The only truly secure computer is one that is not turned on, not connected to any network, and stored in a vault. Once you move away from that scenario, you begin to introduce risk, which compounds as the device becomes increasingly accessible along the path to normal everyday use.

There are a number of methods for dealing with risk, with mitigation being one of the most common: trying to minimize the potential for harm as much as possible. Given that security is a domain or subdomain on so many certification exams, it makes sense to focus specifically on this subject.

What follows is a series of questions of varying levels of difficulty on the topic. The answers appear at the end of the questions. Good luck!

1. What does the Cyber Kill Chain model describe in the context of cybersecurity?
A) A framework for secure software development
B) Steps taken by threat actors during a cyber attack
C) Protocols for secure data transmission
D) Methods for encrypting sensitive information

2. In the context of null routing, what is a "blackhole route"?
A) A route with maximum bandwidth
B) A route with minimum latency
C) A route used for load balancing
D) A route that drops all received packets without forwarding them

3. What is the primary purpose of the MITRE ATT&CK Framework?
A) Threat intelligence and adversary behavior understanding
B) Incident response planning
C) Network monitoring
D) Software development

4. How does Endpoint DLP differ from Network DLP (select all that apply)?
A) Endpoint DLP focuses on data in transit, while Network DLP focuses on data at rest
B) Endpoint DLP is cloud-based, while Network DLP is on-premises
C) Endpoint DLP is device-specific, while Network DLP is network-wide
D) Endpoint DLP is software-based, while Network DLP is hardware-based

5. What is the primary goal of CIS Critical Security Controls (CSC)?
A) Enhancing network speed
B) Reducing the number of security controls
C) Streamlining incident response procedures
D) Providing a prioritized set of security measures to mitigate cyber threats

6. Which protocol is commonly used for dynamic IP address assignment in IPAM?
A) FTP
B) SNMP
C) DHCP
D) DNS

7. What is null routing used for in networking?
A) Load balancing
B) Blocking unwanted traffic
C) Speeding up data transmission
D) Reducing network latency

8. What is the primary purpose of the "Delivery" phase in the Cyber Kill Chain?
A) Sending malicious payloads to target systems
B) Establishing a connection to compromised systems
C) Conducting initial reconnaissance activities
D) Escalating privileges on compromised systems

9. What is the Cloud Controls Matrix (CCM) designed to assist organizations with in the context of cloud computing?
A) Cloud service provider selection
B) Data encryption standards
C) Security and compliance assessment
D) Cloud infrastructure monitoring

10. What is the main objective of the "Installation" phase in the Cyber Kill Chain?
A) Installing security patches on compromised systems
B) Establishing a persistent presence on compromised systems
C) Encrypting sensitive data on target systems
D) Conducting reconnaissance activities on the network

11. Which category in the MITRE ATT&CK Framework represents the highest-level tactics employed by adversaries?
A) Tactics
B) Techniques
C) Procedures
D) Tools

12. What is the final stage of the Cyber Kill Chain, where adversaries achieve their primary objectives?
A) Installation
B) Delivery
C) Actions on Objectives
D) Reconnaissance

13. What is the significance of the "Security Operations" domain in the Cloud Controls Matrix (CCM)?
A) Defining encryption standards
B) Managing network infrastructure in the cloud
C) Ensuring compliance with legal requirements
D) Addressing incidents and vulnerabilities in real-time

14. What role does content discovery play in DLP controls:
A) It encrypts data during transmission
B) It identifies and classifies sensitive data
C) It prevents data loss at the endpoint
D) It monitors network traffic for anomalies

15. How does CIS control numbering help organizations prioritize security measures?
A) Controls are numbered randomly for simplicity
B) Lower numbers indicate higher priority for implementation
C) Controls are numbered based on their complexity
D) Higher numbers signify more critical security measures

16. What is a key benefit of implementing IP address subnetting in IPAM?
A) Improved network speed
B) Enhanced security
C) Efficient use of address space
D) Simplified device configuration

17. How does null routing differ from traditional routing?
A) Null routing directs traffic to a specific interface for processing
B) Null routing is used for data encryption
C) Null routing is only applicable to IPv6
D) Null routing is a dynamic routing protocol

18. In MITRE ATT&CK, what is the purpose of the "Initial Access" tactic?
A) Maintaining persistence on a compromised system
B) Escaping detection by security tools
C) Conducting reconnaissance on target organizations
D) Gaining unauthorized access to a network

19. What is the significance of a "vulnerability lifecycle" in vulnerability management?
A) Identifying vulnerabilities before they are disclosed
B) Assessing the potential impact of vulnerabilities on the organization
C) Managing vulnerabilities from discovery to remediation
D) Categorizing vulnerabilities based on their severity

20. In the Cyber Kill Chain, what does the "Reconnaissance" phase involve?
A) Exploiting vulnerabilities to gain access
B) Identifying and selecting target systems
C) Establishing a command and control infrastructure
D) Escalating privileges on compromised systems

21. Which MITRE ATT&CK tactic is focused on actions that adversaries take to maintain persistence on a compromised system?
A) Persistence
B) Execution
C) Defense Evasion
D) Credential Access

22. What is the primary purpose of Center for Internet Security (CIS) benchmarks in cybersecurity?
A) Developing encryption algorithms
B) Conducting penetration testing
C) Managing incident response teams
D) Providing guidance on secure configuration settings

23. Which organization is responsible for developing and maintaining the Cloud Controls Matrix (CCM)?
A) International Organization for Standardization (ISO)
B) Cloud Security Alliance (CSA)
C) National Institute of Standards and Technology (NIST)
D) Information Systems Audit and Control Association (ISACA)

24. What is the purpose of User and Entity Behavior Analytics (UEBA) in the context of DLP controls?
A) Monitor network traffic for anomalies
B) Classify sensitive data on endpoints
C) Control data access in the cloud
D) Analyze user behavior to detect potential threats

25. What is the potential drawback or challenge associated with using null routing?
A) Increased network latency
B) Difficulty in configuring routing tables
C) Risk of dropping legitimate traffic along with unwanted traffic
D) Incompatibility with modern routing protocols

‍

ANSWERS

1. B: The Cyber Kill Chain model outlines the stages that adversaries typically go through during a cyber attack, from initial reconnaissance to achieving their objectives.
2. D: A blackhole route in null routing refers to a route that discards all received packets, providing a mechanism for blocking traffic.
3. A: MITRE ATT&CK provides a comprehensive framework for understanding and categorizing the tactics, techniques, and procedures (TTPs) employed by adversaries during cyber attacks, aiding threat intelligence and defense strategies.
4. C: Endpoint DLP is concerned with data on individual devices (endpoints), whereas Network DLP is implemented at the network level, monitoring and controlling data across the entire network.
5. D: CIS Critical Security Controls aim to provide organizations with a prioritized and effective set of security measures to address and mitigate cyber threats.
6. C: DHCP (Dynamic Host Configuration Protocol) is commonly used in IPAM to dynamically assign IP addresses to devices on a network, simplifying address management.
7. B: Null routing is often used to discard or block unwanted traffic, directing it to a null interface or blackhole, effectively dropping the packets.
8. A: The Delivery phase focuses on delivering malicious payloads, such as malware or exploits, to the targeted systems.
9. C: The Cloud Controls Matrix (CCM) is specifically designed to assist organizations in evaluating the security and compliance posture of cloud service providers.
10. B: The Installation phase involves establishing a persistent presence on compromised systems to maintain access.
11. A: Tactics in the MITRE ATT&CK Framework represent the high-level objectives or goals of adversaries, providing a strategic overview of their intentions.
12. C: The Actions on Objectives phase is where adversaries achieve their primary goals, which could include data exfiltration, disruption, or other malicious activities.
13. D: The "Security Operations" domain in CCM is concerned with addressing incidents and vulnerabilities in real-time, enhancing the overall security posture.
14. B: Content discovery involves scanning and identifying sensitive data within an organization, allowing for better classification and control.
15. B: CIS controls are numbered, and lower numbers generally indicate higher priority for implementation, assisting organizations in prioritizing security measures based on their criticality.
16. C: Subnetting allows for the efficient utilization of IP address space by dividing it into smaller, manageable subnetworks, reducing wastage and optimizing resource allocation.
17. A: Null routing involves directing traffic to a null interface or blackhole, essentially dropping the packets without forwarding them to their destination.
18. D: The "Initial Access" tactic focuses on the methods adversaries use to gain the first entry into a network or system.
19. C: The vulnerability lifecycle involves managing vulnerabilities from discovery through prioritization, mitigation, and ultimately remediation.
20. B: The Reconnaissance phase involves gathering information about potential targets to identify and select specific systems for the attack.
21. A: The Persistence tactic in MITRE ATT&CK covers actions taken by adversaries to maintain long-term access and control over compromised systems.
22. D: CIS benchmarks offer best practice recommendations for secure configuration settings to enhance the overall security posture of systems and applications.
23. B: The Cloud Controls Matrix (CCM) is an initiative of the Cloud Security Alliance (CSA), a leading organization in cloud security.
24. D: UEBA is used in DLP to analyze user and entity behavior, helping to identify abnormal patterns and potential insider threats by assessing user activities and behaviors.
25. C: One potential challenge with null routing is the risk of inadvertently dropping legitimate traffic along with unwanted traffic, so careful configuration is essential to avoid unintended consequences.

‍