cause updates to not be installed.
d. Correct. There is always a reason to install updates, and that reason is security.
- How do vendors decide which should be the default settings on a system?
a. Those that are the most secure are always the default settings.
b. There is no reason behind why specific default settings are chosen.
c. Those settings that provide the means by which the user can immediately begin to use the product.
d. The default settings are always mandated by industry standards.
Analysis:
a. Incorrect. Rarely are the most secure settings chosen as default.
b. Incorrect. There is a reason for selecting default settings—those that enable the user to immediately begin utilizing the product.
c. Correct. Default settings are chosen that allow the user to quickly begin using the product.
d. Incorrect. There are no industry standards for default settings.
- Which tool is most commonly associated with state actors?
a. Closed-Source Resistant and Recurrent Malware (CSRRM)
b. Advanced Persistent Threat (APT)
c. Unlimited Harvest and Secure Attack (UHSA)
d. Network Spider and Worm Threat (NSAWT)
Analysis:
a. Incorrect. This is a fictitious name and does not exist.
b. Correct. A class of attacks by that use innovative attack tools to infect and silently extract data over an extended period of time
c. Incorrect. This is a fictitious name and does not exist.
d. Incorrect. This is a fictitious name and does not exist.
- What is the term used to describe the connectivity between an organization and a third party?
a. System integration
b. Platform support
c. Resource migration
d. Network layering
Analysis:
a. Correct. Almost all third parties today require that they can access the organization’s computer network. These external entities have the ability to perform their IT-related functions (such as outsourced code development) and even do basic tasks such as submitting online invoices. This connectivity between the organization and the third party is known as system integration.
b. Incorrect. This is a fictitious name and does not exist.
c. Incorrect. This is a fictitious name and does not exist.
d. Incorrect. This is a fictitious name and does not exist.
- What is an objective of state-sponsored attackers?
a. To right a perceived wrong
b. To amass fortune over of fame
c. To spy on citizens
d. To sell vulnerabilities to the highest bidder
Analysis:
a. Incorrect. The motivation of hactivists is to right a perceived wrong.
b. Incorrect. State attackers are working for a government and not trying to amass a fortune.
c. Correct. Instead of using an army to march across the battlefield to strike an adversary, governments are increasingly employing their own state-sponsored attackers for launching cyberattacks against their foes. These are known as state actors. Their foes may be foreign governments or even citizens of its own nation that the government considers hostile or threatening.
d. Incorrect. Brokers sell vulnerabilities to the highest bidder.
- Which of the following is not an issue with patching?
a. Difficulty patching firmware
b. Few patches exist for application software
c. Delays in patching OSs
d. Patches address zero-day vulnerabilities
Analysis:
a. Incorrect. Firmware, or software that is embedded into hardware, provides low-level controls and instructions for the hardware. Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Some firmware cannot be patched.
b. Incorrect. Outside of the major application software such as Microsoft Office, patches for application software are uncommon. This is because there is no automated process to identify which computers have installed the application, to alert users to a patch, or to distribute the patch.
c. Incorrect. Modern operating systems—such as Red Hat Linux, Apple macOS, Ubuntu Linux, and Microsoft Windows—frequently distribute patches. These patches, however, can sometimes create new problems, such as preventing a custom application from running correctly. Organizations that have these types of applications usually test patches when they are released to ensure that they do not adversely affect any customized applications. In these instances, the organization delays the installation of a patch from the developer’s online update service until the patch is thoroughly tested.
d. Correct. Patches are intended to address vulnerabilities, which includes zero-day vulnerabilities.
- Which of the following is not a recognized attack vector?
a. Supply chain
b. Social media
c. On-prem
d. Email
Analysis:
a. Incorrect. A supply chain is a network that moves a product from the supplier to the customer. Today’s supply chains are global in scope: manufacturers are usually thousands of miles away overseas and not under the direct supervision of the enterprise that is selling the product. The fact that products move through many steps in the supply chain—and that many of these steps are not closely supervised—has opened the door for malware to be injected into products during their manufacturing or storage. Supply chains also serve as third party vulnerabilities.
b. Incorrect. Threat actors will often use social media as a vector for attacks. For example, an attacker may read social media posts to determine when an employee will be on vacation and then call the organization’s help desk pretending to be that employee to ask for “emergency” access to an account
c. Correct. On-prem is a vulnerability and not a recognized attack vector.
d. Incorrect. A large percentage of all malware is delivered through email to an unsuspecting user. The goal is to trick the user to open an attachment that contains malware or click on a hyperlink that takes the user to a fictitious website.
- What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
a. Cyberterrorists
b. Competitors
c. Brokers
d. Resource managers
Analysis:
a. Incorrect. Cyberterrorists attack a nation’s network and computer infrastructure to cause disruption and panic among citizens.
b. Incorrect. Competitors will launch attack against an opponents’ system to steal classified information.
c. Correct. Brokers sell their knowledge of a weakness to other attackers or governments.
d. Incorrect. This is a fictitious term.
- List and describe three of the characteristics of information (a.k.a. CIA characteristics) that must be protected by information security?
Answer:
Three of the characteristics of information that must be protected by information security are:
I. Confidentiality – Confidentiality ensures that only authorized parties can view the information.
II. Integrity – Integrity ensures that the information is correct and no unauthorized person or malicious software has altered that data.
III. Availability – Availability ensures that data is accessible to authorized users.
