Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Theeravuth > Set 03 > Flashcards

Set 03 Flashcards

(10 cards)

Start Studying
1
Q

Q31: The detection issue is a classification job. The assessment of and IDS therefore, equates the outcome of the detector with the base reality identified to the evaluator, but not to the detector.
What are the possible outcomes of the detection process?
A. True negatives are normal actions that occur in the trace and should not be stated in alerts by the detector.
B. True positives are attack actions that shoud be stated in alerts by the detector
C. False positives are also known as false alerts; false negatives also known as miss or type II errors
D. All of above.

A

D. All of above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Q32: :Layer 3 information, such as IP addresses, the amount and timing of the data transferred, or the duration of the connection, is accessible to observers even if communication are encrypted or obfuscated.
What type of metadata is this in reference to?
A. Traffic metadata
B. Network metadata
C. Wireshark metadata
D. Host based metadata

A

A. Traffic metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Q33: There are two principal approaches to formal modelling
A. Mathematical, Statistical
B. Computational, Symbolic
C. Logical, Mathematical,
D. Symbolic, logical
A

B. Computational, Symbolic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Q34: Most modern malware uses some form of obfuscation to avoid detection as there is a range of obfuscation techniques and there are tools freely available on the internet for a malware author to use. Polymorphism can be used to feat detection methods that are based on “signatures” or patterns of malware code which mean?
A. The identifiable malware features are changed to be unique to each instance of the mal ware.
B. Malware instances look different from each other, but they all maintain the same malware functionality
C. Some common polymorphic malware techniques include packing.
D. All A, B & C are correct.

A

D. All A, B & C are correct.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
Q35: With reference to law, which school of thought has universally prevailed with state authorities?
A. Second School
B. Third School
C. First School
D. Havard University.
A

A. Second School

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Q36: There are different categories for evidence depending upon what form it is in  and possibly how it was collected.  Which of the following is considered supporting evidence?
A. Best evidence.
B. Corroborative evidence
C. Conclusive evidence
D. Direct evidence
A

C. Conclusive evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Q37: Encrypted traffic, and particularly TLS, is common and TLS guarantee both the validation of the server to the client and the privacy of the exchange over the network. But it is difficult to evaluation the payload of packets. The solution is to put a supplementary dedicated box near the application server, usually name the Hardware Security Module (HSM).
What is purpose of HSM?
A. The HSM is designed to establish the TLS session beforehand the application server delivers any information.
B. HSM transfers the burden of establishing the TLS session external to the application server.
C. TLS secured traffic is encrypted and decrypted at the HSM, and streams in clear to the server and triggers IDPSes and WAFS to evaluate traffic.
D. All of the options A, B & C include the working functionality of HSM

A

D. All of the options A, B & C include the working functionality of HSM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Q38: The analogy between quality management and security is not perfect because the
A. Threat environment is not static
B. Hardware is not powerful enough
C. System security is leaked
D. Human errors
A

A. Threat environment is not static

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Q39: The early-day malware activities were largely nuisance attacks (such as defacing or putting graffiti on an organization’s web page) by present-day malware attack are becoming full-blown cyberwars.
An underground eco-system has also emerged to support what?
A. The full malware lifecycle that includes development, deployment, operations, and monetization.
B. The middle half of the malware lifecycle that includes only deployment & operations
C. The 2nd half of the malware lifecycle that includes only operations and monetization.
D. The 1st half of the malware lifecycle that includes only development & deployment.

A

A. The full malware lifecycle that includes development, deployment, operations, and monetization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Q40: Anomaly detection is an essential technique for identifying cyber-attacks, since any information regrading the attack cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.
This supposedly supports the detection of what?
A. Environmental vulnerability
B. 0-day attacks
C. economic vulnerability and social vulnerability
D. physical and real-time vulnerability

A

B. 0-day attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Theeravuth (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions