Cybersecurity Topics Explained in Full for Exam Prep

1. Describe the following topics in brief:

Zero-day: A software vulnerability unknown to those responsible for fixing it. Hackers
exploit it before a patch is available, making it extremely dangerous.

Business Continuity Plan (BCP): A strategic plan to ensure critical business functions
continue during a crisis (e.g., cyberattack, power outage). Includes backups, alternate
sites, communication, and recovery.

Backdoor: A hidden method of bypassing normal authentication to gain access to a

system. It can be inserted by malware or developers (intentionally or unintentionally).

Malware: Malicious software intended to damage or gain unauthorized access to

systems. Types include viruses, worms, trojans, ransomware, adware, and spyware.

Incident Response: A structured approach to detecting, responding to, and recovering

from cybersecurity incidents. Steps: prepare, detect, contain, eradicate, recover, and
learn.

Risk Management: The identification, assessment, and prioritization of risks followed

by coordinated efforts to minimize or monitor their impact.

Hacker: Someone skilled in technology who breaks into systems. Can be white-hat
(ethical), black-hat (malicious), or gray-hat (mixed motives).

Botnet: A network of infected devices (bots) controlled by an attacker to perform tasks

like spamming, DDoS attacks, or stealing data.

Cyberattack: Any attempt to damage, disrupt, or gain unauthorized access to systems.

Examples include DDoS, phishing, and ransomware attacks.

Security Controls: Tools and procedures to protect systems. Types: physical (locks),
technical (firewalls), and administrative (policies).

Life Cycle of a Cyber Attack: Includes reconnaissance, weaponization, delivery,

exploitation, installation, command and control (C2), and actions on objectives.

Social Engineering: Manipulating people into revealing confidential information (e.g.,

phishing, baiting, pretexting).

Logic Bomb: Code hidden within software that activates when triggered by certain
conditions, causing harm like deleting files.
Risk: The chance of loss or damage when a threat exploits a vulnerability.

Honeypot: A decoy system meant to lure attackers and study their behavior without
harming real assets.

Dark Web: A part of the internet not indexed by traditional search engines, often used
for illicit activities. Accessed via Tor.

IDS & IPS: IDS (Intrusion Detection System) monitors and alerts on suspicious activity.
IPS (Intrusion Prevention System) detects and actively blocks threats.

Firewall: A security device or software that controls incoming/outgoing network traffic to

prevent unauthorized access.

Hacktivism: Hacking for a political or social cause, often targeting government or

corporate entities to make a statement.

Cybercrime: Criminal activities involving computers or networks. Examples: identity

theft, fraud, hacking, data breaches.

Phishing: Fraudulent attempts to obtain sensitive data (passwords, credit card info) via
fake emails, websites, or messages.

2. Types of Malware:

 Virus: Attaches to files and spreads when opened.

 Worm: Self-replicates and spreads without user interaction.
 Trojan: Disguised as legitimate software.
 Ransomware: Encrypts files and demands payment.
 Spyware: Secretly monitors and collects data.
 Adware: Displays unwanted ads.

3. What are APTs (Advanced Persistent Threats)?

APTs are long-term, targeted cyberattacks by skilled hackers (often state-sponsored).

They aim to infiltrate networks stealthily and stay undetected for long periods, stealing
sensitive information.

Why a nuisance:

 Hard to detect
 Use sophisticated, custom-made tools
  Often involve social engineering

4. Identify, Assess, and Prioritize:

 Identify: Discover assets, threats, and vulnerabilities.

 Assess: Evaluate the potential impact and likelihood.
 Prioritize: Rank risks by severity and address the most critical first.

5. IDS/IPS Example Scenario:

Scenario: An e-commerce site faces repeated brute-force login attempts.

 IDS detects the pattern and alerts the admin.

 IPS blocks the attacker’s IP in real time, preventing unauthorized access.

6. Human Factor as Weakest Link:

Humans can:

 Click on phishing links

 Use weak passwords
 Ignore updates

Improvement:

 Security awareness training

 Strong policies and regular testing
 Use of MFA (Multi-Factor Authentication)

7. Motivations Behind Hacking:

 Financial Gain: Fraud, theft, ransomware

 Ideological: Hacktivism
 Revenge or thrill-seeking
 Political or state-sponsored espionage
8. CIA Triad:

 Confidentiality: Data is only accessed by authorized people

 Integrity: Data is accurate and unchanged
 Availability: Systems are up and data is accessible when needed

9. Technical Defense Methods:

1. Firewalls – block unauthorized traffic

2. Encryption – protects data from being read if stolen
3. Antivirus software – detects and removes malicious code

10. Encryption vs. Cryptography:

 Cryptography: The study and practice of secure communication

 Encryption: A cryptographic method to convert plaintext to unreadable
ciphertext

11. Penetration Testing & Vulnerability Assessment:

 Pen Testing: Simulates real attacks to find exploitable weaknesses

 VA: Systematically scans for known vulnerabilities

12. Why is security training a viable security control?

Security training reduces human error, which is a major cause of breaches. Trained
employees:

 Identify phishing and social engineering attempts

 Use strong passwords and follow access control policies
 Report suspicious activity

Training empowers the human firewall and reinforces the organization’s security
posture. Regular training ensures everyone stays updated with emerging threats.
13. Lifecycle of a Cyberattack Through Malware:

1. Infection: Malware gains access via phishing, USB drives, or downloads.

2. Persistence: Installs itself deeply (e.g., rootkits) to survive reboots.
3. Communication: Connects to command-and-control servers to receive
instructions.
4. Control: Exfiltrates data, encrypts files, or hijacks system resources.

14. Why Are Data Breaches & Cyber-Attacks Happening?

 Poor security hygiene (weak passwords, outdated systems)

 Human error
 Sophisticated cybercriminals using social engineering
 Organizations not patching known vulnerabilities

15. Importance of Staying Updated in Cybersecurity:

 Threats evolve daily (e.g., zero-days, AI-based attacks)

 Tools and defenses rapidly change
 Updated knowledge helps detect, respond, and prevent breaches
 Regulatory compliance (e.g., GDPR, HIPAA) requires it

16. Why BCP is Important (Scenario-Based):

Scenario: A ransomware attack encrypts all data.

 BCP in action: Systems switch to backups, communication continues via

alternate channels, critical services resume using recovery plans. BCP prevents
chaos and massive losses.

17. Logging and Monitoring:

 Logging: Recording system events (logins, file access)

 Monitoring: Continuously reviewing logs to detect threats
Why important?

 Helps detect and investigate breaches

 Ensures accountability
 Supports compliance audits

18. Privilege Escalation:

Gaining higher access rights than assigned.

 Vertical: From user to admin

 Horizontal: From one user to another’s privileges

Necessary to understand because:

 Attackers exploit this to gain full control

 Prevention involves access control, patching, and monitoring

19. Terrorist Groups vs. Hacktivists:

Category Terrorist Groups Hacktivists

Goal Destruction, fear Awareness, protest
Tactics Cyberterrorism Website defacement, data leaks
Motivation Political/religious extremism Activism/social justice

20. Motivations Behind Hacking (Expanded):

 Profit: Ransomware, credit card fraud

 Politics: Cyberwarfare, protest
 Challenge/Fun: Script kiddies, thrill-seekers
 Corporate Espionage: Stealing trade secrets
 Revenge: Disgruntled insiders

21. Amateur, Professional, and Ethical Hackers:

 Amateurs: Limited skills, use ready-made tools

 Professionals: Skilled, often hired by governments or companies
 Ethical Hackers (White hats): Legally test systems to improve security
They differ in skills, intent, and legality.

22. Risk Handling Strategies:

1. Avoidance: Remove the risk entirely (e.g., not using certain software)
2. Reduction: Apply controls to reduce impact (e.g., firewalls)
3. Transfer: Use insurance or outsource risk (e.g., cloud security)
4. Acceptance: Acknowledge and prepare for minor risks

23. Opportunist Insider Threats:

An insider (employee/contractor) may:

 Leak data for profit or revenge

 Steal intellectual property
 Sabotage systems or reputation

Mitigation: Monitoring, access restrictions, and background checks

24. Why Data Breaches Keep Happening:

(Repeated from Q14)

 Lack of updates
 Weak passwords
 Insider threats
 Sophisticated phishing/social engineering
 Misconfigured systems

25. Physical Security:

Protection of hardware and infrastructure from physical threats.

Importance: Prevents unauthorized access, theft, and tampering.

Methods:
  Security guards, CCTV
 Biometric access controls
 Secure server rooms
 Lockable devices

26. Target 2014 Cyberattack:

a. How it happened: Attackers entered through a third-party HVAC vendor’s

credentials and moved laterally.
b. Root cause: Poor vendor access controls and network segmentation.
Key Lessons:

 Limit vendor access

 Segment networks
 Monitor unusual activity

27. Edward Snowden Case:

a. Who: Former NSA contractor

b. What he did: Leaked classified info about mass surveillance programs
c. Root causes:

 Excessive privilege access

 Weak monitoring of contractors

28. Sony 2014 Data Breach:

a. How: Spear phishing and malware (Guardians of Peace group)

b. Root cause: Poor internal controls and outdated infrastructure
CISO Action Plan:

 Improve endpoint protection

 Educate employees
 Strengthen network segmentation and response plans

29. Honeypots and IT Risk Management:

a. Honeypots: Fake systems designed to attract attackers. Helps in:

 Studying attack behavior

 Diverting attackers
 Enhancing intrusion detection

b. IT Risk Management:

 Identifies and prioritizes threats

 Applies controls to reduce impact
 Includes avoidance, mitigation, transfer, acceptance

30. Cybercrime, Logic Bombs, Botnets & Physical Security:

a. Cybercrime: Illegal use of computers/networks.

 Logic Bombs: Code triggered by events (e.g., time, login)

 Botnets: Networks of compromised devices under hacker control

b. Physical Security: (See Q25)

31. Social Engineering and Phishing:

a. Social Engineering: Manipulating people to reveal info

 Prevention: Training, verification processes, simulated phishing tests

b. Phishing: Mass fake emails

Spear Phishing: Targeted, personalized fake messages (e.g., pretending to be your
boss)

32. Access Control:

Mechanism to restrict access to systems and data.

Types:

 DAC (Discretionary Access Control)

 MAC (Mandatory Access Control)
 RBAC (Role-Based Access Control)
 ABAC (Attribute-Based Access Control)
33. What is RBAC?

Role-Based Access Control – Access is based on user’s role within an organization.

34. RBAC Access Basis:

Access is granted according to roles (e.g., HR, IT) and predefined permissions.

35. MAC Rule Definition:

In Mandatory Access Control, access rules are defined by system administrators or

security policies, not end-users.

36. DAC Access Control:

In Discretionary Access Control, resource owners decide who can access their
resources.

37. ABAC Access Decisions:

In Attribute-Based Access Control, access is based on policies that evaluate user,

resource, and environment attributes.

38. IAAA Explained:

 Identification: Who are you? (e.g., username)

 Authentication: Prove it (e.g., password)
 Authorization: What can you do?
 Accounting: What did you do? (e.g., logging)

Example:

 Swipe ID card → enter password → access files → actions logged

39. MITRE ATT&CK Framework:

A knowledge base of attacker tactics, techniques, and procedures (TTPs). Helps in:

 Threat modeling
 Defensive planning
 Red teaming

40. OWASP & Top 10:

OWASP: Open Web Application Security Project – nonprofit improving web app
security

OWASP Top 10:

 A list of the most critical web app security risks (e.g., SQL Injection, XSS, broken
authentication)
 Used for awareness and secure coding practices