Chapter 2: Cybersecurity Threat Landscape

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

dark web

A shadowy anonymous network often engaging in illicit activity

D. TAXII

Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?

A. Insider C. Hacktivist

Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which two of the following terms best describe Snowden's activities? A. Insider B. State actor C. Hacktivist D. APT E. Organized crime

A. Supply chain

Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes the attack? A. Supply chain B. Removable media C. Cloud D. Direct access

B. Internet RFCs

Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs? A. Academic journal B. Internet RFCs C. Subject matter experts D. Textbooks

White Hat

Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work?

A. Email

Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location? A. Email B. Direct access C. Wireless D. Removable media

C. Theft of customer information

Tom's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern Tom the most from a security perspective? A. Unavailability of future patches B. Lack of technical support C. Theft of customer information D. Increased costs

A. Shadow IT

Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term best describes this use of technology? A. Shadow IT B. System integration C. Vendor management D. Data exfiltration

B. IoC

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information? A. Vulnerability feed B. IoC C. TTP D. RFC

C. API keys

Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository? A. Product manuals B. Source code C. API keys D. Open source data

direct access, wireless, email, supply chain, social media, removable media, and cloud

What are the threat vectors included by CompTIA?

XML

What language is STIX based on?

ISACs

What organization did the U.S. government help create to help share knowledge between organizations in specific verticals?

A. Behavorial

What type of assessment is particularly useful for identifying insider threats? A. Behaviorial B. Instinctual C. Habitual D. IOCs

B. Detail

Which of the following measures is not commonly used to assess threat intelligence? A. Timeliness B. Detail C. Accuracy D. Relevance

A. Nation-state actors

Which of the following threat actors typically has the greatest access to resources? A. Nation-state actors B. Organized crime C. Hacktivists D. Insider threats

A. Nation-state actor

Which one of the following attackers is most likely to be associated with an APT? A. Nation-state actor B. Hacktivist C. Script kiddie D. Insider

C. Port scans

Which one of the following information sources would not be considered an OSINT source? A. DNS lookup B. Search engine research C. Port scans D. WHOIS queries

D. Anonymous

Which one of the following is the best example of a hacktivist group? A. Chinese military B. U.S. government C. Russian mafia D. Anonymous

A. Threat map

Which one of the following threat research tools is used to visually display information about the location of threat actors? A. Threat map B. Predictive analysis C. Vulnerability feed D. STIX

shadow IT

a situation where individuals and groups seek out their own technology solution; poses a risk to the organization because it puts sensitive information in the hands of vendors outside of the organization's control

threat feeds

intended to provide up-to-date detail about threats in a way that your organization can leverage

competitors

may engage in corporate espionage designed to steal sensitive information from your organization and use it to their own business advantage; may include theft of customer information, stealing proprietary software, identifying confidential product development plans, or gaining access to any other information that would benefit the competitor

insider attacks

occur when an employee, contractor, vendor, or other individual with authorized access to information and systems uses that access to wage an attack against the organization

script kiddie

people who use hacking techniques but have limited skills; may rely almost entirely on automated tools they download from the Internet; often have little knowledge of how their attacks actually work, and they are simply seeking out convenient targets of opportunity

threat maps

provide a geographic view of threat intelligence

indicators of compromise (IOCs)

telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers

threat vectors

the means that threat actors use to obtain access

closed-source intellignece

they do their own information gathering and research, and they may use custom tools, analysis models, or other proprietary methods to gather, curate, and maintain their threat feeds

white-hat hackers

those who act with authorization and see to discover security vulnerabilities with the intent of correcting them; may either be employees of the organization or contractors hired to engage in penetration testing; also known as authorized attackers

black-hat hackers

those who act with malicious intent; they seek to defeat security controls and compromise the confidentiality, integrity, or availability of information and systems for their own, unauthorized, purposes; also known as unauthorized attackers

gray-hat hackers

those who act without proper authorization, but do so with the intent of informing their targets of any security vulnerabilities; also known as semi-authorized attackers

open source threat intelligence

threat intelligence that is acquired from publicly available sources

hacktivists

use hacking techniques to accomplish some activist goal; they believe they are motivated by the greater good, even if their activity violates the law


Kaugnay na mga set ng pag-aaral

SIE Ch 2: Types of Markets & Offerings

View Set

Chapter 12: Production and Growth

View Set

Module 6 Quiz - Weight Management

View Set

Chapter 38: Vehicle Extrication and Special Rescue

View Set