SY0-601 Chapter 2

Ace your homework & exams now with Quizwiz!

Edward Snowden was a gov contractor who disclosed sensitive gov documents to journalists to uncover what he believed were unethical activities. What two terms best describe Snowden? A: Insider B: State Actor C: Hacktivist D: APT E: Organized Crime

A&C: Insider/Hacktivist

Zero-Day Attacks

discover vulnerabilities unknown to other hackers or cyber security teams, can store information in repository for later use. Very dangerous because they are unknown to product vendors.

Closed-Source Intelligence

doing one's own information gathering, proprietary, may want to keep threat data secret

Insiders

occur when an employee, contractor, vendor, or others with authorized access to information/systems wage an attack against the organization. These can be of any skill level

Email and social media (TV)

one of the most commonly exploited threat vectors, uses phishing, spam or other attacks, only needs 1 user to login to go into effect.

Threat Maps

provide a geographic view of threat intelligence, used to gain insight into the sources of the attacks, NOTORIOUSLY unreliable.

Vulnerability Databases

provides valuable insight into the types of threats being discovered by researchers

Open-Source Intelligence

threat intelligence that is acquired by publicly available sources

Is it timely? (TAF)

A feed that is operating on delay can cause you to miss a threat

Dark Web

A network run over standard internet connections but using multiple layers of encryption to provide anonymous communication

What type of assessment is particularly useful for identifying insider threats? A: Behavioral B: Instinctual C: Habitual D: IOCs

A: Behavioral

Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location? A: Email B: Direct access C: Wireless D: Removable media

A: Email

Which of the following threat actors typically has the greatest access to resources? A: Nation-State Actors B: Organized Crime C: Hacktivists D: Insider threats

A: Nation-State Actors

Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term best describes this use of technology? A: Shadow-IT B: System Integration C: Vendor Management D: Data Exfiltration

A: Shadow-IT

Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack? A: Supply Chain B: Removable media C: Cloud D: Direct Access

A: Supply Chain

Which one of the following threat research tools is used to visually display information about the location of threat actors? A: Threat Map B: Predictive analysis C: Vulnerability Feed D: STIX

A: Threat Map

Tom's organization recently learned that the vendor is discontinuing support for the customer relationship management (CRM) system. What should concern Tom the most from a security perspective? A: Unavailability of future patches B: Lack of technical support C: Theft of customer information D: Increased Costs

A: Unavailability of future patches

Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes kolin's work? A: White Hat B: Grey Hat C: Black Hat D: Green Hat

A: White Hat

Structured Threat Information eXpression (STIX)

An XML structured language for expressing and sharing threat intelligence. originally sponsored by U.S. Dept. of Homeland Security

Wireless Networks (TV)

Attackers do not need to gain physical access to the network, because they can get close enough to access the organizations network remotely.

Cloud (TV)

Attackers may routinely scan virtual remote based services looking for files with improper access controls, security flaws, or accidentally published API Keys

Which of the following measures is not commonly used to assess threat intelligence A: Timeliness B: Detail C: Accuracy D: Relevance

B: Detail

Which of the following attackers is most likely to be associated with an APT? A: Nation-State Actor B: Hacktivist C: Script Kiddie D: Insider

B: Hacktivist

Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs? A: Academic Journal B: Internet RFCs C: Subject Matter Experts D: Textbooks

B: Internet RFCs

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information? A: Vulnerability Feed B: IoC C: TTP D: RFC

B: IoC

Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository? A: Product Manuals B: Source Code C: API Keys D: Open Source Data

C: API Keys

Which one of the following information sources would not be considered an OSINT (Open Source Intelligence) source? A: DNS Lookup B: Search Engine research C: Port Scans D: WHOIS inquiries

C: Port Scans

What language is STIX based on? A: PHP B: HTML C: XML D: Python

C: XML

Is the information accurate? (TAF)

Can you rely on what it says? How likely is it that the threat assessment is valid?

Which of the following is the best example of a hacktivist group? A: Chinese Military B: U.S. Government C: Russian Mafia D: Anonymous

D: Anonymous

What organization did the U.S. help create to help share knowledge between organizations in specific verticals? A: DHS B: SANS C: CERTS D: ISACs

D: ISACs

Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose? A: STIX 1.0 B: OpenIOC C: STIX 2.0 D: TAXII

D: TAXII

Removable Media (TV)

Devices such as usb drives to spread malware and launch attacks, may leave devices in public area hoping someone will insert them into their device

Is the information relevant? (TAF)

If it describes the wrong platform, software, or reason for the organization to be targeted it is irrelevant

Third-Party Risk (TV)

Interfere with an organizations supply chain to gain access to devices before they arrive at the organization

Script Kiddies

People who use hacking techniques but have limited skill, rely almost entirely on automated tools. Their motivations revolve around trying to prove their skill.

Threat Vectors

The means that threat actors use to obtain access

Criminal Syndicates

Their motive is simply illegal financial gain, with skill levels of moderate to high. Involved in cybercrimes such as cyber-dependent crimes, Child sex exploitations, Payment Fraud, Dark Web, Terrorism, and/or Cross-Cutting Crime Factors.

Hacktivist

Use hacking techniques to accomplish some activist goal, including defacing a website they disagree with or attacking a network due to political affiliation. measures that might deter most people are less likely with this group.

Open Indicators of Compromise (OpenIoC)

XML-Based framework, includes metadata like the author, name of the IOC, and description of the indicator.

Confidence Score

allows organizations to filter and use threat intelligence based on how much trust they can give it.

Direct Access (TV)

attackers may seek to gain access by physically entering an organization's facility such as a lobby or a store, by using unsecured network jacks on the wall.

Trusted Automated eXchange of Indicator Information (TAXII)

companion to STIX, intended to allows cyber security threat information to be communicated at the application layer via HTTPS

STIX use

defines objects like attack patterns, identities, malware, threat actors, and tools. then related by either a relationship or a sighting

Information Sharing and Analysis Centers (ISACs)

helps owners and operators share threat information and provide tools and assistance to their members. allowing in-depth sharing of threat information for both physical and cuber threats

Threat Feeds

intended to provide up to date detail about threats in a way that your organization can leverage

Advanced Persistent Threats (APTs)

involves high level consistent attacks over a significant period of time, with motives varying from political to economic.

Competitors

may engage in corporate espionage designed to steal sensitive information from another organization in order to create a business advantage. May include stealing customer information, proprietary software, confidential product plans, or any other information

Threat Intelligence

set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment, can also be used for predictive analysis

Indicators of Compromise (IoCs)

telltale signs that an attack has taken place and may include file signatures, log patterns, or other evidence


Related study sets

Chapter 10: Democracy in America, 1815-1840

View Set

Paul Helton Abnormal Psych Final

View Set

Health Assessment PrepU Ch. 4 (The Health History)

View Set

BUL5810 Homework Question - Chapter 5

View Set