Security Overview

Question 1

Information Security

Answer 1

Act of protecting data and info from unauthorized access, unlawful modification, and disruption, disclosure, corruption, and destruction

Question 2

Information Security Systems

Answer 2

Protecting the systems that hold the data

Question 3

CIA Triad

Answer 3

confidentiality, integrity, availability

Question 4

Confidentiality (CIA Triad)

Answer 4

Info has not been disclosed to unauthorized ppl (encryption)

Question 5

Integrity (CIA triad)

Answer 5

info hasn’t been altered or modified without proper authorization (hashes)

Question 6

Availability (CIA Triad)

Answer 6

Info is able to be accessed, stored, and protected at all times

Question 7

AAAs of Security

Answer 7

Authentication, Authorization, Accounting

Question 8

Authentication (AAA of security)

Answer 8

persons identity is established with proof and confirmed by a system

Question 9

5 Methods of Authentication

Answer 9

1. Something you know (user/pass)
2. Something you are (retina scan/fingerprint)
3. Something you have (token, drivers license)
4. Something you do (speak, signature)
5. location

Question 10

Authorization (AAA of security)

Answer 10

occurs when a user is given access to certain part of something

Question 11

Accounting (AAA of security)

Answer 11

tracking of data, computer usage, network resource

Question 12

Non-repudiation

Answer 12

Proof that someone has taken action

Question 13

Security threats

Answer 13

Malware, unauthorized access, system failure, social engineering

Question 14

Malware

Answer 14

malicious software (worms, virus, trojan horse, etc)

Question 15

Unauthorized access

Answer 15

occurs when access to computer resources and data happens without consent of the owner

Question 16

System Failure

Answer 16

BSOD - blue screen of death

Question 17

Social engineering

Answer 17

act of manipulating a user into revealing confidential info performing other detrimental actions

Question 18

Mitigating Threats

Answer 18

Physical Controls
Technical Controls
Admin Controls

Question 19

Physical Controls

Answer 19

alarm systems, locks, fences, doors, badges/id cards, security guards

Question 20

Technical Controls

Answer 20

smart cards, encryption, access control lists (ACLs), intrusion detection systems (IDS), network authentication

Question 21

Admin Controls (Managerial Controls)

Answer 21

policies, procedures, security awareness, contingency, disaster recovery plans (user training is most cost effective)

Question 22

2 Categories of Admin Controls

Answer 22

User procedural controls - org choses to do on its own

Legal/Regulatory - required by law (HIPAA)

Question 23

White Hat

Answer 23

non-malicious hackers who attempt to break into a company’s system at their request (internal/contractors) - penetration testers/ethical hackers

Question 24

Black Hat

Answer 24

People that break into computer systems and networks without authorization or permissions (bad guys)

Question 25

Blue Hat

Answer 25

People who attempt to hack into a network with the permission of a company but are not employed by the company

Question 26

Gray Hat

Answer 26

Hacker without affiliation to a company that attempts to break into a company's network but risks the law. Doesn't necessarily have bad intention, just wants to break in

Question 27

Elite Hacker

Answer 27

find and exploit vulnerabilities before anyone else does (1 in 10,000)

Question 28

Script Kiddie

Answer 28

limited skill and only run other people's exploits and tools

Question 29

Hacktivist

Answer 29

Hackers who are driven by a cause like social change, political agendas, terrorism

Question 30

Organized Crime

Answer 30

hackers who are part of a crime group that is well funded and highly sophisticated

Question 31

Advanced Persistent Threats (APTs)

Answer 31

highly trained and highly funded groups of hackers, funded by nation states with covert and open source intelligence at their disposal (russia/china)

Question 32

Threat Intelligence Sources

Answer 32

``` Timeliness Relevancy Accuracy Confidence Level Open Source Proprietary Open Source Intelligence (OSINT) Threat Hunting ```

Question 33

Timeliness

Answer 33

property of intelligence source that ensures it is up to date

Question 34

relevancy

Answer 34

property of an intelligence source that ensures it matches the use cases intended

Question 35

Accuracy

Answer 35

property of an intelligence source that ensures it produces effective results

Question 36

Confidence Levels

Answer 36

property of an intelligence source that ensures it produces qualified statements about reliability

Question 37

MISP Project

Answer 37

codifies the use of the admirability scale for grading data and estimate langugae ``` confirmed probably true possibly true doubtfully true improbable cannot be judged ```

Question 38

Proprietary

Answer 38

threat intelligence is very widely provided as a commercial service offering, where acess to updates and research is subject to a subscription fee

Question 39

Closed Source

Answer 39

data derived from the provider's own research and analysis efforts, such as data from honenets that they operate, plus info mined from it's customers systems suitably anonymized

Question 40

honeynet

Answer 40

network setup with intentional vulnerabilities hosted on a decoy server to attract hackers

Question 41

open source

Answer 41

data that is available to use without subscription, whi may include threat feeds similar to the commercial providers, and may contain reputation lists and malware signature dbs

Question 42

Open source intelligence (OSINT)

Answer 42

methods of obtaining info about a person or org through public records, websites, social media (talos, virustotal, whois)

Question 43

Threat hunting

Answer 43

cyber security technique designed to detect presence of threat that have not been discovered by a normal security monitoring

Question 44

Benefits of Threat Hunting

Answer 44

``` improves detection capabilities integrate intelligence reduces attack surface block attack vectors identify critical access ```

Question 45

Kill Chain

Answer 45

model developed by lockeed martin that describes the stages by which a threat actor progresses a network intrusion

Question 46

Kill Chain Stages

Answer 46

``` Reconaissance Weaponization Delivery Exploitation Installation Command and control (C2) Actions on Objectives ```

Question 47

Reconaissance

Answer 47

the attacker determines what methods to use to complete the phases of attack (should have a good idea of what software and network looks like when completed)

Question 48

Weaponization

Answer 48

attacker couples payload code that will enable access with exploit code that will use vulnerability to execute on the target system

Question 49

Delivery

Answer 49

attacker identifies a vector by which to transmit the weaponized code to target environment

Question 50

Exploitation

Answer 50

weaponized code is executed on the target system by this mechanism

Question 51

installation

Answer 51

mechanism enables weaponized code to run a remote access tool and achieve persistence on the target system

Question 52

Command and Control (C2)

Answer 52

weaponzed code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack

Question 53

Actions on Objections

Answer 53

use access they've achieved to do what they want to. covertly collect info and transfer to remote system (data exfiltration)

Question 54

MITRE ATT&CK Framework

Answer 54

knowledge base maintained by the MITRE corp for listting and explaining specific adversary tactics, techniques, and common knowledge or procedures

Question 55

Diamond Model of intrusion analysis

Answer 55

framework for analyzing cybersecurity incidents and intrusion by exploring the relationship between 4 core features

Question 56

4 core features of Diamond Model of Intrustion Analysis

Answer 56

Adversary Capability infrastructure victim

Question 57

You are at the doctor’s office and waiting for the physician to enter the room to examine you. You look across the room and see a pile of patient records on the physician’s desk. There is no one in the room and your curiosity has gotten the better of you, so you walk across the room and start reading through the other patient records on the desk. Which tenent of security have you just violated? 1. Confidentiality 2. Authentication 3. Integrity 4. Availability

Answer 57

Confidentiality

Question 58

You have just walked up to the bank teller and requested to withdraw $100 from checking account #7654123 (your account). The teller asks for your name and driver’s license before conducting this transaction. After she looks at your driver’s license, she thanks you for your business, pulls out $100 from the cash drawer, and hands you back the license and the $100 bill. What category best describes what the bank teller just did? 1. Accounting 2. Authorization 3. Authentication 4. availability

Answer 58

Authentication

Question 59

You are in the kitchen cooking dinner while your spouse is in the other room watching the news on the television. The top story is about how hackers have been able to gain access to one of the state’s election systems and tamper with the results. Unfortunately, you only heard a fraction of the story, but your spouse knows that you have been learning about hackers in your Security+ course and asks you, “Which type of hacker do you think would be able to do this?” 1. Hackitivists 2. Organized crime group 3. Apts 4. Script kiddies

Answer 59

APTs