Gallaugher, J. (2015)
Threats and Attacks
Threats and Attacks
What is the main objective of a “ransomware” attack? A) Steal credentials
B) Encrypt files and demand ransom
C) Use the computer to mine cryptocurrencies
D) Permanently delete files
B) Encrypt files and demand ransom
What's the first line of defense against cyber attacks? A) Antivirus software
B) Employee awareness
C) A firewall
D) A VPN connection
B) Employee awareness
Which method can an internal attacker use to discreetly exfiltrate sensitive data?
A) Sending by email
B) Printing documents
C) Using personal cloud storage
D) All of the above
E) A) and C)
D) All of the above
What's the best strategy for combating internal cyber attacks?
A) Limit employee access to systems
B) Increase the IT budget
C) Use more powerful firewalls
D) Ban social networking in the office
A) Limit employee access to systems
Which attack method enables a hacker to execute malicious code on a server by manipulating database entries?
A) Phishing
B) Brute force
C) SQL injection
D) Man-in-the-Middle
C) SQL injection
Which security protocol is considered obsolete and vulnerable to attack?
A) WPA2
B) WEP
C) SSL
D) TLS 1.2
B) WEP
Which technique enables a malicious employee to access information to which he or she is not supposed to have access?
A) Privilege escalation
B) Dictionary attack
C) Network sniffing
D) DNS injection
A) Privilege escalation
Which measure identifies suspicious behavior?
A) Block access to certain sites
B) Implement continuous activity monitoring
C) Reinforce passwords
D) Prohibit teleworking
B) Implement continuous activity monitoring
Explain how an attacker can use social engineering to circumvent cybersecurity measures.
Psychologically manipulating victims into divulging sensitive information - Social engineering relies on deception and the exploitation of human trust, for example by posing as a technical support employee to obtain a password.
Why is network segmentation an effective strategy against cyber attacks?
Segmentation limits the propagation of an attack by compartmentalizing different parts of a network - By separating critical systems from less sensitive ones, an attacker is prevented from gaining easy access to the entire network in the event of a compromise.
Why do companies struggle to detect insider threats before an incident occurs?
Because malicious employees already have legitimate access to systems - Unlike external attackers, insiders can bypass firewalls and other perimeter protection.
Why is auditing subcontractors essential for cybersecurity?
Because suppliers can be an attack vector if they don't comply with security standards - The Target example in 2013 shows how a single flaw in a supplier can compromise an entire company.
What kind of cyberattack uses a network of compromised machines to overwhelm a server with simultaneous requests and render it unavailable?
DDoS (Distributed Denial of Service) attack - A DDoS attack uses a botnet to send a large number of requests to a server, overloading it and rendering it inaccessible.
What's the difference between a zero-day attack and a brute force attack?
A zero-day attack exploits an unknown, unpatched vulnerability, while a brute force attack attempts to guess a password by testing a large number of combinations. - Zero-day attacks are particularly dangerous because they target as yet undocumented vulnerabilities, whereas brute force attacks rely on computing power to crack weak passwords.
Explain how an internal attacker can bypass a system for detecting suspicious behavior.
Act slowly and mimic the habits of legitimate employees - An inside attacker can avoid attracting attention by gradually downloading files or using normal schedules to access critical systems.
Why is implementing a “zero trust” program more effective than simply monitoring access?
Because it limits access to what is strictly necessary, and constantly verifies user identity - A “Zero Trust” model considers that all connections must be authenticated in real time, thus limiting the risks associated with abusive internal access.