M3 Practice Quiz

Question 1

  1. Which of the following is a primary motivation for a hacktivist threat actor? Group of answer choices

    Options:

    • Espionage
    • Financial gain
    • Ideological beliefs
    • Service disruption

    Overall explanation:

    • Hacktivists are motivated by ideological, political, or philosophical beliefs and they use cybercrime as a means to promote a particular agenda or cause by seeking to bring attention to issues or to enact social change.
    • Financial gain is a common motivation among cybercriminals who engage in activities like ransomware, banking Trojans, or fraud to achieve monetary profit.
    • Espionage is a common motivation associated with nation-state actors or corporate competitors since espionage focuses on obtaining classified, sensitive, or proprietary information for strategic advantages.
    • Service disruption is a tactic used by various threat actors that primarily involves actions like Distributed Denial of Service (DDoS) attacks that try to make a service unavailable to its legitimate users.

    Tags: Hacktivists

Question 2

  1. Which attribute of a threat actor indicates the amount of financial, technological, and human resources they can use for their operations?

    Options:

    • Their intent
    • Their resource level
    • Their sophistication level
    • Their motivations

    Overall explanation:

    • Their resource level is an attribute that reflects the depth and breadth of resources (be it financial, technological, human, etc.) available to a threat actor for executing and supporting their malicious campaigns.
    • Their sophistication level refers to the complexity and advancement of techniques, tactics, and procedures employed by a threat actor.
    • Their motivations best represent the underlying reasons or the driving forces pushing a threat actor to conduct an attack.
    • Their intent dictates the specific objective or end-goal in mind that a threat actor aims to achieve through their malicious activities.

    Tags: Threat Actor Attributes

Question 3

  1. Which of the following threat actors primarily operates based primarily on financial motivations and is considered to be highly structured and sophisticated in their attacks?

    Options:

    • Nation-state actors
    • Hacktivists
    • Script kiddies
    • Organized crime

    Overall explanation:

    • Organized cybercrime consists of groups that are primarily motivated by financial gain who are involved in various cybercriminal activities like data breaches, ransomware attacks, and financial fraud.
    • Script kiddies are unskilled individuals and amateur hackers who use readily available tools and scripts to launch attacks, but they lack deeper knowledge of their actions' implications.
    • Nation-state actors are individuals or groups sponsored by a government who carry out cyber operations for espionage, disruption, or even warfare to fulfill state interests.
    • Hacktivists are threat actors who are driven by ideological, political, or societal motivations that employ hacking techniques to promote their causes.

    Tags: Organized Crime

Question 4

  1. Which type of threat actor would BEST describe a disgruntled employee who may exploit their legitimate access for malicious purposes?

    Options:

    • Insider threat
    • Nation-state actor
    • Unskilled attacker
    • Hacktivist

    Overall explanation:

    • An insider threat refers to potential or actual threats that come from individuals within the organization, such as employees, contractors, or business associates, who have inside information concerning the organization's security practices, data, and computer systems. They may exploit their legitimate access to cause harm due to malicious intent. Insider threats can also cause damage accidentally, but in this case, the employee is disgruntled, so the damage is malicious.
    • An unskilled attacker, also commonly referred to as a script kiddie, is an individual with little expertise who might use pre-packaged software or scripts to conduct attacks without largely understanding the underlying attack mechanisms or its repercussions.
    • A hacktivist is an individual or group that carries out cyberattacks as a form of protest, to make a political statement, or to affect social change.
    • A nation-state actor refers to an individual or a group that is funded and directed by a nation's government to engage in cyberattacks against other nations, organizations, or individuals for strategic, military, or espionage purposes.

    Tags: Insider Threats

Question 5

  1. Which deceptive technology is a piece of data or a system entity that exists solely to alert the organization when someone accesses it?

    Options:

    • Honeyfile
    • Honeynet
    • Honeytoken
    • Honeypot

    Overall explanation:

    • A honeytoken is a piece of information or a system entity that is created to serve as a decoy or alert mechanism. A honeytoken's sole purpose is to be accessed or used illicitly, and any interaction with it is typically a clear sign of unauthorized activity, such as someone using a fake user account, a dummy email address, or a baited record in a database. It alerts the organization that someone has accessed the system.
    • A honeypot is a system set up as a decoy to lure cyber attackers and to detect, deflect, or study attempts to gain unauthorized access to information systems.
    • A honeynet is essentially a network of honeypots that are designed to mimic real networks and services to deceive attackers so that the attacker believes they are attacking a legitimate target.
    • A honeyfile is a decoy file, often placed within a system or network, that appears to be legitimate and contains enticing data to detect unauthorized file access. While honeypots, honeynets, and honeyfiles will alert the organization of a breach, only the honeytoken exists solely to alert the organization.

    Tags: Outsmarting Threat Actors#Deceptive and Disruption Technologies