Chapter 5 Threat and Vulnerability Management Mark B

Question 1

Which of the following intelligence types focuses on the threat actor and the reason for the attack?

A. Tactical
B. Strategic
C. Targeted
D. Operational

Answer 1

A. Tactical

Question 2

What is used as a common vector to launch a broad range of attacks?

A. Tactical
B. Strategic
C. Commodity Malware
D. Targeted attacks

Answer 2

C. Commodity Malware

Question 3

What type of attack would use spear phishing against engineers in the Ukraine electricity supply industry with the goal of gaining user credentials?

A. Deep web
B. Proprietary
C. Commodity Malware
D. Targeted attacks

Answer 3

D. Targeted attacks

Question 4

Which of the following intelligence types focuses on the technical and automated discovery of everyday threats, threat actors and the reason for the attack?

A. Tactical
B. Strategic
C. Commodity malware
D. Operational threat intelligence

Answer 4

A. Tactical

Question 5

Which of the following intelligence types uses forensics and historical logs to identify threats?

A. Tactical
B. Strategic
C. Commodity malware
D. Operational threat intelligence

Answer 5

D. Operational threat intelligence

Question 6

What framework could a forensic team use to document a specific adversary, victim, capabilities and infrastructure?

A. Threat emulation
B. Threat hunting
C. Diamond model
D. STIX

Answer 6

C. Diamond model

Question 7

What is the most likely threat actor if your router firmware has been tampered with over a period of two years, without being detected?

A. Advanced persistent threat
B. Insider threat
C. Hacktivist
D. Script kiddie

Answer 7

A. Advanced persistent threat

Question 8

What is the most likely threat actor if your electrical power delivery capabilities are attacked?

A. Nation State
B. Insider threat
C. Hacktivist
D. Script Kiddie

Answer 8

A. Nation State

Question 9

What threat actor will most likely steal your intellectual property?

A. Advanced persistent threat
B. Competitor
C. Hacktivist
D. Script kiddie

Answer 9

B. Competitor

Question 10

What is the threat when vulnerabilities are present on your network due to misconfiguration by poorly trained technicians?

A. Advanced persistent threat
B. Insider threat
C. Script kiddie
D. Organized Crime

Answer 10

B. Insider threat

Question 11

What is the threat when vulnerabilities are present due to the use of third party libraries in our code base?

A. Advanced persistent threat
B. Supply Chain
C. Insider Threat
D. Organized Crime

Answer 11

B. Supply Chain

Question 12

What is the likely threat actor when thousands of systems are targeted with crypto malware followed up with a demand for $5,000 in bitcoin?

A. Advanced persistent threat
B. Supply chain
C. Insider threat
D. Organized Crime

Answer 12

D. Organized Crime

Question 13

What is the public network that hosts unindexed and unsearchable content that may be useful for unlawful activities?

A. World Wide Web
B. Intranet
C. Deep web
D. Proprietary networks

Answer 13

C. Deep web

Question 14

What type of intelligence gathering would involve DNS record harrvesting?

A. Intelligence feeds
B. Deep Web
C. Open Source Intelligence
D. Human intelligence

Answer 14

C. Open Source Intelligence

Question 15

What type of intelligence gathering would involve physical reconnaissance?

A. Intelligence feeds
B. Deep Web
C. Open Source Intelligence (OSINT)
D. Human intelligence (HUMINT)

Answer 15

D. Human intelligence (HUMINT)

Question 16

What framework would be the best choice to build up a picture of threat actors and their tactics and techniques for a water treatment plan?

A. MITRE ATT&CK
B. ATT&CK for industrial analysis
C. Diamond model of intrusion analysis
D. Cyber kill chain

Answer 16

B. ATT&CK for industrial analysis

Question 17

What framework would be used to understand the capabilities of APT29 and how they will target your enterprise information systems?

A. MITRE (ATT&CK)
B. ATT&CK for industrial control system (ICS)
C. Scripts/regular expressions
D. SRTM

Answer 17

A. MITRE (ATT&CK)

Question 18

What framework uses seven stages, starting with reconnaissance and ending in actions on objectives?

A. MITRE (ATT&CK)
B. ATT&CK for industrial control system (ICS)
C. Diamond model of intrusion analysis
D. Cyber kill chain

Answer 18

D. Cyber kill chain

Question 19

What file type allow for the analysis of network traffic captured by Wireshark or tcpdump?

A. Packet capture (PCAP)
B. Vulnerability logs
C. Operating system logs
D. Portable Data Format (PDF)

Answer 19

A. Packet capture (PCAP)

Question 20

What can be used to centrally correlate events form multiple sources and raise alerts?

A. FIM Alerts
B. SIEM Alerts
C. DLP Alerts
D. IDS/IPS Alerts

Answer 20

B. SIEM Alerts

Question 21

What type of logging can be used for accountability?

A. Vulnerability Logs
B. Operating system logs
C. Access Logs
D. NetFlow Logs

Answer 21

C. Access Logs

Question 22

What type of logging can identify the source of most noise on a network?

A. Vulnerability logs
B. Operating system logs
C. Access Logs
D. NetFlow Logs

Answer 22

D. NetFlow Logs

Question 23

How will you know if my critical files have been tampered with?

A. FIM Alerts
B. SIEM Alerts
C. DLP Alerts
D. IDS/IPS Alerts

Answer 23

A. FIM Alerts

Question 24

George has tried to email his company credit card details to his Gmail account. The security team has contacted him and reminded him this is not acceptable use. How were they informed?

A. FIM alerts
B. SIEM Alerts
C. DLP alerts
D. IDS/IPS alerts

Answer 24

C. DLP alerts

Question 25

An attacker has had their session reset after they successfully logged onto the Private Branch Exchange (PDX) after three unsuccessful attempts using SSH. What is the reason for this?

A. FIM Alerts
B. Firewall
C. DLP Rules
D. IPS rules

Answer 25

D. IPS rules

Question 26

A company needs to block the exfiltration of United States medical related data due to a new regulatory requirement. What is most likely going to get uploaded?

A. ACL Rules
B. Signature Rules
C. Behavior Rules
D. DLP rules

Answer 26

D. DLP rules

Question 27

Bill is the network technician and has been tasked with updating security based upon a threat exchange update. Five known bad actor IP addresses must be blocked. What should be updated?

A. Firewall rules
B. Signature rules
C. Behavior rules
D. DLP Rules

Answer 27

A. Firewall rules

Question 28

What is used to search for character strings in my DLP solution?

A. Signature rules
B. Behavior rules
C. Firewall rules
D. Regular expressions

Answer 28

D. Regular expressions

Question 29

What type of rule will alert administrators that Colin is deleting significant amounts of sensitive company data?

A. Signature rules
B. Behavior rules
C. Firewall rules
D. Regular expressions

Answer 29

B. Behavior rules

Question 30

What will alert the SOC team to IOCs detect in logs of multiple network appliances?

A. SIEM Alerts
B. Behavior alerts
C. DLP alerts
D. Syslog

Answer 30

A. SIEM Alerts

Question 31

What type of rule will alert administrators about a known malware variant that has the following checksum?
sha1 checksum 1984859468543578674535

A. ACL Rules
B. Signature rules
C. Behavior rules
D. DLP Rules

Answer 31

B. Signature rules

Question 32

Charles notices several endpoints have been infected by a recently discovered malware variant. What has allowed Charles to receive this information?

A. SIEM Alerts
B. Antivirus alerts
C. DLP Alerts
D. Syslog

Answer 32

B. Antivirus alerts