Indicators of Compromise

Question 1

Indicators or signs that unauthorized activity has compromised an information system

Answer 1

Indicators of Compromise

Question 2

IOCs act as breadcrumbs for

Answer 2

incident response investigators

Question 3

IOCs symptoms can sometimes be exhibited due to

Answer 3

technical issues

Question 4

Unusual outbound

Answer 4

network traffic

Question 5

Anomalies in

Answer 5

privileged user account activity

Question 6

Geographical irregularities in

Answer 6

network traffic

Question 7

account login

Answer 7

Red flags

Question 8

Database read volume

Answer 8

Increas

Question 9

Large number of requests

Answer 9

for same files

Question 10

Mismatched port-application traffic

Answer 10

encrypted traffic over plain ports

Question 11

Suspicious registry or

Answer 11

system file changes

Question 12

Unusual DNS

Answer 12

Requests

Question 13

Unexpected system

Answer 13

patching

Question 14

Mobile device

Answer 14

profile changes

Question 15

Bundles of data in

Answer 15

wrong places

Question 16

Web traffic with non-human

Answer 16

behavior

Question 17

Signs of DDoS attempts

Answer 17

even if temporary

Question 18

Framework created by Mandiant and is opensource

Answer 18

OpenIOC

Question 19

Structured Threat Information Expression

Answer 19

STIX

Question 20

Trusted Automated Exchange of Indicatior Information

Answer 20

TAXII

Question 21

Cyber Observable Expression

Answer 21

CybOX

Question 22

Designed by MITRE specifically to facilitate automated information sharing between organizations

Answer 22

STIX/TAXII/CybOx

Question 23

Piece of software designed to do something nefarious

Answer 23

Malware

Question 24

Malware that changes its code after each use, making each replication different for detection purposes.

Answer 24

Polymorphic Malware

Question 25

Piece of malicious code that replicates by attaching itself to another piece of executable code

Answer 25

Virus

Question 26

Most viruses found are dissected by reverse engineering to understand what they’re doing, where they come from and these viruses aim to stop these efforts

Answer 26

Armored Viruses

Question 27

The early beginning of ransomware, that aims to create a DoS by encrypting certain files

Answer 27

Crypto-malware

Question 28

Encrypts files though automated means that the attacker uses to demand ransom in exchange for encryption keys

Answer 28

Ransomware

Question 29

Malware that once on a network can traverse and spread independently

Answer 29

Worm

Question 30

Depends on another piece of code to execute

Answer 30

Virus

Question 31

Can replicate and execute on its own

Answer 31

Worm

Question 32

Program that charades with one characterisitc or functionality but has another nefarious purpose

Answer 32

Trojan

Question 33

Form of malware designed specifically to modify operations of the OS to facilitate non-standard functionality

Answer 33

Rootkit

Question 34

SW that logs every keystroke of an end user

Answer 34

Keylogger

Question 35

Sw supported by advertising.

Answer 35

Adware

Question 36

Malware that spies on user activity and reports stolen information

Answer 36

Spyware

Question 37

Piece of sw that performs tasks under the control of another program

Answer 37

Bots

Question 38

Toolkit designed to gain unauthorized access to the targeted system

Answer 38

Remote-Access Trojan (RAT)

Question 39

Deliberately installed piece of software that sits dormant until some event that triggers malicious payload

Answer 39

Logic Bomb

Question 40

After gaining unauthorized access to a system, some attackers will install what’s knonw as a backdoor.

Answer 40

Backdoor

Means to esure they gain entry if initial access was discovered.