2.1 Understanding Attacks
What protections can you implement against organized crime threat actors?
- Proper user security training - Implementing email filtering systems - Properly secure and stored data backups
Which of the following is the BEST definition of the term hacker? - A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. - The most organized, well-funded, and dangerous type of threat actor. - A threat actor whose main goal is financial gain. - Any individual whose attacks are politically motivated. - A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention.
A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
Gray hat
A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker.
White hat
A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission is given.
Black hat
A skilled hacker who uses skills and knowledge for illegal or malicious purposes.
Nation state
A sovereign state threat agent that may wage an all-out war on a target and have significant resources for the attack.
Cybercriminal
A subcategory of hacker threat agents. Cybercriminals are willing to take more risks and use more extreme tactics for financial gain.
Competitor
A threat agent who carries out attacks on behalf of an organization and targets competing companies.
Insider
A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack.
Internal threat
A threat from authorized individuals (insiders) who exploit assigned privileges and inside information to carry out an attack.
External threat
A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data.
Non-persistent threat
A threat that focuses on getting into a system and stealing information. It is usually a one-time event, so the attacker is not concerned with detection.
Persistent threat
A threat that seeks to gain access to a network and remain there undetected.
Targeted attack
A type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.
Opportunistic attack
An attack in which the threat actor is almost always trying to make money as fast as possible and with minimal effort.
Hacker
Any threat agent who uses technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information.
7. Penetrating system defenses to gain unauthorized access.
Breaching
Which method can you use to access an application or operating system for troubleshooting?
Create a backdoor
7. Preparing a computer to perform additional tasks in the attack.
Staging
How do persistent and non-persistent threats differ?
The goal of persistent threats is to gain access to a network and retain access undetected. The goal of non-persistent threats is to get into a system and steal information. The attack is usually a one-time event.
8. Diversifying layers of defense.
Variety
Which of the following is the BEST example of the principle of least privilege? - Jill has been given access to all of the files on one server. - Mary has been given access to all of the file servers. - Lenny has been given access to files that he does not need for his job. - Wanda has been given access to the files that she needs for her job.
Wanda has been given access to the files that she needs for her job.
7. Configuring additional rights to do more than breach the system.
Escalating privileges
7. Crashing systems.
Exploitation
7. Stealing information.
Exploitation
Open-source intelligence (OSINT)
Information that is readily available to the public and doesn't require any type of malicious activity to obtain.
The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the following: 1. Create and follow onboarding and off-boarding procedures. 2. Employ the principal of least privilege. 3. Have appropriate physical security controls in place. Which type of threat actor do these steps guard against? - Insider - Hacktivist - Script kiddie - Competitor
Insider
An employee stealing company data could be an example of which kind of threat actor? - External threat - Non-persistent threat - Internal threat - Persistent threat
Internal threat
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the BEST defense against script kiddie attacks? - Properly secure and store data backups. - Have appropriate physical security controls in place. - Implement email filtering systems. - Build a comprehensive security approach that uses all aspects of threat prevention and protection. - Keep systems up to date and use standard security practices.
Keep systems up to date and use standard security practices.
8. Eliminating single points of failure.
Layering
8. Implementing multiple security measures to protect the same asset.
Layering
Which methodologies can you use to defend a network?
Layering, Principle of least privilege, Variety, Randomness, and Simplicity
A hacker scans hundreds of IP addresses randomly on the internet until they find an exploitable target. What kind of attack is this? - Nation state attack - Targeted attack - Insider attack - Opportunistic attack
Opportunistic attack
8. Giving groups only the access they need to do their job and nothing more.
Principle of least privilege
8. Giving users only the access they need to do their job and nothing more.
Principle of least privilege
8. The constant change in personal habits and passwords to prevent anticipated events and exploitation.
Randomness
7. Gathering system hardware information.
Reconnaissance
In which phase of an attack does the attacker gather information about the target? - Reconnaissance - Breach the system - Escalating privileges - Exploit the system
Reconnaissance
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? - Nation state - Competitor - Hacktivist - Script kiddie - Insider
Hacktivist
