Framework

Question 1

What are MITRE ATT&CK?

Answer 1

Catalogs a wide range of tactics and techniques observed during
real-world attacks

Question 2

MITRE ATT&CK
Divides into categories/tactics such as

Answer 2

● Initial Access
● Execution
● Persistence
● Privilege Escalation
● Defense Evasion

Question 3

What are the OWASP?

Answer 3

Open Web Application Security Project

Question 4

What are the OWASP Top 10?

Answer 4

Identifies the ten most critical web application security risks

Question 5

What are the Current OWASP Top 10?

Answer 5

■ Broken Access Control
■ Cryptographic Failures
■ Injection
■ Insecure Design
■ Security Misconfiguration
■ Vulnerable and Outdated Components
■ Identification and Authentication Failures
■ Software and Data Integrity Failures
■ Security Logging and Monitoring Failures
■ Server-Side Request Forgery

Question 6

What are OWASP - Broken Access Control?

Answer 6

Occurs when restrictions on user actions are not properly enforced

Unauthorized access to functionality or data

Question 7

What are OWASP - Cryptographic Failures?

Answer 7

Failures related to managing sensitive data securely, including improper encryption

Compromises data confidentiality and integrity

Question 8

What are OWASP - Injection Flaws

Answer 8

Untrusted data sent to an interpreter as part of a command or
query, leading to unintended commands or unauthorized data
access

Execution of unintended commands or access to unauthorized data

Question 9

What are MASVS?

Answer 9

OWASP Mobile Application Security Verification Standard

Question 10

What are MASVS-STORAGE?

Answer 10

Secure storage of sensitive data (personal details, user credentials,
financial information)

Ensures data is protected through encryption and prevents data
leakage

Shields sensitive data from unauthorized access and breaches

Question 11

What are MASVS-CRYPTO?

Answer 11

Cryptographic measures to protect sensitive data

Emphasizes using strong, industry-standard encryption methods

Ensures cryptographic keys are of sufficient length and managed
properly

Question 12

What are MASVS-AUTH?

Answer 12

Covers authentication and authorization processes

Ensures strong mechanisms to verify user identities and grant appropriate
access rights

Uses secure protocols and additional authentication for sensitive
operations

Question 13

What are MASVS-NETWORK?

Answer 13

Addresses security of network communications between the mobile app and remote endpoints

Protects data in transit against interception, tampering, and
eavesdropping

Uses protocols like SSL/TLS and certificate pinning

Question 14

What kind of protocols uses MASVS-NETWORK?

Answer 14

SSL/TLS

Question 15

What are MASVS-PLATFORM?

Answer 15

Secure interaction between the app and the underlying mobile
platform and other apps

Addresses issues like inter-process communication and WebViews

Ensures sensitive data isn’t leaked through platform mechanisms

Question 16

What are MASVS-CODE?

Answer 16

Deals with secure development and maintenance of the app’s code

Emphasizes keeping the app and its operating system up to date

Treats all incoming data as untrusted, verifying and sanitizing it

Question 17

What are MASVS-RESILIENCE?

Answer 17

App’s ability to withstand reverse engineering and tampering
efforts

Includes strategies for detecting and mitigating attempts to alter
the app’s code or behavior

Question 18

What are MASVS-PRIVACY?

Answer 18

Emphasizes implementing privacy controls aligned with laws and
regulations

Apps should request only essential data and ensure informed user
consent

Data sharing with third parties should be necessary and based on user
consent

Question 19

OWASP Mobile Application Security Testing Guide (MASTG) Provides:

Answer 19

a detailed testing framework for validating security controls

Question 20

OWASP MAS Checklist Offers:

Answer 20

a practical format for assessing security features in the app

Question 21

MASVS-STORAGE Ensures:

Answer 21

secure storage of user credentials through good encryption practices

Question 22

MASVS-CRYPTO Uses:

Answer 22

industry-standard encryption to protect data both in transit
and at rest

Question 23

MASVS-AUTH Implements:

Answer 23

strong user authentication mechanisms

Question 24

MASVS-NETWORK Uses______ _______ protocols to secure data in transit

Answer 24

SSL/TLS

Question 25

MASVS-PLATFORM Prevents data leakage through:

Answer 25

platform mechanisms like auto-generated screenshots

Question 26

MASVS-CODE Ensures:

Answer 26

all incoming data is properly verified and sanitized

Question 27

MASVS-RESILIENCE Detects and mitigates:

Answer 27

attempts to alter the app’s code or behavior

Question 28

MASVS-PRIVACY Ensures:

Answer 28

informed user consent for data sharing with third parties

Question 29

What are PTES (Penetration Testing Execution Standard)?

Answer 29

Framework for conducting thorough and effective penetration tests Structured approach to testing the security of information systems and networks Seven Main Sections

Question 30

PETS (Pre-engagement Interactions)

Answer 30

Initial communication and reasons for conducting a penetration test Includes tools and techniques for a successful start

Question 31

PETS (Information Gathering)

Answer 31

Includes Open-Source Intelligence, corporate structures, technology setups, and footprinting (passive and active techniques)

Question 32

PETS (Threat Modeling)

Answer 32

Understanding business assets and processes that need protection Identifies threats and their capabilities Prioritizes critical assets and threat vectors

Question 33

PETS (Vulnerability Analysis)

Answer 33

Identifying security weaknesses using active and passive testing techniques Active testing: Direct interaction with the system Passive testing: Observing the system without direct interaction

Question 34

PETS (Exploitation)

Answer 34

Actively exploiting identified vulnerabilities Simulates an attacker’s attempt to exploit weaknesses

Question 35

PETS (Post-exploitation)

Answer 35

Follows successful exploitation with gained access Explores further potential achievements of an attacker included: Accessing sensitive data, escalating privileges, installing backdoors, navigating the network

Question 36

PETS (Reporting)

Answer 36

Compiles a detailed report of all activities conducted during the test Includes vulnerabilities exploited, systems accessed, and potential impact Provides clear, actionable recommendations for remediation

Question 37

What is CREST?

Answer 37

Council of Registered Ethical Security Testers Organization of security companies Sets rigorous standards for cybersecurity services

Question 38

What are CDPT?

Answer 38

CREST Defensible Penetration Test) Guidelines Establish standard for conducting penetration tests

Question 39

What are Executive Summary (CREST)

Answer 39

Clarifies common terms Sets stage for unified understanding of penetration testing across the industry

Question 40

What are Background (CREST)

Answer 40

Discusses evolution and variability of penetration testing practices Emphasizes need for a global standard for consistency and quality

Question 41

What are the Benefits of CREST Accreditation?

Answer 41

Outlines advantages of choosing CREST-accredited companies Enhances trust and reliability of services

Question 42

What are OSSTMM?

Answer 42

Open-Source Security Testing Methodology Manual Provide a scientific method for accurately assessing operational security (OpSec) OSSTMM serves as a reference for all security tests

Question 43

What are ISECOM?

Answer 43

Institute for Security and Open Methodologies Develops OSSTMM Provides additional resources through paid membership (e.g., Hacker Highschool, Cybersecurity Playbook)

Question 44

What are Operational Security (OpSec), regarding OSSTMM?

Answer 44

Assessed through thorough examination and comparison of test results Ensures consistency and trustworthiness

Question 45

OSSTMM has a Quick Start Guide that:

Answer 45

Assists with initial stages of security testing Helps identify what and how to test

Question 46

What are STRIDE?

Answer 46

A security model developed by a team at Microsoft Provides a systematic approach to security encompassing six key elements: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege

Question 47

STRIDE (Spoofing)

Answer 47

Involves an attacker assuming the identity of another user to gain unauthorized access Focuses on the authentication process

Question 48

STRIDE (Tampering)

Answer 48

Refers to the malicious modification or alteration of data in the CIA - hurts i- integrity

Question 49

STRIDE (Repudiation)

Answer 49

Performing actions on a system that cannot be traced back to an individual user Non-repudiation measures: Logging, digital signatures, timestamps, audit trails

Question 50

STRIDE (Information Disclosure)

Answer 50

Unauthorized access to confidential information Breaches confidentiality- CIA

Question 50

DTRIDE (Denial of Service (DoS) )

Answer 50

Designed to interrupt the normal functioning of a website, service, or network by overwhelming it with requests

Question 51

STRIDE (Elevation of Privileges)

Answer 51

When a user with limited permissions exploits a weakness to gain higher-level permissions Involves authorization mechanisms

Question 52

What is The Purdue Model?

Answer 52

Foundational framework for protecting operational technology (OT) environments Helps define network segmentation in industrial settings Isolates and protects OT systems from potential cyber threats Divided in to Levels/Zones

Question 53

the Purdue Model- Level 5 (External/Vendor Support/Cloud Access)

Answer 53

Enterprise Security Zone Manages interactions with external vendors and cloud services

Question 54

the Purdue Model- Level 4 (Business Logistics Systems/Enterprise IT)

Answer 54

Covers corporate IT operations, including enterprise resource planning systems Manages crucial business functions like production scheduling, material use, shipping, and inventory management

Question 55

the Purdue Model- Level 3.5 (Demilitarized Zone (DMZ))

Answer 55

Buffer zone hosting security measures like firewalls and proxies Controls data exchange between IT and OT systems Prevents potential threats from spreading

Question 56

the Purdue Model- Level 3 (Manufacturing Operations Systems Zone)

Answer 56

Hosts operations management systems such as Manufacturing Execution Systems Directs real-time manufacturing processes Stores critical operational data for analysis

Question 57

the Purdue Model- Level 2 (Control Systems Zone)

Answer 57

Includes devices like Supervisory Control and Data Acquisition (SCADA) systems Monitors and controls physical processes

Question 58

the Purdue Model- Level 1 (Intelligent Devices Zone)

Answer 58

Includes Programmable Logic Controllers (PLCs) Manages operations based on real-time data from sensors in the Physical Process Zone

Question 59

the Purdue Model- Level 0 (Physical Process Zone)

Answer 59

Where actual manufacturing processes occur Includes sensors and actuators that directly interact with manufacturing operations

Question 60

What are the advantages of the Purdue Model?

Answer 60

Remains high despite changes in industrial networking and merging of IT and OT Addresses challenges from direct-to-cloud data flow from Level 0 devices Provides a solid framework for segmenting and protecting networks Clear zones and strict controls at each level help prevent unauthorized access and manage cyber risks Adapts to new technologies and methods, offering a valuable blueprint for securing industrial control system

Question 61

What are OCTAVE?

Answer 61

Operationally Critical Threat, Asset, and Vulnerability Evaluation Designed to manage organizational risks, not just technical ones Ideal for small to medium-sized organizations Focuses on operational impacts like data breaches

Question 62

What are the Benefits of OCTAVE?

Answer 62

Self-directed approach- Allows organizations to shape their security assessments internally Encourages ownership- Internal teams lead the assessment Combines organizational insight with technological assessments

Question 63

OCTAVE - Phase 1 (Build Enterprise-Wide Security Requirements)

Answer 63

Process 1 (Identify Enterprise Knowledge)- Senior managers contribute insights on key assets, threats, risk indicators, and protection strategies Process 2 (Identify Operational Area Knowledge)- Operational area managers capture their perspectives on key assets and threats Process 3 (Identify Staff Knowledge)- Staff-level input on key areas Process 4 (Establish Security Requirements)- Combine information to develop an enterprise-wide view of assets, threats, protection strategies, and security requirements

Question 64

OCTAVE - Phase 2 (Identify Infrastructure Vulnerabilities)

Answer 64

Process 5 (Map High-Priority Information Assets to Information Infrastructure)- Map high-priority infrastructure components using compiled asset and threat information Process 6 (Perform Infrastructure Vulnerability Evaluation)- Evaluate the infrastructure for missing policies, practices, and vulnerabilities

Question 65

OCTAVE - Phase 3 (Determine Security Risk Management Strategy)

Answer 65

Process 7 (Conduct Multi-Dimensional Risk Analysis)- Analyze potential risks by examining break-in scenarios, asset vulnerabilities, and threat likelihoods Process 8 (Develop Protection Strategy) - Create a strategic plan to mitigate prioritized risks, select appropriate mitigation strategies, and craft a risk management plan

Question 66

What are the Main Elements of OCTAVE?

Answer 66

STRIDE Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privileges.

Question 67

What are DREAD stands for?

Answer 67

Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability

Question 68

What dose DREAD do?

Answer 68

A risk assessment model used to quantify, prioritize, and compare the level of risk from various security threats Allows analysts to rate, compare, and prioritize the severity of threats by assigning a score between 0 and 10 to each of the five key categories The overall threat rating is determined by adding all these scores together Severity Categories Based on Total ScoresCritical

Question 69

In the DREAD, what should you do when you get a score of 40-50?

Answer 69

treat it immediately

Question 70

In the DREAD, what should you do when you get a score of (25-39)?

Answer 70

Severe vulnerability that should be reviewed and resolved soon

Question 71

In the DREAD, what should you do when you get a score of (11-24)?

Answer 71

Moderate risk that should be reviewed after more severe risks

Question 72

In the DREAD, what should you do when you get a score of (1-10) ?

Answer 72

Minimal risk to infrastructure and data

Question 73

DREAD Components and Scoring - Damage Potential

Answer 73

Evaluates the extent of damage that a successful exploitation of the vulnerability could cause 0- no damage , 9- Non-sensitive administrative data compromised

Question 74

DREAD Components and Scoring - Reproducibility

Answer 74

Measures how easily a threat can be replicated by an attacker 0- very difficult 10- very easy

Question 75

DREAD Components and Scoring - Exploitability

Answer 75

Assesses the level of effort and resources required to exploit the vulnerability 2.5- Advanced programming and networking skills 10- Web browser

Question 76

DREAD Components and Scoring - Affected Users

Answer 76

Quantifies the segment of the user base that would be impacted if the vulnerability were exploited 0- no users 10- all users

Question 77

DREAD Components and Scoring - Discoverability

Answer 77

Refers to how easy it is for the potential attacker to discover the vulnerability 0- Hard to discover the vulnerability 10- Vulnerability found in web address bar or form

Question 78

Which of the following categories in the MITRE ATT&CK framework focuses on techniques used to maintain access in a target system?

Answer 78

PERSISTANCE

Question 79

Which of the following OWASP Top 10 vulnerabilities involves improper enforcement of user permissions, allowing unauthorized individuals from seeing data or altering functionality?

Answer 79

Broken access control

Question 80

Which control group in the OWASP MASVS ensures the security of data in transit and at rest using cryptographic methods?

Answer 80

MASVS-CRYPTO

Question 81

Which phase of the PTES framework involves gaining knowledge about the target system using both passive and active techniques?

Answer 81

Information gathering

Question 82

Which STRIDE element involves exploiting weaknesses in a system's authentication process to assume another user's identity?

Answer 82

Spoofing