Incident Quest..
Which type of malware typically demands a ransom in exchange for restoring access to data?
Ransomware
What type of phishing attack specifically targets individuals based on their job role or industry?
Spear-phishing.
What does the term "zero-day exploit" refer to?
A zero-day exploit is a method or code used by attackers to take advantage of a zero-day vulnerability.
What is the main difference between symmetric and asymmetric encryption?
Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a pair of keys (public and private) for these processes.
What does "IoT" stand for?
Internet of Things.
What is the primary objective of an incident response team (IRT)?
To manage and mitigate the impact of security incidents
What is the most common goal of a phishing attack?
To trick the victim into revealing sensitive information, such as login credentials or financial information.
Why are zero-day vulnerabilities considered particularly dangerous?
They are dangerous because they are unknown to the software vendor and the public, making them unpatched and susceptible to exploitation
Describe a "man-in-the-middle" attack in the context of encrypted communication.
A man-in-the-middle attack involves an attacker intercepting and potentially altering communications between two parties without their knowledge.
What is "device fingerprinting," and how can it be used in IoT security?
Device fingerprinting involves collecting unique information about devices to identify and track them, which can be used to detect anomalies and secure IoT networks.
What is the role of a Security Information and Event Management (SIEM) system in incident response?
To collect, analyze, and correlate security events and logs from various sources
What is "email spoofing" in the context of phishing?
Email spoofing is the creation of email messages with a forged sender address to make it appear as though it came from a trusted source.
Name a famous zero-day exploit that was used in a large-scale cyberattack.
The Stuxnet worm, which used zero-day vulnerabilities to target Iranian nuclear facilities.
Explain the concept of "padding" in encryption algorithms.
Padding adds extra data to the plaintext before encryption to ensure the data conforms to the block size required by the encryption algorithm.
Describe a "DDoS attack" and its potential impact on IoT devices.
A DDoS attack overwhelms devices with traffic, causing them to become unresponsive or crash. IoT devices can be used as part of a botnet to amplify the attack.
What is the purpose of "threat hunting" in the context of incident response?
Threat hunting involves proactively searching for signs of malicious activity within an organization’s network, often before an incident has been detected.
How can you identify a phishing website based on its URL?
By looking for subtle misspellings, odd domain names, or unexpected subdomains that mimic legitimate websites.
How can a company leverage a "bug bounty program" to address zero-day vulnerabilities?
A bug bounty program incentivizes security researchers to find and report vulnerabilities, including zero-days, by offering rewards for responsible disclosure.
What are "blockchain" and its significance in cryptography and data security?
Blockchain is a decentralized ledger technology that ensures data integrity and security through cryptographic hashing and consensus mechanisms.
Name a common vulnerability found in IoT devices.
insecure default settings
What is "escalation" in the context of incident response, and when should it occur?
Escalation involves bringing in additional resources or notifying higher management when an incident exceeds the initial response team's capabilities.
Describe the concept of "email harvesting" and how it is used in phishing attacks.
Email harvesting is the collection of email addresses from the web, databases, or other sources, which are then used to target individuals in phishing campaigns.
How do "honeypots" contribute to detecting zero-day attacks?
Honeypots attract and capture malicious activity, allowing researchers to study and analyze zero-day attacks in a controlled environment.
Describe the process of "digital signing" and its use in verifying authenticity.
Digital signing involves using a private key to create a unique signature for a message, which can be verified by others using the corresponding public key to ensure authenticity and integrity.
Explain the concept of "secure boot" and its importance for IoT devices.
Secure boot ensures that an IoT device only runs trusted and verified software during startup, preventing the execution of malicious code.