Intro to Cyber Ops
Which of the following is an example of failing to maintain confidentiality?
An unauthorized process or program accesses a data item
In the context of access control, a subject proves their asserted identity by providing something they know, something they possess, or something they are. What is this called?
Authentication
In the context of access control, once a subject is authenticated, they are then provided a certain level of access to certain objects. What is this called?
Authorization
An email to one of the sales team members was intercepted and successfully read by an attacker, it was a failure of which of the following?
Confidentiality
Which of the following best describe possible motives for a cyber attack?
Crime Hacktivism Cyber Espionage
Controls can be applied to which of the following?
Data, programs, systems, and physical devices Communications links
A company has implemented two-factor authentication using Biometrics. This is a fool proof authentication method.
False
A distributed denial of service (DDoS) attack is an attack against confidentiality.
False
An attack that saps computer resources thus denying their use for legitimate purposes is an example of a failure of Integrity.
False
As Chief Executive Officer of a Fortune 1000 company, you conclude that the value of an asset depends upon the asset's monetary value alone.
False?
Which of the following best describes a non-human threat to a computer system?
Floods, fires, and earthquakes
Which of the following best describes a Nation-State Actor?
Highly-skilled and well-supported hackers who conduct cyber espionage, theft, terrorism, and offensive cyber attacks.
You are creating a Risk Management Plan. When considering the probability of the occurrence of harm (harm is actualized threat), which of of the following could be a type of threat to a computer system?
Human Threats Malicious Threats Non-Malicious Threats
Which of the following best describes a non-malicious threat to a computer system?
Human error
In access control, a subject first makes an assertion to their identity. What is this called?
Identification
Which of the following best describes Identification?
Identification is when a subject claims to be a specific identity
One component of risk is the potential harm, or the amount of damage that can be done to an asset. What is this component called?
Impact
The "I" in the C-I-A triad stands for which of the following?
Integrity
Harm is best characterized by which of the following acts?
Interception & Interruption Modification & Fabrication
An object or service is thought to be available if which of the following are true?
It is present in a usable form. It has enough capacity to meet the service's needs. It is making clear progress, and, if in wait mode, it has a bounded waiting time.
Which of the following best describes a White Hat hacker?
Lawful and authorized hackers who are skilled cyber experts that are hired to conduct vulnerability assessments, security audits, and/or penetration tests to determine the security posture of an organization.
One component of risk deals with the probability of a threat causing harm to an asset. Select this component of risk from the list below.
Likelihood
Which of the following best describes a Script Kiddie?
Low-skilled hacker who typically uses automated tools designed by others.
Which of the following is needed by a threat to successfully carry out an attack?
Method Motive Opportunity
The three primary aspects of Integrity are best described by which of the following?
Only authorized actions Separation and protection of resources Error detection and correction
In authentication, which of the following best describes "something the user knows"?
Password
As a consultant, you support the systems and networks for several small businesses. From the list below, which activities could result in a vulnerability?
Poor Design Improper Implementation Improper Configuration
The risk that remains after mitigating risk with controls is called what?
Residual Risk
Which of the following best describes a category of an attacker?
Script kiddies and black hats
Which of the following best describes a method a threat would use to execute a cyber attack?
Social Engineering Client-side Attacks Network Attacks
All systems and networks have vulnerabilities. The entire set of a system or network's vulnerabilities is called:
The attack surface
A control is an action, device, procedure, or technique that removes or reduces a vulnerability.
True
A threat is a set of circumstances that, if realized, could result in harm.
True
A vulnerability is a weakness that is subject to being exploited.
True
An attacker must have a motive or reason to want to conduct an attack.
True
Authentication is the process of proving an identity and it occurs when subjects provide the appropriate credentials to prove their identity.
True
Confidentiality is the protection of information from unauthorized access.
True
Every password can be guessed; password strength is determined by the number of guesses required.
True
Human threats can be either malicious or non-malicious
True
Humans that exploit a vulnerability execute an attack on a victim.
True
In Access Control, a person, process, or program is (or is not) authorized to access a data item in a particular way.
True
Integrity is maintained when the information remains unchanged during storage, transmission, and usage.
True
Method refers to the skills, knowledge, tools, and other things with which to perpetrate the attack.
True
Opportunity is defined as the time and access an attacker would need to execute an attack.
True
The "A" in the C-I-A triad states that objects and services should be available when authorized users need to access them
True
The C-I-A triad represent the most critical properties of information/cyber security.
True
The vulnerability-threat-control paradigm states that "A threat is blocked by the control of a vulnerability."
True
Your new role as the Chief Information Security Officer involves protection of the items valued by the company. These protected items are called assets.
True