Chapter 1 & 2 Cybersecurity III Quiz Review

Frotntie🐕💨

(1.1) These attacks are complex and use common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic.

Sophisticated Attacks

A location where security professionals monitor and protect critical information assets across other business functions, such as finance, operations, sales/marketing, etc.

Security Operations Center

A cultural shift within an organization to encourage much more collaboration between developers and systems administrators.

Development and Operations (DevOps)

A single point of contact for the notification of security incidents. This function might be handled by the SOC, or it might be established as an independent business unit.

Computer Incident Response Team, Computer Security Incident Response Team, Computer Emergency Response Team (CIRT, CSIRT, CERT)

(1.2) This security control gives oversight of the information system. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls.

Managerial

Controls such as alarms, gateways, locks, lighting, and security cameras that deter and detect access to premises and hardware. Often placed in a separate category from technical controls.

Physical

This control acts to eliminate or reduce the likelihood that an attack can succeed. Operates before an attack can take place.

Preventative

This control may not prevent or deter access, but will identify and record an attempted or successful intrusion. Operates during an attack.

Detective

This control eliminates or reduces the impact of a security policy violation. Used after an attack.

Corrective

(2.1) This type of threat actor has no account or authorized access to the target system. Actor must infiltrate the security system using unauthorized access, such as breaking into a building or hacking into a network.

External

Prevents an organization from working as it does normally. This could involve an attack on their website or using malware to block access to servers and employee workstations.

Service Disruption

Transfers a copy of some type of valuable information from a computer or network without authorization.

Data exfiltration

Falsifies some type of trusted resource, such as changing the content of a website, manipulating search engines to inject fake sites, or using bots to post false information to social media sites.

Disinformation

Have developed cybersecurity expertise and will use cyber weapons to achieve military and commercial goals. Have been implicated in many attacks, particularly on energy, health, and electoral systems.

Nation-State Actor

The process of manipulating others into providing sensitive information. Sometimes through intimidation and/or sympathy.

Social Engineering

Takes advantage of known vulnerabilities in software and systems. Once a vulnerability has been discovered, an attacker can often steal information, deny services, crash systems and modify/alter information.

Exploitation

Involves implementing multiple security strategies to protect the same asset.

Layering

(2.2) Refers to the means of either eliciting information from someone or getting them to perform some action for the threat actor. It can also be referred to as "hacking the human."

Social Engineering

In the ________________ phase, the attacker takes advantage of the relationship with the target and uses the target to extract information, obtain access, or accomplish the attacker’s purposes in some way.

Exploitation

20. A combination of social engineering and spoofing. It persuades or tricks the target into interacting with a malicious resource disguised as a trusted one, traditionally using email as the vector.

Phishing

21. __________________ means that the threat actor registers a domain name very similar to a real one, such as exannple.com, hoping that users will not notice the difference and assume they are browsing a trusted site or receiving email from a known source.

Typosquatting

22. (2.3) Software that serves a malicious purpose, typically installed without the user's consent (or knowledge).

Malware

23. Refers to malware concealed within an installer package for software that appears to be legitimate. This type of malware does not seek any type of consent for installation and is actively designed to operate secretly.

Trojan

24. An attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware.

Advanced Persistent Threat (APT)

25. Class of malware that modifies system files, often at the kernel level, to conceal its presence.

Rootkit