CCST - Cybersecurity

What technology can be used to protect the integrity of data in transit?

Hashing Data integrity refers to the accuracy and validity of the data. Hashing is used to ensure the integrity of data as it moves between devices.

A cyber security analyst is reviewing security alerts in Sguil. What are three pieces of information included in an alert to identify the device generating the alert?

IP protocol number, source and destination Layer 4 port, and source and destination IP address

Hacktivists/Hactivism

Individuals or groups who carry out cyber-attacks to promote a political or social agenda.

Cybercriminals

Individuals or organized groups who engage in illegal activities for financial gain, such as stealing sensitive data or conducting ransomware attacks.

Script Kiddies

Individuals with limited technical skills who use pre-existing tools and scripts to launch attacks for fun or curiosity.

An organization is implementing security requirements for teleworkers to access the corporate network. What are two examples of technical control for the implementation?

Install and configure a VPN appliance. Enable multi-factor authentication.

What is the best method to avoid getting spyware on a machine?

Install software only from trusted websites.

What is quid pro quo?

"Quid pro quo" is a Latin term meaning "this for that." or something for something. It the context of cybersecurity, a person gives confidential information and in return the receive a reward

The responsibilities for a Junior Security Analyst are:

1- Preparation and Prevention. 2- Monitoring and Investigation. 3- Response.

Describe HIPAA:

A regulatory law that regulates the identification, storage, and transmission of patient personal healthcare information

Code of Ethics

A set of principles and guidelines that professionals in the cybersecurity field follow to ensure ethical conduct, respect for privacy, and responsible use of their skills.

Ransomware

A type of malware that encrypts a victim's files or locks their system, demanding a ransom payment in exchange for restoring access.

When describing malware, what is a difference between a virus and a worm?

A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.

Define Integrity

Integrity maintains the accuracy, consistency, and trustworthiness of data and system resources.

Why does IoT technology pose a greater risk than other computing technology on a network?

Internet of Things devices often lack robust security measures, making them susceptible to attacks. Vulnerabilities in IoT devices can lead to unauthorized access, data breaches, or control manipulation.

Which two tools used for incident detection can be used to detect anomalous behavior, to detect command and control traffic, and to detect infected hosts?

Intrusion Detection System and NetFlow

What is the main purpose of cybersecurity?

It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.

What is the Nmap utility used for?

It is an open source tool for scanning vulnerabilities of systems and networks. It can identify open ports on a host.

Define cyberwarfare

It is internet-based conflict that involves the penetration of information systems of nations.

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. This includes viruses, worms, Trojans, and spyware.

What is a characteristic of a Trojan horse as it relates to network security?

Malware is contained in a seemingly legitimate executable program

Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?

NetFlow

What is a botnet?

Networks of compromised computers controlled by a central attacker, typically used for launching coordinated attacks, distributing spam, or conducting DDoS attacks.

Which tool is used to provide a list of open ports on network devices?

Nmap/Zenmap

Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?

Open Authentication

A network administrator notices that several company wireless access points are using WEP for encryption and authentication. The administrator needs to update the encryption and authentication configurations. Which security policy would address the process of updating AP configurations?

Organizational Policy Since the hotspots are part of the company's assets, the organizational policy would address any change control or asset management practices.

What are attack vectors?

Paths or means through which an attacker can gain access to a system or exploit vulnerabilities. Attack vectors can include email attachments, malicious websites, network vulnerabilities, social engineering, and more.

A medical office employee sends emails to patients about recent patient visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?

Patient Records

What is the best approach to prevent a compromised IoT device from maliciously accessing data and devices on a local network?

Place all IoT devices that have access to the Internet on an isolated network.

Threats are

Potential dangers or harmful events that can exploit vulnerabilities and cause harm to a system or organization's assets, operations, or reputation.

What is the Computer Fraud and Abuse Act (CFAA) of 1986?

Prohibits the unauthorized access of computer systems. Knowingly accessing a government computer without permission or accessing any computer used in or affecting interstate or foreign commerce is a criminal offense.

Which stage of the kill chain used by attackers focuses on the identification and selection of targets?

Reconnaissance

What are the steps of the cyber kill chain?

Reconnaissance Weaponization Delivery Exploitation Installation Command-and-control Actions on objectives

Any device that controls or filters traffic going in or out of the network is known as a ___________.

Firewall

What are characteristics of viruses?

A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date.

What is the Electronic Communications Privacy Act (ECPA)?

Aims to ensure work place privacy and protects a range of electronic communications, such as email and telephone conversation, from unauthorized interception, access, use, and disclosure

What is a characteristic of the security onion analogy to visualizing defense-in-depth?

All layers of the onion must be penetrated to gain access to vulnerable assets.

Defense-in-Depth/Layered Security

An approach that involves deploying multiple layers of security controls and measures to protect systems and data. If one layer is compromised, other layers can still provide protection.

What type of activity occurs during the deployment phase of the asset lifecycle?

An asset is moved from inventory to in-use.

Reasons for an attack

Attackers may have various motivations, including financial gain, espionage, sabotage, ideological or political beliefs, and personal vendettas.

What is a denial-of-service (DoS) attack?

Attacks aimed at rendering a network, system, or service unavailable by overwhelming it with a flood of illegitimate requests or excessive traffic.

What is a man-in-the-middle (MitM) attack?

Attacks where an attacker intercepts and alters communication between two parties without their knowledge. This allows the attacker to eavesdrop, modify, or steal information.

Define Availability

Availability ensures that authorized users have timely and uninterrupted access to information and system resources.

What names are given to a database where all cryptocurrency transactions are recorded?

Blockchain & Ledger

The organization responsible for establishing the code of ethics for cybersecurity:

Computer Ethics Institute -- a resource for identifying, assessing, and responding to ethical issues throughout the information technology industry. CEI was the first organization to recognize the ethical and public policy issues arising from the rapid growth of the IT field.

Define confidentiality

Confidentiality ensures that sensitive information is only accessible to authorized individuals or entities.

What is the CIA triad?

Confidentiality, Integrity, and Availability - The three pillars of information security.

What type of attack uses zombies?

DDoS

What is phishing?

Deceptive emails, websites, or messages designed to trick recipients into providing personal information or login credentials.

Which parameter is used to identify applications when a user sends a service request to a remote server?

Destination port number

For what purpose would a network administrator use the Nmap tool?

Detection and identification of open ports

Insider Threats

Employees, contractors, or trusted individuals who misuse their access privileges to cause harm or breach security.

What are the two main objectives of ensuring data integrity?

Ensuring that data is unaltered during transit. Ensuring that data cannot be unknowingly changed by unauthorized entities.

Which tools a SOC team proactively uses to monitor suspicious and malicious network activities?

SIEM (Security information and event management) EDR (Endpoint Detection and Response)

What is Sguil?

Sguil provides a console to view alerts generated by network security monitoring tools. The alerts will usually include five-tuples of information and time stamps. The five-tuples include the source and destination IP address, source and destination Layer 4 ports, and the IP protocol number.

What is smishing?

Similar to phishing, but carried out through text messages (SMS) or messaging apps.

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?

Snort

Nation-state Actors

State-sponsored attackers who conduct cyber espionage, sabotage, or disruption on behalf of a nation-state.

What is a spear phishing attack?

Targeted email attacks that deceive victims into revealing sensitive information or downloading malware.

Exploits are

Techniques or methods used to take advantage of vulnerabilities in a system or software to gain unauthorized access, disrupt operations, or extract sensitive information.

What is CIPA?

The Children's Internet Protection Act (CIPA) requires that K-12 schools and libraries in the United States use Internet filters and implement other measures to protect children from harmful online content as a condition for federal funding.

What is COPPA?

The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. The Act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (FTC).

Which term describes the planned process of a cyber-attack?

The Cyber Kill Chain

Define Cybersecurity

The art of protecting networks, devices, and data from unauthorized access or criminal use and ensuring confidentiality, integrity, and availability of information sources.

What is the IoT (internet of things)

The connection of a broad array of physical devices to the internet, enabling data collection and management via software. Can include: Sensors and equipment

What is IMPACT?

The international multilateral partnership against cyber threats -- a global partnership of world governments, industries, and academia dedicated to improving global capabilities when dealing with cyber threats.

Risk are

The likelihood and potential impact of a threat exploiting a vulnerability, resulting in harm or damage to an organization. Risk management involves identifying, assessing, and mitigating risks to protect assets effectively.

Vulnerability Scanners

assess computers, computer systems, networks, or applications for weaknesses. Vulnerability scanners help to automate security auditing by scanning the network for security risks and producing a prioritized list to address weaknesses.

What is hardening?

The process of securing a system by reducing vulnerabilities, removing unnecessary services, implementing security controls, and following best practices to minimize the attack surface.

The Security Operations Center (SOC) Three-Tier Model:

Tire 1: Junior Security Analyst - Triage Specialist Tire 2: Security Operations Analyst - Incident Responder Tire 3: Security Operations Analyst - Threat Hunter.

An organization needs to implement a solution that would enable them to determine the order of security events occurring on the network. What technology should be implemented?

To accurately timestamp events on a network, time must be synchronized between devices. Network Time Protocol (NTP), allows devices on the network to synchronize their time with an NTP server or master clock.

What is that main function of the Cisco Security Incident Response Team?

To ensure company, system, and data preservation

True or False: An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action.

True

What is tailgating?

Unauthorized individuals gaining physical access to restricted areas by following an authorized person.

Vulnerabilities are

Weaknesses or flaws in a system's design, implementation, or configuration that can be exploited to compromise its security.

What is meant by the term "Sniffing"?

When an attacker listens and captures packets sent on neatwork at attempt to discover password

What is the National Vulnerability Database (NVD)?

a U.S. government repository of standards-based vulnerability management data that uses the Security Content Automation Protocol (SCAP)

What is pretexting?

a form of social engineering in which one individual lies to obtain confidential data about another individual

What is a Security operations center (SOC)?

a location where a team of cybersecurity professionals are gathered. They are tasked with monitoring, preventing, detecting, investigating, and responding to threats within a company's network and systems

What is a stuxnet worm?

a malware program designed to damage the nuclear enrichment plant of Iran, a program which is an example of a state-sponsored attack

true positive

a verified alert indicating an actual security incident

What is the purpose of packet analyzers?

aka. packet sniffers, intercept and log network traffic.It captures each packet, shows the values of various fields in the packet, and analyzes its content. It is able to capture network traffic on both wired and wireless networks.

false positive

an alert which does not indicate an actual security incident

Methods for ensuring confidentiality

data encryption, username ID and password, two factor authentication, etc.

Methods of ensuring Integrity

file permissions, user access control, version control, and checksums

A user is surfing the Internet using a laptop at a public WiFi cafe. What should be checked first when the user connects to the public network?

if the laptop requires user authentication for file and media sharing

What is the last stage of the Cyber Kill Chain framework?

malicious action

What is social engineering?

manipulating someone to give information or take actions

What is vishing?

social engineering attacks carried out through voice calls to manipulate individuals into divulging sensitive information.

true negative

there is no alert issued and benign normal traffic is correctly ignored

false negative

there is no alert issued, however exploits are occurring undetected

What is the main purpose of cyberwarfare?

to gain advantage over adversaries

What is the most common goal of search engine optimization (SEO) poisoning?

to increase web traffic to malicious sites