CCT 153: CISSP Practice Questions - Ransomware Attacks and Understanding IoT Trustworthiness (Domain 5)
Jun 27, 2024Could a seemingly minor breach at a smaller bank signal bigger vulnerabilities in our financial system? On this episode of the CISSP Cyber Training Podcast, we deliver eye-opening insights on a recent cybersecurity incident involving the notorious ransomware group LockBit. While the U.S. Federal Reserve remained untouched, Evolve Bank and Trust became their latest target. We'll break down what happened, why it matters, and what it means for the cybersecurity landscape. But that's not all – we also dive into critical CISSP practice questions from Domain 5, focusing on essential concepts like identification, two-factor authentication, and the "something you are" factor in multi-factor authentication (MFA). Sharpen your skills and prepare for your CISSP exam with our expert guidance.
Shifting focus in the latter half, we explore the transformative impact of machine learning algorithms and geofencing policies on cybersecurity. From detecting phishing attempts to adjusting security policies based on geolocation, we delve into how these technologies are revolutionizing threat detection and response. We also tackle the challenges of authenticating IoT devices and discuss the innovative concept of device trustworthiness scores. Plus, the balance between the high-security benefits and privacy concerns of biometric technology is a hot topic. By treating individuals as sensors and leveraging real-time alerts, these advancements are not just enhancing security but also reshaping the very fabric of cybersecurity. Join us as we unpack these complex yet fascinating topics to give you actionable insights for your cybersecurity journey.
Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
TRANSCRIPT
Speaker 1:
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started, let's go. Let's go cybersecurity knowledge. All right, let's get started. Good morning it's Sean Gerber with CISSP Cyber Training, and hope you all are having a beautifully blessed day today. Today is CISSP question Thursday, and today we're going to be publishing or going to be talking about different questions that are tied to the domain of the week. The domain this week is domain five, and so we're going to be getting some questions that are tied specifically to domain five. But before we do, there was a little bit of an article that came out just recently about LockBit and, as you all know, lockbit is a ransomware group that has been around for some time and they were taken down. Supposedly, a big chunk of their organization was taken down and they had a. I saw just a couple days ago that they said that they had actually hacked the federal reserve. Well, as we get more information on this, the remaining lock bit ransomware group that's still active. They did not appear to have gotten into the us federal reserve, but they did get into a bank that was tied to, or at least had some connections with, the Federal Reserve, because, like all banks do and the assumption is that this individual whoever was reading it knows English and saw Federal Reserve after getting into this bank called the Evolve Bank and Trust, and it's pretty much a small. Basically, the article that's posted there on Security Week talks about it as a very small financial services company rather than the United States Central Bank, and it kind of talks about more or less how they got this information a little bit, but it's more PII, social security numbers, date of births, those type of things were the things that were collected from the lock bit attack, but at this point in time they don't feel that they actually got into the Federal Reserve. So, interesting part though, you can know that they're constantly at trying to get into the various organizations within the United States to make sure that they can do whatever they can One. It's from a publicity standpoint. It's also from the standpoint of having gaining access to the Federal Reserve would be a big win for them. I's also from the standpoint of having gaining access to the Federal Reserve would be a big win for them. I would hope that the Federal Reserve wouldn't be as easy as getting it online and they can get in there, but you never really know because of the way things are. Who knows what could actually happen? So again, this is. Again. Blockbit did not get into the Federal Reserve. They did get into a small bank called Evolve and they have not got anything other than that.
Speaker 1:
So we're going to proceed on to our CISSP questions of the week and this is over again. Domain five Okay, so this is going to be tied around. It's, like I said before, domain five, all right. So question number one what is the primary objective of identification? A to prove the user is genuine. B to present claims about a subject. C to grant access to resources. Or D to ensure data encryption. What is the primary objective of identification? It is B. The main goal of identification is to present claims about a subject, usually by providing credentials like, such as username, and it serves as the initial step before authentication process and usually and actually validates those claims. So it's to present claims about a subject.
Speaker 1:
Question two which method provides two-factor authentication? A biometrics and a PIN? B password and username, c smart card, d username which method provides two-factor authentication? And two-factor authentication does involve two different types of verification methods, so hence, it would be A biometrics and a PIN. Biometrics, obviously, is something that you are and a PIN is something that you know, making it a full two factor.
Speaker 1:
Question three what is the something you are factor in MFA A password, b smart card, c biometrics or D PIN? And the answer is B or not. B, it's C biometrics. Biometrics is something you are. I was thinking B, as in biometrics. No, it is C biometrics, it is something that you are, which could include fingerprint scans, facial recognition or potentially even iris scans. This factor is unique to each individual.
Speaker 1:
So which of the following is not a benefit of MFA? A lower costs, b increased security. C reduced risk of phishing. Or D compliance with regulations. So which of the following is not a benefit of MFA? We talked about MFA as multi-factor authentication, so which one is not a benefit of it? So last three increased security, reduced risk and compliance are all benefits of MFA is multi-factor authentication. So which one is not a benefit of it? So last three increased security, reduced risk and compliance are all benefits of MFA. So the answer is A lower costs. Mfa increases security. It often comes with a financial cost and I will say and if you add any MFA into your environment, it can come from a financial aspect, you know, physically costing you capital to set it up, but it also can cost from an opportunity cost standpoint, because it's just more training and teaching you have to accomplish. But there's hardware, software and administrative overhead that does make it a bit more costly than just doing nothing, obviously, but it does add a lot of benefits to your organization. In today's world it's highly worth the money spent.
Speaker 1:
Question five what is the primary security concern of SSO? A complexity, b scalability, c lack of user training or D session fixation? Okay, primary security concern of SSO? Now, each of those A, b and C are a concern. However, the primary security concern would be D session fixation. Now this comes with single sign-on sessions where there's a fixation attack. Now these attacks occur when an unauthorized user fixes the session identifier for the authorized user, thereby giving control over the session to the attacker. That is session fixation. That is probably one of the bigger security concerns, just because of the fact that they could gain access to your MFA or your SSO environment?
Speaker 1:
Question six which is not a typical use case for federated identity? A e-commerce, b social networking, c digital signatures, d enterprise collaboration? And the answer is C digital signatures. These are not a typical use case for federated identity, because the basically comes down to is their focus on allowing users to use the same credentials across different systems that's when you have digital signatures or even across different organizations. That's why they're tied, not particularly to federated identity.
Speaker 1:
Question seven which regulation mandates strict access controls in healthcare? A HIPAA, b GDPR, c PCI DSS or D CCPA, which is the California Consumer Privacy Act or Consumer Privacy? Yeah, california was first, I think. And the answer is A HIPAA. Obviously the HIPAA, if you know the acronyms, is the Health Insurance Portability and Accountability Act, hipaa. It mandates strict controls for accessing healthcare information and it sets some of the most stringent guidelines that can be managed as it relates to medical records. Under all of these various conditions, question seven no, actually, question eight, I just did question seven. Ha ha, question seven. No, actually question eight, I just did question seven.
Speaker 1:
Question eight what is the primary focus of PCI DSS regarding authentication? A data minimization, c user consent, c secure authentication methods or D data portability. The answer is C. The primary focus of a PCI DSS regarding authentication is C secure authentication methods. The PCI DSS does place a focus on secure authentication. Obviously, they want you to ensure that you have a solid authentication strategy when you're dealing with credit card transfers. So this is why it's important and it does tie very strongly into the cardholder data and how important that is. There are specific guidelines to protect sensitive information during these various transactions. Question nine no-transcript Facial recognition, fingerprinting that's B, c is iris scans or D is voice recognition.
Speaker 1:
Again, which of the following biometric identifications is the least invasive in terms of privacy? And that would be D voice recognition. It's considered the least invasive compared to other biometric techniques such as facial recognition and fingerprinting. Voice data is less revealing from physical characteristics. However, as we deal with AI, that can cause some challenges as well, because it's much easier to copy people's names or copy people's voice. Hence, with all these podcasts that I've done, somebody probably could make some voice password thing that would replicate my voice if you could do it. So that'd be probably bad. Good thing, I don't have any voice password type stuff.
Speaker 1:
Question 10. How does blockchain improve identification security? A centralization, b immutability, c role-based access or D none of the above, okay. So how does blockchain improve identification security? And the answer is B immutability. Okay, so one of the most significant advantages of blockchain is the actual immutability. Okay, so once you add data to that blockchain, it cannot be easily altered and the technology is very resistant against tampering and therefore it improves the overall identification of the secure identification security. I've seen this being used in it's kind of cutting edge. Right now, everybody uses blockchain from an identification standpoint, but you're seeing a little bit more of that being embedded within their identification methods and their identification tools.
Speaker 1:
What is a behavioral analytics primary use for as far as it relates to identification and authentication? This is question 11. What is behavioral analytics primarily used for in identification and authentication? A Anomaly detection, b Password management, c Data encryption or D Access control. Question is what is behavioral analytics primarily used for in the identification and authentication aspects? And it is a behavioral analytics primarily focused on monitoring user behavior and therefore it's looking for any sort of anomalous activity. You have machine learning algorithms that are a range of factors such as navigation paths. You know, obviously, where did you click Time spent on the tasks. Are you spending enough time or not enough time, and then other ways to flag inconsistencies that could indicate a potential security issue. It's more or less monitoring how you do business and then, therefore, if an attacker does business different than you, it would be a risk score and it would then flag an anomaly.
Speaker 1:
Which AI-based method adapts over time to a user's typical authentication methods? So question 12 is which AI-based method adapts over time to a user's typical authentication methods? A Risk-based authentication, b Gate analysis, c Semantic analysis or D Adaptive MFA? Okay, so which AI-based method adapts over time to a user's typical authentication methods? So now, if you don't know the answer to this question, you just got to kind of start tearing it apart. What AI-based method? So that would be a first part of it, and it looks at user's typical authentication methods. So you're dealing with authentication pieces. So there's two parts to this question, and the answer is D adaptive MFA. Two parts of this question and the answer is D adaptive MFA. Adaptive MFA uses machine learning models that adapt over time to a user's typical authentication method and it assesses in real time and adjusts based on the authentication factors accordingly. So what it's basically doing is it's watching how you would normally do your MFA and if it would be out of band or out of normal pattern, it would then have a. It would raise a risk score based on that.
Speaker 1:
Question 13, what do algorithms and social media analytics look for to flag potential identity fraud? They look for A public posts, b inconsistencies with online profiles, c number of friends or D personal preferences. What algorithms and social media analytics look to flag potential identity fraud? And it would be B inconsistency in online profiles. So it's looking for the analytics tied to your profile and it looks for any consistencies, such as differences in names, locations and work histories to flag potential identity fraud. Again, it's just trying to pull all that information in which would flag it. And really, when it comes right down to it is if the robot, you know people, if you were hired an investigator for them to dig into this, they would probably find these problems of fraud against your identity. But it would take time. That's where the machine, the robot, can do this for you in a much faster and a much more effective manner.
Speaker 1:
Question 14. What does semantic analysis do for chatbot security? A Scan attachments, b Anomaly detection, c Understand user intent or D Encrypt chat. So now, if you look at the term again, semantic analysis do for chatbot security. Semantics deals with words, right, so you'd know you could automatically throw out scan attachments, anomaly detection and maybe the encrypt chat might be there, but you definitely could throw out those first two. And the C is understand user intent. So the ultimate goal of this is it looks at what was the user's intent and what was the structure and meaning of their inputs to provide an extra layer of verification. If it sounds like it doesn't make any sense, when the user's intent is different than what you would anticipate, that's when it will raise a risk score flag. Now again, when I talk about this a lot of times, just because there's an error that's put into these, it will not automatically say that there's an attack or there's something being done against an account. It will raise a risk score and that risk score, if it goes high enough, that's when it will alert people that there might be a potential fraud situation. But it doesn't just automatically do that, because sometimes people make mistakes. But therefore it's all about the risk score and about all the different levels that you would create or that you could potentially act upon to create a higher risk.
Speaker 1:
Question 15, what action does a machine learning algorithm take when it detects a phishing attempt? A quarantine the email. B notify the system administrator. C delete the email or D send real-time alerts to users. Question is what action does machine learning algorithms take when it detects a phishing attempt and it is? D send real-time alerts to users? I don't know if you've ever noticed this before, but I've had this happen to me a couple times, where it will send a real-time alert to me, such as if a phishing attempt has been detected. This immediate notification can really add a lot of value, especially if you notice that it's happening right, and we talk about this within all of our training of our employees and done this through years, from being with the military to my current employment. One of the big factors is treat each person as a sensor. They are your first and in some cases, unfortunately your last line of defense. So if you can teach them that there's an issue, that they raise that up, great Well. Now, if you have alerts that can come in real time, then that can help speed up that remediation process.
Speaker 1:
Question 16. What is the main function of dynamic policies in geofencing? A Monitor IoT devices. B Anomaly detection for devices. C Adjust security policies based on geolocation data or D Assign device trustworthiness scores. Okay, what is the main function of dynamic policies in geofencing? A monitor devices. B anomaly detection for devices. C adjust security policies based on geolocation or. D assign device trustworthiness. The answer is C adjust your policies based on the geolocation data so you can do this. For example, you might have access requests that are coming from an unfamiliar location. They might require an additional authentication step. So if you normally have people in the United States and all of a sudden you have an executive that's flying to Asia, maybe you want to add an additional authentication step just to double check to make sure that account is legit.
Speaker 1:
Question 17, what do pattern recognition algorithms in credential stuffing prevention primarily look like? A Encryption patterns. B Patterns consistent with automated bots. C Password complexity or D Geographical patterns. What do pattern recognition algorithms in credential stuffing prevention primary look for? Okay, so we're looking at, we're breaking this down pattern recognition algorithms and credential stuffing. So if you're dealing with pattern recognition, you want something that deals with the patterns that are consisted with automated bots. That's your look for the pattern piece of this, and so that is a key factor. And then, when you're dealing with credential stuffing, you'll need to know that that's just the attack that takes all the credentials that are out there and starts trying to stuff them into the very, trying to basically do various attempts and by doing that it will try to obviously log you in. But if you can get the pattern recognition around this and you realize that the bot is determining oh, this person is just putting in credentials of various methods they then can go ahead and flag that as a problem. So this is a really good way to help highlight there could be an issue with credentials being stuffed into various accounts and trying to log in.
Speaker 1:
Question 18, what do machine learning algorithms in IoT device authentication mainly flag? Okay, machine learning algorithms in IoT device authentication. What do they flag? A insecure passwords no, that's not true. B unusual activities yes, that would be possibly true. C firmware vulnerabilities Possibly, but probably not. And then D physical tampering. They typically don't deal with the physical aspects. So if you're dealing with machine learning and IoT authentication, it would be B unusual activities. Machine learning algorithms in the IoT authentication methods will mainly flag based on usual activities that deviate from the device's normal behavior, and the nice part about IoT is their normal behavior is pretty consistent.
Speaker 1:
Question 19, what is a device trustworthiness score A a trust score based on IoT device security posture and past behavior. B a credit score for individuals. C risk assessment for network devices. Or. D a reputational score for organizations. So what is a device trustworthiness score? Well, you can really quickly pull out a couple there where you're dealing with credit scores for individuals and reputational scores for organizations. Yeah, you can throw those out, but when you're dealing with the device, you want to have a trust score based on the IoT's device security posture and its past behavior. So if you know that the IoT device has done certain things in the past and you know how it's set up with its security, you then can create a trust score based on that information. So if it's consistently doing one way of creating device providing information for you, and then you also know that the score has got, or the device itself has got, some level of authentication in place, then you can increase its risk or its score as it relates to its security posture and then, therefore, it gives you this trust based on all the other IoT devices that are out there.
Speaker 1:
Question 20, what future technology is debated for its high security benefits but potential privacy invasiveness? A blockchain, b Geofencing, c Social media analytics or D Biometrics. Again, what are the security benefits? High security benefits, but potential privacy invasiveness. And that would be D Biometrics. Biometrics are often debated for its ability to provide high levels of security, but at a potential cost of an individual privacy. These techniques, such as facial recognition, can be highly invasive and collect potential personal data. Okay, that's all I have for today.
Speaker 1:
Again, you can go to CISSP Cyber Training. You can get all of these questions available to you and many, many more, all at CISSP Cyber Training. Also, you can check out my YouTube channel. You'll see some of these questions will show up eventually. I don't put all these out right away, but they do show up at some point in time. They will be pushed to YouTube. You can also go to my website and I will put these on the blog as well. You'll see some of these that show up out there. All right, have a wonderful day and we will catch you on the flip side.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!