Cybersecurity Certificate study guide Course 1 (Intro to Cybersecurity)
Whaling
A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
Which of the following statements correctly describe logs? Select two answers.
A log is used as a formal guide to incident response. A business might log errors that occurred as a result of high network traffic.
Ransomware
A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.
Spear phishing
A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
Playbook
A manual that provides details about what actions to take
As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.
A network protocol analyzer (packet sniffer). An intrusion detection system (IDS).
Log
A record of events that occur within an organization's systems
Antivirus software
A software program used to prevent, detect, and eliminate malware and viruses
Scarcity
A tactic used to imply that goods or services are in limited supply
Watering hole attack
A threat actor attacks a website frequently visited by a specific group of users.
Social media phishing
A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack
Physical social engineering
A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.
Urgency
A threat actor persuades others to respond quickly and without questioning.
Business Email Compromise (BEC)
A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
USB baiting
A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.
Dashboard
A tool used to visually communicate information or data
Password attack
An attempt to access password-secured devices, systems, networks, or data. Some forms of this are Brute force and Rainbow table. This falls under the communication and network security domain.
SIEM tool
Application that collects and analyzes log data to monitor an organization's critical activities
Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?
Asset Security
_____ are items perceived as having value to an organization.
Assets
Reasons why social engineering attacks are effective include:
Authority, Intimidation, Consensus/Social proof, Scarcity, Familiarity, Trust, Urgency
There are three main categories of hackers:
Authorized hackers, Semi-authorized hackers, Unauthorized hackers.
You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, integrity, and what else?
Availability
Consensus/Social proof:
Because people sometimes do things that they believe many others are doing, threat actors use others' trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past
Some of the most common types of phishing attacks today include:
Business Email Compromise (BEC), Spear phishing, Whaling, Vishing, Smishing
Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?
Identity and access management
Which of the following statements accurately describe the NIST CSF?
It consists of standards, guidelines, and best practices. Its purpose is to help manage cybersecurity risk.
What are some key benefits of using Python to perform security tasks? Select all that apply
It saves time. It clearly maps data. It helps ensure accuracy.
You are a security professional working for a state motor vehicle agency that stores drivers' national identification numbers and banking information. Which ethical principle involves adhering to rules that are intended to protect these types of data?
Laws
Viruses
Malicious code written to interfere with computer operations and cause damage to data and software, needs to be initiated by a user (i.e., a threat actor), who transmits it via a malicious attachment or file download. When someone opens the malicious attachment or download, it hides itself in other files in the now infected system.When the infected files are opened, it allows the it to insert its own code to damage and/or destroy data in the system.
Worms
Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
Spyware
Malware that's used to gather and sell information without consent. This can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.
Which of the following tasks can be performed using SIEM tools? Select three answers.
Monitoring critical activities. Analyzing filtered events and patterns. Saving time by reducing the amount of data to be reviewed.
What term is used to describe publicly available systems, such as Linux?
Open-source
Types of Attacks
Password attack, Social engineering attack, Physical attack, Supply-chain attack, Cryptographic attack
Which ethical principle describes safeguarding personal information from unauthorized use?
Privacy protection
What are some of the primary purposes of security frameworks?
Protecting PII data, Managing organizational risks, Identifying security weaknesses
What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?
SIEM
What are some of the primary purposes of security frameworks? Select three answers.
Securing financial information. Aligning security with business goals. Identifying security weaknesses
A security professional is researching compliance and the law in order to define security goals. Which domain does this scenario describe?
Security and risk management
A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?
Security architecture and engineering
Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?
Security assessment and testing
A security professional is updating software on a coworker's computer and happens to see a very interesting email about another employee. The security professional chooses to follow company guidelines with regards to privacy protections and does not share the information with coworkers. Which concept does this scenario describe?
Security ethics
Which of the following are core components of security frameworks? Select two answers.
Setting guidelines to achieve security goals. Implementing security processes
Some of the most common types of social engineering attacks today include:
Social media phishing, Watering hole attack, USB baiting,Physical social engineering
Malware
Software designed to harm devices or networks, The primary purpose of it is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Smishing
The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
What are some key benefits of programming languages? Select all that apply.
They execute repetitive processes accurately. They filter through data points faster than humans can working manually. They can be used to create a specific set of instructions for a computer to execute tasks.
Assessment and Testing
This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. Security analysts may conduct regular audits of user permissions, to make sure that users have the correct level of access. For example, access to payroll information is often limited to certain employees, so analysts may be asked to regularly audit permissions to ensure that no unauthorized person can view employee salaries.
Security operations
This domain focuses on conducting investigations and implementing preventative measures. Imagine that you, as a security analyst, receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization's policies and procedures to quickly stop the potential threat.
Communication and network security
This domain focuses on managing and securing physical networks and wireless communications. As a security analyst, you may be asked to analyze user behavior within your organization.
Security Architecture and engineering
This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks that could affect productivity.
Asset security
This domain focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data. When working with this domain, security analysts may be tasked with making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.
Software development security
This domain focuses on using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services. A security analyst may work with software development teams to ensure security practices are incorporated into the software development life-cycle. If, for example, one of your partner teams is creating a new mobile app, then you may be asked to advise on the password policies or ensure that any user data is properly secured and managed.
Familiarity
Threat actors establish a fake emotional connection with users that can be exploited.
Trust
Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.
Authority
Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.
Intimidation
Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they're told.
What can cybersecurity professionals use logs for?
To identify vulnerabilities and potential security breaches
New and unskilled threat actors have various goals, including:
To learn and enhance their hacking skills, To seek revenge, To exploit security weaknesses by using existing malware, programming scripts, and other tactics.
A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?
Training about social engineering
Some of the most common types of malware attacks today include:
Viruses, Worms, Ransomware, Spyware
Which of the following threats are examples of malware?
Worms and Viruses
Social engineering
a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It's the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.
Social engineering attack
a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of this are Phishing, Smishing, Vishing, Spear phishing Whaling, Social media phishing, Business Email Compromise (BEC), Watering hole attack, USB (Universal Serial Bus) baiting, Physical social engineering. These are related to the security and risk management domain.
Insider threats
abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include: Sabotage, Corruption, Espionage, Unauthorized data access or leaks
Cryptographic attack
affects secure forms of communication between a sender and intended recipient. Some forms of this are Birthday, Collision, Downgrade. These attacks fall under the communication and network security domain.
Authorized hackers
also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
Hacker
any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons.
Hacktivists
are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include: Demonstrations, Propaganda, Social change campaigns, Fame.
Unauthorized hackers
called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.
Semi-authorized hackers considered researchers.
considered researchers. They search for vulnerabilities but don't take advantage of the vulnerabilities they find.
To request information from a _____, security professionals can use SQL.
database
As a security professional, you monitor the potential threats associated with _____ because they often have access to sensitive information, know where to find it, and may have malicious intent.
disgruntled employees
Security and Risk Management
focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law. For example, security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act, also known as HIPAA.
Identity and access management.
focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. Validating the identities of employees and documenting access roles are essential to maintaining the organization's physical and digital security. For example, as a security analyst, you may be tasked with setting up employees' keycard access to buildings.
Advanced persistent threats
have significant expertise accessing an organization's network without authorization. APTs tend to research their targets (e.g., large corporations or government entities) in advance and can remain undetected for an extended period of time. Their intentions and motivations can include: Damaging critical infrastructure, such as the power grid and natural resources and Gaining access to intellectual property, such as trade secrets or patents
Physical attack
is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of this are Malicious USB cable, Malicious flash drive, Card cloning and skimming. These fall under the asset security domain.
Adversarial artificial intelligence
is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.
Threat actor
is any person or group who presents a security risk
What tool is designed to capture and analyze data traffic within a network?
network protocol analyzer (packet sniffer)
A _____ is a manual that provides details about operational actions.
playbook
A security team uses a _____ to help them document organizational processes from beginning to end.
playbook
The ethical principle of _____ involves safeguarding a company database that contains sensitive information about employees.
privacy protection
The eight CISSP security domains
security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security
A security professional has been tasked with implementing safeguards to reduce suspicious activity on their company's network. They use _____ to help them reduce this type of risk.
security controls
Instead of reviewing pages and pages of logs to determine if there are any new security threats, analysts can use _____ tools, which provide alerts for specific types of threats and risks.
security information and event management (SIEM)
Fill in the blank: Exploiting human error to gain access to private information is an example of _____ engineering.
social
Supply-chain attack
targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. These attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.