Chapter 2: Cybersecurity Threat Landscape
dark web
A shadowy anonymous network often engaging in illicit activity
D. TAXII
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?
A. Insider C. Hacktivist
Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which two of the following terms best describe Snowden's activities? A. Insider B. State actor C. Hacktivist D. APT E. Organized crime
A. Supply chain
Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes the attack? A. Supply chain B. Removable media C. Cloud D. Direct access
B. Internet RFCs
Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs? A. Academic journal B. Internet RFCs C. Subject matter experts D. Textbooks
White Hat
Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work?
A. Email
Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location? A. Email B. Direct access C. Wireless D. Removable media
C. Theft of customer information
Tom's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern Tom the most from a security perspective? A. Unavailability of future patches B. Lack of technical support C. Theft of customer information D. Increased costs
A. Shadow IT
Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term best describes this use of technology? A. Shadow IT B. System integration C. Vendor management D. Data exfiltration
B. IoC
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information? A. Vulnerability feed B. IoC C. TTP D. RFC
C. API keys
Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository? A. Product manuals B. Source code C. API keys D. Open source data
direct access, wireless, email, supply chain, social media, removable media, and cloud
What are the threat vectors included by CompTIA?
XML
What language is STIX based on?
ISACs
What organization did the U.S. government help create to help share knowledge between organizations in specific verticals?
A. Behavorial
What type of assessment is particularly useful for identifying insider threats? A. Behaviorial B. Instinctual C. Habitual D. IOCs
B. Detail
Which of the following measures is not commonly used to assess threat intelligence? A. Timeliness B. Detail C. Accuracy D. Relevance
A. Nation-state actors
Which of the following threat actors typically has the greatest access to resources? A. Nation-state actors B. Organized crime C. Hacktivists D. Insider threats
A. Nation-state actor
Which one of the following attackers is most likely to be associated with an APT? A. Nation-state actor B. Hacktivist C. Script kiddie D. Insider
C. Port scans
Which one of the following information sources would not be considered an OSINT source? A. DNS lookup B. Search engine research C. Port scans D. WHOIS queries
D. Anonymous
Which one of the following is the best example of a hacktivist group? A. Chinese military B. U.S. government C. Russian mafia D. Anonymous
A. Threat map
Which one of the following threat research tools is used to visually display information about the location of threat actors? A. Threat map B. Predictive analysis C. Vulnerability feed D. STIX
shadow IT
a situation where individuals and groups seek out their own technology solution; poses a risk to the organization because it puts sensitive information in the hands of vendors outside of the organization's control
threat feeds
intended to provide up-to-date detail about threats in a way that your organization can leverage
competitors
may engage in corporate espionage designed to steal sensitive information from your organization and use it to their own business advantage; may include theft of customer information, stealing proprietary software, identifying confidential product development plans, or gaining access to any other information that would benefit the competitor
insider attacks
occur when an employee, contractor, vendor, or other individual with authorized access to information and systems uses that access to wage an attack against the organization
script kiddie
people who use hacking techniques but have limited skills; may rely almost entirely on automated tools they download from the Internet; often have little knowledge of how their attacks actually work, and they are simply seeking out convenient targets of opportunity
threat maps
provide a geographic view of threat intelligence
indicators of compromise (IOCs)
telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers
threat vectors
the means that threat actors use to obtain access
closed-source intellignece
they do their own information gathering and research, and they may use custom tools, analysis models, or other proprietary methods to gather, curate, and maintain their threat feeds
white-hat hackers
those who act with authorization and see to discover security vulnerabilities with the intent of correcting them; may either be employees of the organization or contractors hired to engage in penetration testing; also known as authorized attackers
black-hat hackers
those who act with malicious intent; they seek to defeat security controls and compromise the confidentiality, integrity, or availability of information and systems for their own, unauthorized, purposes; also known as unauthorized attackers
gray-hat hackers
those who act without proper authorization, but do so with the intent of informing their targets of any security vulnerabilities; also known as semi-authorized attackers
open source threat intelligence
threat intelligence that is acquired from publicly available sources
hacktivists
use hacking techniques to accomplish some activist goal; they believe they are motivated by the greater good, even if their activity violates the law