S3, M1-M? Flashcards
(128 cards)
1
Q
What are the four highest security concerns for senior executives?
A
B - Breaches of Data
T - Theft
R - Regulatory NonCompliance
S - Service Disruptions
2
Q
What is a service disruption?
A
unplanned event that causes general system to be inoperable for an unacceptable length of time
3
Q
What types of business and sector does the ISO/IEC 27001 apply to?
A
any business in any section
4
Q
What is a cyberattack (3-part definition)?
A
- any kind of malicious activity that
- targets computers (broadly), and
- attacks to influence the system or its resources
5
Q
The impacts of a cyberattack can extend to what four groups?
A
- organization
- customers
- vendors
- partner organizations
6
Q
What is a threat agent (3-part definition)?
A
- internal or external attacker
- that could negatively impact data security
- through theft, manipulation, or control of sensitive information/systems
7
Q
T/F: A threat agent can be someone inside the organization.
A
True.
8
Q
What is the usual goal of a threat agent?
A
financial gain
9
Q
What is an attacker/threat actor/hacker?
A
individuals or groups of individuals (hacking rings, APTs) that target people or organizations to gain access to systems, networks, and data
10
Q
What is an adversary?
A
interests in conflict with the organization
11
Q
What is a government/state-sponsored actor?
A
funded, directors, or sponsored by nations (think espionage)
12
Q
What are hactivists?
A
groups of hackers that promote certain social causes or political agendas
13
Q
What types of targets do hacktivists usually stay away from?
A
hospitals, churches, etc.
14
Q
What are insiders?
A
employees
15
Q
Why do insiders pose such a serious threat to organizations?
A
because of the level of access that they have
16
Q
Does an insider threat actor have to had come into the organization with the goal to hack them later?
A
No, they could have organically grown their malicious intent over time.
17
Q
What is an external threat?
A
one that is outside the organization
18
Q
What are network-based attacks?
A
attacks that target the infrastructure of a network, including switches, routers, servers, and cabling
19
Q
What are backdoors and trapdoors (network-based attacks)?
A
create a simple entry point and exit point to the network that is undocumented
20
Q
Why do backdoors and trapdoors exist?
A
for developers to gain quick access
21
Q
What are covert channels (network-based attacks)?
A
transmit data in small parts, in ways not originally intended
22
Q
What is an example to illustrate covert channels?
A
In a foreign currency translation, a hacker reroutes any excess money beyond two decimal places (ex: $50.356, take the 0.006). This grows to be larger over time.
23
Q
What is a storage channel (covert channel)?
A
modify a storage location to transmit data
24
Q
What is a timing channel (covert channel)?
A
use delay in transmitting data packets to hide the re-route
25
What is a buffer overflow (network-based attack)?
overload a program's buffer to lock up the machine and take advantage
26
What is a buffer?
temporary storage
27
One key differnece between a buffer overflow and denial of service is the ultimate goal of the attacker. What is the difference here?
Buffer Overflow Goal: inject malicious code
DoS Goal: disrupt service availability
28
What is a denial of service attack (network-based attack)?
flood system with large volume of traffic so that it can no longer respond
29
What is a distributed denial of service attack (network-based attack)?
multiple attackers work in unison to flood the system
30
What is more powerful, DoS or DDoS?
DDoS
31
What is a key word to remember for man in the middle attacks?
eavesdropping
32
What is a man in the middle attack (network-based attack)?
attacker intercepts communications, reading or redirecting traffic
33
What is port scanning attack (network based attack)?
scanning for misconfigured open ports (logical ports, not physical)
34
Is it common for a company to have open ports?
Yes, but they need to be configured and secured correctly.
35
What is a ransomware attack?
malware that locks you out until you pay a ransom
36
What is a reverse shell attack? What is an example?
victim grants access to attacker, come in behind firewall to remotely control machine (ex: IT support)
37
How does firewall protection not prevent a reverse shell attack?
because the connection originates within the firewall
38
What is a replay attack? What type of attack is this?
type of MITM attack, intercept communication and replay it later to gain access to network/data
39
In a replay attack, does the hacker need to be able to decrypt the message?
No, because they are already inside the company's network.
40
What are return-oriented attacks?
use pieces of original system code to do what the hacker wants (end with "return")
41
What is spoofing?
impersonating someone to obtain unauthorized access
42
What is address resolution spoofing?
manipulating the mapping of MAC and IP addresses to channel messages to alternate destinations
43
What is DNS spoofing?
modifying domain name to IP address mapping
44
What is hyperlink spoofing?
alter hyperlink URLs that redirect you to a nefarious location
45
What does a DNS server do?
translate domain names to IP addresses
46
What are application-based attacks?
target specific software or applications
47
What is a SQL injection?
put SQL code into web server to get information from database server
48
What is cross site scripting?
inject code into company's website that attacks users visiting the website
49
What is the difference between cross site scripting and SQL injections?
the target of the attack
SQL injection targets database, XSS targets website to compromise user data
50
What is a race condition?
exploit application that relies on specific sequence of operations (perform out of order to override controls)
51
What is another word for malicious mobile code?
a virus
52
What is a virus?
program designed to move from computer to computer to infect other applications
53
What is an overwrite virus?
deletes information
54
What is a multi-partite virus?
mixture of infection methods used
55
What is a parasitic virus?
"lives off" a legitimate host, launches when application launches
56
What is a polymorphic virus?
mutates to avoid detection
57
What is a resident virus?
installs a copy of itself onto a computer's memory
58
What is a host-based attack?
targets a single host (device)
59
What is a brute-force attack?
use an automated program that attempts to guess a password
60
What is keystroke logging?
tracks the sequence of keys to collect confidential data
61
T/F: A virus is a type of malware.
True.
62
What is another term for keystroke logging?
trojan horse
63
What is a rogue mobile app?
malicious app that appears legitimate but steals information
64
What are social engineering attacks?
uses psychological manipulation or deception to get employees to assist attackers
65
What is the primary medium used by attackers to gain trust for social engineering attacks?
interaction throug email/text
66
What is phishing?
use emails that appear authentic to request information or direct to website taking info
67
What is spear phishing?
more directed form of phishing
68
What is business email compromise?
phishing that targets executives and high-ranking individuals
69
What is pretexting in phishing?
creating a fake scenario to create a sense of urgency to act
70
What is catfishing?
creating a fake online persona to lure a victim
71
What is pharming?
entering personal info into a website that imitates a legit website
72
What is vishing?
using Voice over Internet Protocol (phone calls) to phish
73
What is piggybacking (physical attack)?
sliding in through the door behind someone (using their authorization)
74
What are supply chain attacks?
target production and distribution of goods within a supply chain
75
What is embedded software code (supply chain attack)?
putting a virus onto software that a company purchases
76
What is a foreign sourced attack (supply chain)?
government conducts surveillance, control over data
77
What is a watering hole attack (supply chain)?
attack websites that suppliers, customers, etc. "hang-out" or visit frequently
78
What is escalation of priveleges in a cyber attack?
gain higher levels of access once in the system
79
Explain the concept of additional industry exposure for cloud computing risks.
If we share a cloud computing environment with another company in a different industry, and that industry is dealing with increased risk, we are exposed to that too.
80
What is equally as important for a hacker as getting in?
hiding how they got in so that the organization does not catch on
81
How can loss of control create additional cybersecurity risk for cloud environments?
upgrades or changes to cybersecurity measures may not be timely enough
82
What two aspects of mobile devices create additional risk for companies?
- mobility
- lack of oversight
83
What is threat modeling?
the process of identifying, analyzing, and mitigating threats
84
What is the threat landscape?
total *range of potential threats* than an organization may face
85
What is a way to assess the threat landscape?
using threat intelligence platforms
86
What is a reduction analysis?
decomposing the asset to understand how it interacts with potential threats
87
What are two ways to measure the impact of a potential attack?
quantitative and qualitative
88
What are the three most common methodologies for threat models?
PASTA, VAST, STRIDE
89
How many stages are in the PASTA threat model?
7
90
Risks and countermeasures in the PASTA threat model are prioritized based on what?
the value of the assets being protected
91
The VAST threat model is based on what methodology?
agile project managemetn
92
Who developed the STRIDE threat model?
Microsoft
93
Whenever possible, information should have what four traits?
F - Fair
A - Accurate
C - Complete
T - Timely
94
What is the hierarchy of security rules?
P - Policies
S - Standards
P - Procedures
95
What are security standards?
used as a benchmark to accomplish goals set by security policies
95
What are security policies?
an overview of an org's security needs and strategic plan for what should be implemented
96
What are security procedures?
detailed documents that outline how to perform processes
97
What is an acceptable use policy (3)?
control document created to regulate and protect technology resources by doing the following three things:
- assign responsibility based on job roles,
- list acceptable behaviors by employees and vendors, and
- specify consequences of those who violate the AUP
98
Having AUPs specific to ___ devices is especially important today.
mobile
99
What is a bring your own device policy?
allows employees to use their personally owned devices for work-related activities
100
What type of balance does a company need to strike when it comes to a BYOD policy?
privacy and surveillance
101
What data on a personal device used for work is owned by the company?
work-related data
102
T/F: All standard operating procedures should be contained in a central document.
False, they should be segmented so that each user only has SOPs related to their role.
103
A network is a system of ___ and ___ devices that are connected using ____ ___ or ____ technology that communicate using a mixture of different _____.
physical, virtaul, wired cables, wireless, protocols
104
What is an access point (network hardware)?
device that lets wireless devices connect to a wired network using Wi-Fi
105
What is a bridge (network hardware)?
connects separate networks using the same protocol
106
What what level of the OSI model does a bridge operate?
data link layer
107
What what level of the OSI model does a gateway operate?
anywhere, but typically the application layer
108
What is a hub (network infrastructure)?
link multiple systems and decies using the same protocol within a single network (receive data packets and forward)
109
What do switches have that hubs do not (3)?
- more ports
- more robustness
- ability to share packet filters
110
Can you have more than 1 router? Can you have more than 1 switch?
You only need 1 router, but you can have multiple switches (to create more ports).
111
What are proxies?
form of gateway that does not translate protocols but acts like a mediator that performs functions on behalf of another network
112
What are signal modifiers?
receive signals and modify by increasing strength, combining, or regenerating the signal
113
What is network segmenetation?
controlling network traffic so that it is inaccessible or separated (pocketed isolation)
114
What is a SSID?
name assigned to a wireless network
115
How can you enhance network security using SSIDs?
disable broadcasting so that the name does not show up when others are trying to connect (have to enter manually)
115
What is a virtual private network built upon?
existing physical networks
116
What are two encryption protocols used by VPNs?
- tunnelling
- Internet Protocol Security (IPsec)
117
What is tunnelling?
data in one protocol are encapsulated in packets within a different protocol
118
What is IPsec?
uses cryptography to encrypt *certain pieces of data*, secure IP addressing
119
What is WiFi protected access?
encrypts wireless internet connections
120
Can WiFi Protected Access encrypt traffic traveling through a wired connection?
No, only wireless communications.
121
What does WPA2 do?
adds another layer of data encryption
122
What does WPA3 do?
enhance security further with more sophisticated encryption, secure handshakes, and stronger password protections
123
What is endpoint security?
local, device-level security (malware screening software, authentication, local firewall, intrusion detection)
124
What is another word for access points through which a company can be attacked?
attack vectors
125
When should tests on servers be performed? Why?
after business hours, to minimize business disruption
126
