1.2 Defense Planning
Preventing an employee from connecting to the network using a personal device is an example of this layer from the Layered Security Model.
"Preventing an employee from connecting to the network using a personal device is an example of ..."
Preventing an employee from connecting to the network using a personal device is an example of Layer 1: Policies, Procedures, & Awareness.
An employee stealing company data could be an example of which kind of threat actor?
"An employee stealing company data could be an example of ..."
An employee stealing company data could be an example of which kind of an internal threat.
What is a backdoor and why is it important to the threat agent?
"A backdoor is ... and it is important to the threat agent because ..."
A backdoor is a way for a threat agent to gain access to the system in a manner that is easy for the threat agent and it is important because it allows a threat agent to access the system without going through the time of doing reconnaissance or the breaching process again.
Describe what it means to have layered defenses.
"Layered Defenses mean ..."
Layered Defenses means to have multiple forms of defense against cyberattacks so that if the attacker breaches one layer of defense, hopefully the next layer will stop the breach.
Describe a PUP and what a PUP stands for.
"A PUP stands for ... , which means that a PUP is ..."
A PUP stands for a Potentially Unwanted Program which means that a PUP is any program that may have or may not have a malicious intent which the owner of the computer may not want on their system.
This layer often merges with the Perimeter layer because they share some interrelated domains, however it is often beneficial to approach them as two separate layers...the Perimeter Layer being external and this layer being internal.
"The ... Layer often merges with the Perimeter Layer because ..."
The Network Layer often merges with the Perimeter Layer because they share some interrelated domains, however it is often beneficial to approach them as two separate layers.
A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization is the definition of this type of threat actor.
A hacker is a general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
Describe the sympathetic approach to social engineering. Give an example.
"The sympathetic approach to social engineering is ..."
"An example of the sympathetic approach to social engineering is ..."
The sympathetic approach to social engineering is then the threat agent pretends to be a person who belongs to the organization or affiliated with the organization and plays off of a person's sympathy to gather intelligence or gain access.
An example of the sympathetic approach to social engineering is an agent who pretends to be a mail person carrying heavy boxes so that someone will open the door for them.
Describe how randomness may be implemented to add to a Layered Defense Strategy. Give a reason why.
"Randomness may be implemented to add to the Layered Defense Strategy by ..."
Randomness may be implemented to add to the Layered Defense Strategy by randomizing the password timeouts so that attackers won't know for how long compromised password credentials will be valid. This way, attackers will feel rushed and won't take time to fully infiltrate the computer.
Finish this sentence:
"Crimeware is a special type of spyware in which the malware ..."
Crimeware is a special type of spyware in which the malware is designed to steal a user's identity, bank accounts, or any financial information that may be of use to the threat actor.
Give an example of 3 components components of the Physical Layer. Write this in a sentance. You may start it like:
"The physical layer is composed of ..."
The physical layer if composed of fences, door locks, man-traps, turn-styles, device locks, server cages, cameras, motion detectors, and even environmental controls.
This type of threat actor seeks to defame, shed light on, or cripple an organization or government.
"... seeks to defame, shed light on, or cripple an organization or government."
A hacktivist seeks to defame, shed light on, or cripple an organization or government.
What is the third phase of the General Attack Strategy and what happens in that phase?
"The third phase of the General Attack Strategy is ... and what happens in this phase is ... "
The third phase of the General Attack Strategy is to Escalate Privileges which means that the attacker will increase their access to sensitive information or actions which will enable them to execute their exploit easier or on a larger scale.
What is the idea behind simplicity and how does it contribute to a Layered Defense Strategy?
"Simplicity is ... and it contributes to a Layered Defense Strategy because ..."
Simplicity is the idea that a simple defense strategy is better than a complex strategy and it contributes to a Layered Defense Strategy because complex strategies won't be implemented effectively while it is easier to implement and become an expert in simplistic strategies, thereby making the Layered Defense Strategy more effective against threats.
Why are threat actors using Crypto Malware instead of Ransomware?
"Threat actors are using Crypto Malware instead of Ransomware because ..."
Threat actors are using crypto malware instead of ransomware because sometimes the victim of a ransomware attack refuses to pay the ransom, whereas a crypto malware attack guarantees profit for the attacker.
A firewall is an integral device which belongs to this layer.
"The firewall is an integral device which belongs to ..."
The firewall is an integral device which belongs to the Perimeter Layer.
Using complete sentences, list 3 motivations for a hacker.
"Three motivations of a hacker are ..."
The three motivations for a hacker are financial gain, political gain, or merely acting out for the challenge.
Describe the intimidation tactic of social engineering.
"The intimidation tactic of social engineering is when ..."
The intimidation tactic of social engineering is when the threat agent will try to sound like someone who has authority in the organization. They may attempt to intimidate employees with threats of discipline to acquire access to sensitive information or locations.
List two steps that companies can enact to protect against an Insider threat actor.
"Steps that companies can enact to protect against an insider threat actor include ..."
Steps that companies can enact to protect against an insider threat actor include creating and following on boarding and off-boarding procedures, employing the principal of least privilege, and having appropriate physical security controls in place.
How does a firewall prevent the attack from a remote access trojan?
"A firewall prevents the attack from a remote access trojan by ..."
A firewall prevents the attack from a remote access trojan by closing ports, thereby cutting off communication between the remote access trojan and the threat actor.
What defense strategy would be implemented at the Data Layer of the Layered Security Model.
"... is a defense strategy that would be implemented at the Data Layer of the Layered security model."
Cryptography is a defense strategy that would be implemented at the Data Layer of the Layered Security Model.
What makes a nation state so dangerous to cybersecurity experts?
"A nation state is so dangerous to cybersecurity experts because ..."
A nation state is so dangerous to cybersecurity experts because nation states have the money and resources to guarantee infiltration no matter what kind of security is implemented.
Describe two technical exploits that may be implemented during the Reconnaissance Phase of the General Attack Strategy.
"Two technical exploits that may be implemented during the Reconnaissance Phase of the General Attack Strategy are ..."
Two technical exploits that may be implemented during the Reconnaissance Phase of the General Attack Strategy are a ping sweep where the attacker sends out an echo request to see what computers respond and a port scan where the attacker searches every port to identify ports that are left open.
Describe the Principle of Least Privilege.
"The Principle of Least Privilege is ..."
The principle of Lease Privilege is a security concept which maintains that a user or entity should only have access to the specific data, resources, and applications needed to complete a required task.
Why are rootkits so dangerous?
"Rootkits are so dangerous because ..."
Rootkits are so dangerous because they integrate into the operating system and thus operate below the antivirus, thus remaining undetectable.