23

Question 1

Which of the following answers refers to an anti-malware tool that enables automated analysis of suspicious files in a sandbox environment?

Answer 1

** Cuckoo **

Cuckoo Sandbox is the leading open source automated malware analysis system

Question 1

A Linux command that allows to display the beginning of a file (by default its first 10 lines) is known as:

Answer 1

** head **

the head command will output the first part of the file

Question 2

Which of the following commands in Linux displays the last part (by default its 10 last lines) of a file?

Answer 2

** Tail **

the tail command will print the last part of the file

Question 3

A Linux command that allows to create, view, and concatenate files is called:

Answer 3

cat

Question 4

A Linux command-line command that enables searching files for lines containing a match to a given text pattern is called

Answer 4

grep

Question 5

What is the function of the Linux chmod command?

Answer 5

Changes file/directory access permissions

Question 6

Which of the following commands enables adding messages to the /var/log/syslog file in Linux?

Answer 6

Logger

Question 7

A type of extended command-line shell and a scripting language designed to simplify administrative tasks in Microsoft Windows is known as

Answer 7

Windows PowerShell

Question 8

Which of the following answers refers to a cross-platform, general-purpose programming language?

Answer 8

Python

Question 9

Which of the following answers refers to a software library used to implement encrypted connections?

Answer 9

OpenSSL

Question 10

Which of the following answers refers to a Command-Line Interface (CLI) packet-crafting tool?

Answer 10

Tcpreplay

Question 11

Which of the following tools enables sending custom packets that can be used to evaluate the security of a network device?

Answer 11

Tcpreplay

Question 12

Which of the following is a Command-Line Interface (CLI) packet-capturing tool used in Unix-like operating systems?

Answer 12

tcpdump

Question 13

Which of the following answers refers to an advanced cross-platform packet-capturing tool equipped with a Graphical User Interface (GUI)?

Answer 13

WireShark

Question 14

A Linux command-line utility that can be used in the forensic process for creating and copying image files is called:

Answer 14

** dd **

dd (Data Dump)

Question 15

Which of the following forensic utilities enables the extraction of RAM contents?

Answer 15

Memdump

Question 16

Which of the following answers refers to a multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics?

Answer 16

** WinHex **

WinHex is a commercial disk editor and universal hexadecimal editor used for data recovery and digital forensics

Question 17

Which of the following answers refers to a tool for creating forensic images of computer data?

Answer 17

FTK imager

FTK® Imager is a data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool such as Forensic Toolkit (FTK®) is warranted.

Question 18

Which of the following answers refers to an open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it?

Answer 18

** Autopsy **

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools

Question 19

What is Metasploit?

Answer 19

Exploitation framework

Question 20

Examples of password-cracking utilities include: (Select 2 answers)

Answer 20

• John the Ripper
• Cain & Abel

Question 21

One of the ways to prevent data recovery from a hard drive is to overwrite its contents. The data overwriting technique is used by drive wipe utilities which might employ different methods (including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk sanitization utility might overwrite the data on the drive with the value of one in the first pass, change that value to zero in the second pass, and finally perform five more passes, overwriting the contents with random characters (the Schneier method).

Answer 21

True

Question 22

A globally accessible knowledge base of Adversary Tactics, Techniques, and Procedures (TTPs) based on observations from real-world attacks is known as:

Answer 22

** MITRE ATT&CK **

The Adversarial Tactics, Techniques, and Common Knowledge or MITRE ATT&CK is a guideline for classifying and describing cyberattacks and intrusions.

Question 23

Which of the following answers refers to a methodology framework for intrusion analysis developed by U.S. government intelligence community?

Answer 23

** The Diamond Model of Intrusion Analysis **

The purpose of the Diamond Model is to assist analysts in identifying a group of events that occurred on their systems. These occurrences can then be grouped together in time to form “activity threads,” which can be compared to detect attacker campaigns.

Question 24

Which of the following answers refers to a 7-step military model adopted by Lockheed Martin to identify the phases of a cyberattack?

Answer 24

** Cyber Kill Chain **

The Cyber Kill Chain is divided into seven stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives