Cyber 262 quiz 1 || with Errorless Answers.
As Security professionals, the single most important asset that we must protect in an enterprise is
________ correct answers People
As Security professionals, the second most important asset that we must protect in an enterprise
is _________ correct answers Data
What about computers, buildings, and infrastructure in securing data? correct answers We can
buy new Servers, build new buildings but we can't get our data back unless we have strong
protections in place.
Attackers Evolve and are Sophisticated;
Connectivity correct answers The internet has opened up access to provide convenience which is
exploited.
Attackers Evolve and are Sophisticated;
Path of Least Resistance correct answers Enterprises have implemented sophisticated multi
tiered defenses, so attackers take the easy way in ... tricking employees into clicking on links and
giving up key information.
Attackers Evolve and are Sophisticated;
Sophistication and Organization correct answers Hackerville
Attackers Evolve and are Sophisticated;
Anonymity correct answers Crypto Currency like Bitcoin, Encryption and VPN's have aided
hackers in remaining anonymous.
,Attackers exploit weaknesses to gain access to Information. The most common attacks exploit
these 2 areas; correct answers People (Our Weakest Link) - Social Engineering attacks target the
good nature of employees to help in attacks. This can include Physical Security breaches.
Software - Runs our devices and needs to be protected.
- Servers: run operating system (OS) software
- Networks: run Network Operating Systems (NOS) software
- Desktops or Endpoints: run Operating Systems: Windows, MAC OSX, Linux
- Internet of Things (IoT) devices: run software and are one of our largest threats.
- Examples: Facility and Home Automation, Personal Assistants
Equifax Breach, September 2017 (confidentiality) correct answers Equifax announced that the
personal information of 147 Million people was compromised. Company agreed to a global
settlement of $671 million dollars to settle lawsuits and government investigations. (Equifax,
2019)
Root Cause:
Failure to Patch a two month old bug in Apache Struts Software
DynAttack, October 21 2016 (availability) correct answers Dyn was under a Distributed Denial
of Service (DDOS)
Caused Major Internet outages for several hours.
Attackers used a coordinated Botnet attack that leveraged thousands of IoT (cameras, thermostats
and baby monitors) infected with the Miraibotnet to launch the attack. (Graf, G. Wired, 2017)
Root Cause:
Failure to have proper alerts and DDOS detection systems in place.
Capital One, June, 29, 2019 (confidentiality) correct answers Confidential data of 100 million
people stolen from their cloud storage which appears to be an S3 AWS bucket.
Paige Thompson, former AWS employee was charged. (Bloomberg, 2019)
"Who's in your Wallet?"
, Root Cause:
Insider Access by former employee, failure to secure S3 cloud storage. Investigation ongoing.
Getting a Handle on Threats correct answers There are several sites and repositories for staying
up to date with Cybersecurity Threats, Vulnerabilities and Guidance.
We will focus on a www.us-cert.gov which is maintained by the Department of Homeland's
Cybersecurity and Infrastructure Agency (CISA).
CISA tracks Vulnerabilities and Offers Guidance across many agencies, Industries and Critical
Infrastructure sectors.
Getting a Handle on Threats
Information Security correct answers DATA protection is at the Heart of the CIA Triad
Confidentiality -Information is only accessed by authorized entities.
Integrity -Information is not modified or tampered with by entities that are not authorized to do
so.
Availability -Information and systems are available and accessible when users need them.
Threats and Vulnerabilities correct answers Threats are potential dangers.
In this picture the threat is water rising above the crack.
The Vulnerability is the Crack in the wall.
Threats and Vulnerabilities in IT Security correct answers Threats are potential dangers.
- Hackers
- Insiders
- Natural Disasters
Vulnerabilities are weaknesses in systems or procedures, they are ways threats become
manifested.
- Zero day exploits -New Bugs with no patch
- Weak passwords
As Security professionals, the single most important asset that we must protect in an enterprise is
________ correct answers People
As Security professionals, the second most important asset that we must protect in an enterprise
is _________ correct answers Data
What about computers, buildings, and infrastructure in securing data? correct answers We can
buy new Servers, build new buildings but we can't get our data back unless we have strong
protections in place.
Attackers Evolve and are Sophisticated;
Connectivity correct answers The internet has opened up access to provide convenience which is
exploited.
Attackers Evolve and are Sophisticated;
Path of Least Resistance correct answers Enterprises have implemented sophisticated multi
tiered defenses, so attackers take the easy way in ... tricking employees into clicking on links and
giving up key information.
Attackers Evolve and are Sophisticated;
Sophistication and Organization correct answers Hackerville
Attackers Evolve and are Sophisticated;
Anonymity correct answers Crypto Currency like Bitcoin, Encryption and VPN's have aided
hackers in remaining anonymous.
,Attackers exploit weaknesses to gain access to Information. The most common attacks exploit
these 2 areas; correct answers People (Our Weakest Link) - Social Engineering attacks target the
good nature of employees to help in attacks. This can include Physical Security breaches.
Software - Runs our devices and needs to be protected.
- Servers: run operating system (OS) software
- Networks: run Network Operating Systems (NOS) software
- Desktops or Endpoints: run Operating Systems: Windows, MAC OSX, Linux
- Internet of Things (IoT) devices: run software and are one of our largest threats.
- Examples: Facility and Home Automation, Personal Assistants
Equifax Breach, September 2017 (confidentiality) correct answers Equifax announced that the
personal information of 147 Million people was compromised. Company agreed to a global
settlement of $671 million dollars to settle lawsuits and government investigations. (Equifax,
2019)
Root Cause:
Failure to Patch a two month old bug in Apache Struts Software
DynAttack, October 21 2016 (availability) correct answers Dyn was under a Distributed Denial
of Service (DDOS)
Caused Major Internet outages for several hours.
Attackers used a coordinated Botnet attack that leveraged thousands of IoT (cameras, thermostats
and baby monitors) infected with the Miraibotnet to launch the attack. (Graf, G. Wired, 2017)
Root Cause:
Failure to have proper alerts and DDOS detection systems in place.
Capital One, June, 29, 2019 (confidentiality) correct answers Confidential data of 100 million
people stolen from their cloud storage which appears to be an S3 AWS bucket.
Paige Thompson, former AWS employee was charged. (Bloomberg, 2019)
"Who's in your Wallet?"
, Root Cause:
Insider Access by former employee, failure to secure S3 cloud storage. Investigation ongoing.
Getting a Handle on Threats correct answers There are several sites and repositories for staying
up to date with Cybersecurity Threats, Vulnerabilities and Guidance.
We will focus on a www.us-cert.gov which is maintained by the Department of Homeland's
Cybersecurity and Infrastructure Agency (CISA).
CISA tracks Vulnerabilities and Offers Guidance across many agencies, Industries and Critical
Infrastructure sectors.
Getting a Handle on Threats
Information Security correct answers DATA protection is at the Heart of the CIA Triad
Confidentiality -Information is only accessed by authorized entities.
Integrity -Information is not modified or tampered with by entities that are not authorized to do
so.
Availability -Information and systems are available and accessible when users need them.
Threats and Vulnerabilities correct answers Threats are potential dangers.
In this picture the threat is water rising above the crack.
The Vulnerability is the Crack in the wall.
Threats and Vulnerabilities in IT Security correct answers Threats are potential dangers.
- Hackers
- Insiders
- Natural Disasters
Vulnerabilities are weaknesses in systems or procedures, they are ways threats become
manifested.
- Zero day exploits -New Bugs with no patch
- Weak passwords
