Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
What is TRAC? |
T= Threat R= Research A= Analysis C= Communications |
|
Why does TRAC dissect threats |
To Identify and understand needs |
|
Why does TRAC eliminate Threats |
It eliminates them within the context of Cisco products and services.
NOTE: TRAC will make product improvement and recommendations |
|
How does TRAC perform exploratory data analysis
|
Leveraging advanced statistical and computational techniques to illuminate patterns in vast amounts of data.
|
|
What is a worm? |
A worm executes arbitrary code and installs copies of itself in the memory of the infected computer, which infects other hosts. |
|
What is a virus? |
A virus is a malicious software that is attached to another program to execute a particular unwanted function on a user workstation. |
|
What is a trojan? |
A Trojan horse is different only in that the entire application is written to look like something else, when in fact it is an attack tool.
|
|
What is an APT? |
A = Advanced P = Persistent T = Threat |
|
What does A in APT Mean?
|
advanced or infiltation
|
|
What are the two parts of A in APT? |
1. Reconnaissance 2. Infection |
|
What is Reconnaissance in APT?
|
Actors search open sources to identify and assess targets for collections and entities/relationships to exploit in the attack.
|
|
What is Infection in APT? |
Typically, well-crafted spear phishing e-mails with linked or embedded files containing malicious code serve as the intrusion vector. |
|
What are the 4 parts of persistence in APT? |
1. Establish Backdoors 2. Enumerate the Network 3. Install Utilities 4. Escalate privileges |
|
What does it mean by Establish Backdoors in APT? |
Attackers maintain network footholds by obtaining domain administrative credentials and moving laterally through a network, establishing multiple backdoors. |
|
What does it mean by enumerate the network in APT? |
Persistent threat intruders laterally enumerate a network gathering valid credentials (user accounts and passwords) for multiple systems. |
|
What does it mean by Install Utilities in APT? |
Attackers install any number of several malicous utilities necessary to maintain persistence and ultimately steal information. |
|
What does it mean to escalate privileges in APT? |
With access and persistence established. intruders escalate their privileges and prepare for exfiltration. |
|
What are the 3 phases of exfiltration in APT? |
1. Harvest Data 2. Exfiltration 3. Conceal Activity |
|
What is Harvest Data in APT? |
Specific documents and e-mails containing targeted data are collected and packaged into a single, encrypted, and password-protected compressed file. |
|
What is Exfiltration in APT? |
The intruders exfiltrate the compressed file to another compromised system in their command and control infrastructure. |
|
What is conceal Activity in APT? |
Finally, Intruders either attempt to clean up their tools, maintaining persistence, or set the attack in a dormant state to evade detection while maintaining access. |
|
Name some motives of APT? |
|
|
What percentage of attacks happen on the access layer? |
75% |
|
What is a man in the middle attack? |
This attack requires that the hacker has access to network packets that come across a network. |
|
What are some tools used to implement a man-in-the-middle attack?q |
|
|
What is the new security model? |
|
|
What is Before in the New Security Model? |
|
|
What is During in the New Security Model? |
|
|
What is After in the New Security Model? |
|
|
What is Visibility Driven Strategic Imperatives? |
|
|
What is threat focused Strategic Imperative? |
|
|
What is Platform -Based Strategic Imperative? |
|
|
What is Breadth when referring to Security? |
|
|
What is depth when referring to Security? |
|
|
When dealing with the before in the New Security Model, what are some things you can implement? |
|
|
When dealing with the during in the New Security Model, what are some things you can implement? |
|
|
When dealing with the After in the New Security Model, what are some things you can implement? |
|
|
How to Develop Ecosystems for Cisco Security? |
|