Midterm Q1, Q2 AND EXAM PDF

Preview

Summary

I HOPE THIS HELPS. EVERY QUESTIONS IS IN YOUR MODULES, SO PLEASE READ AND UNDERSTAND THE LESSONS. WE GET THROUGH THIS TOGETHER, LET'S HELP EACH OTHER....

Description

Q1 Information Security Risk (20/20) Seven Stages of lifecycle model. Taking actions to reduce the losses due to a risk; many technical countermeasures fall into this category. Risks not avoided or transferred are retained by the organization. Is a generic term that implies a mechanism in place to provide a basis for confidence in the reliability/security of the system. Not performing an activity that would incur risk. Shift the risk to someone else. Risk Management Procedure consists of six steps.

Are the security features of a system that provide enforcement of a security policy Acceptance, avoidance, mitigation, transfer-are with respect to a specific risk for a specific pary.

Requirements, Design, Coding, Testing, Deployment, Production and Decommission Risk mitigation Risk Acceptance Trust Risk Avoidance Risk Transfer Assess vulnerabilities Prioritize countermeasure options Assess assets Make risk management decisions Assess threats Assess risks Trust mechanism The risk treatment

Q2 The Structure of Cyber Space: The Internet Backbone and National Infrastructure (20/20) Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network. After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network. Making a malware application (for example, a computer Trojan) that, combined with an exploitable security breach, allows remote control. Moreover, PDF (Portable Document Format) files or Microsoft Office suite specific files can be regarded as weapons available to the attacker. Transmitting the weapon to the target environment. Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites. Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself; The main ways of transport are e-mails (attachment of

Command and Control

Action on objective

Action on objective

Weaponization

Delivery Reconnaissance

Prevent Cyber-Atacks

Exploitation

Delivery

infected files), web platforms (running malware scripts), or removable USB memories. Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands; Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control. What are the steps in intrusion model? Infecting a victim system with a computer Trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment; After the weapon is delivered t the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself.

Command and control

Prevent Cyber-Attacks Recon, Weaponise, Deliver, Exploit, Install, C2 and Action Installation

Exploitation

EXAM Research, target identification and selection; it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites. Is the process by which an asset is managed from its arrival or creation to its termination or destruction. What are the steps in intrusion model?

An additional risk occurs when personal information is stored in client accounts on commercial websites, which may become the target of cyber-attacks anytime, so stored data becomes vulnerable is some basic steps in storing personal data. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands. Failure of the mechanism may destroy the basis for trust. The use of complex, unique, hard to guess or break passwords, consisting of numbers, upper/lower case letters and special characters is some basic steps in storing personal data. Infecting a victim system with a computer Trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment. Acronym for TCB? Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories; access security level and service security level. Transmitting the weapon to the target environment. Is a generic term that implies a mechanism in place to provide a basis for confidence in the reliability/security of the system. Making a malware application (for example, a computer Trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable

Reconnaissance

Lifecycle Reason Weaponise Deliver Exploit Install C2 Action TRUE

Command and Control

Trust TRUE

Installation Trusted Computing Base Prevent cyber-Attacks

Delivery Trust Weaponization

Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker; Taking actions to reduce the losses due to risk; many technical countermeasures fall into this category. Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies) is some basic steps in storing personal data. Risks not avoided or transferred are retained by the organization. Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands. Risk Management Procedure consists of six steps.

Are the security features of a system that provide enforcement of a security policy. Acceptance, avoidance, mitigation, transfer-are with respect to a specific risk for a specific pary. Shift the risk to someone else. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local networks. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself; After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network. The main ways of transport are e-mails (attachment of infected files) web platforms (running malware scripts) or removable USB memories Not performing an activity that would incur risk. Seven Stages of lifecycle model

Encrypting all personal information when saved on different storage media is some basic steps in storing personal data Physical security consists in the closure of IT equipment in a dedicated space and the provision of access control After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the selfexecution facility to launch the malware code, or it can be executed by the user himself Is a collection of all the trust mechanism of a computer system which collectively enforce the policy. Is a measure of confidence that the security features, practices, procedures, and architectures of a system accurately mediates and enforces the security policy. Using encrypted versions of protocols when sensitive information is exchange so as to ensure data confidentiality and prevent identity theft is some basic steps in storing personal data

Risk mitigation TRUE Risk Acceptance Command and Control

Assess assets Assess threats Assess vulnerabilities Assess risks Prioritize countermeasure options Make risk management decisions Trust mechanism The risk treatment Risk transfer Action on objective

Exploitation Action on Objective

Delivery Risk avoidance Requirements Design Coding Testing Deployment Production Decommission TRUE Prevent Cyber-Attacks Exploitation

TCB Assurance TRUE...