Final 7-12

Question 1

What is a United Threat Management device?

Answer 1

A piece of hardware that can do email spam filtering, malware protection, firewall capabilities, and more.

Question 2

What is an MUA and MTA , what do they do?

Answer 2

Mail User Agent & Mail Transfer Agent. A MUA is what is used to read and send mail from an endpoint (gmail). MTAs are programs that accept email messages from senders and route them toward their recipients.

Question 3

What is an endpoint?

Answer 3

A network-connected hardware device (phone, computer, tablet)

Question 4

What products can assist in monitoring endpoint hardware?

Answer 4

An Endpoint Protection Platform (EPP) has antimalware scanning.

Endpoint Detection and Response (EDR)
Detects & investigates security incidents, & the ability to intervene and even remediate endpoints back to a preinfection state.

Question 5

While identifying software for the presence of malware, how is that done with EPP and EDR?

Answer 5

Reverse engineering malware.

Question 6

known-good behavior

Answer 6

“Normal” processes and actions used as a standard.

Question 7

User and Entity Behavior Analytics?

Answer 7

Normal behaviors for users and entities

Question 8

What is Layer 2 of the OSI model?

Answer 8

Data Link Layer, divides data into packets, handles error detection and correction.

Question 9

Packet and protocol analysis?

Answer 9

Analyzing packets and the protocols that are used on a network in search of malware.

Question 10

What is a TAP?

Answer 10

Test Access Point, transmits send and receive data streams simultaneously. Passive device, cannot be attacked. “court approved”

Question 11

What tools can be used for packet analysis?

Answer 11

Wireshark (gui tool), EtherApe (virtual interpretation), Tcpdump (command-line, UNIX and LINUX), Tcpreplay (editing and replaying packets)

Question 12

What is the DGA technique?

Answer 12

A domain generation algorithm can be used to create multiple random potential URLs for malware to communicate with a command and control server over.

Question 13

Nicholas wants to implement an additional feature for the employees at his organization to be able to verify who the sender of the message is and that the message hasn’t been tampered with in transit. What will be required to send the message?

Answer 13

The message hash needs to be encrypted using the sender’s private key. The receiver will decrypt the message hash using the sender’s public key.

Question 14

What can be added to prevent SQL injection or cross-site scripting attacks?

Answer 14

web application firewall

Question 15

Jonquil has been asked to implement a system that collects information for analysis about traffic flowing through the routers and switches on her company’s network. What protocol should she consider to implement this type of setup?

Answer 15

NetFlow is a protocol developed by Cisco that collects info about traffic flowing through devices on a network.

Question 16

What is Data correlation?

Answer 16

Looking for reasons why shit happens in event sequences

Question 17

What is syslog?

Answer 17

A means by which network devices can use a standard message format to communicate with a logging server.

Question 18

Suki wants to analyze all of the traffic being sent to and from a group of 10 computers that are all connected to the same networking device. He decides to install a sniffing device that will capture packets and then enable port mirroring on the networking device to send copies of the traffic to the sniffing device. What device is he using?

Answer 18

A switch, he is port mirroring to send copies of frames to a certain port for analysis.

Question 19

Sanvi is a cybersecurity analyst at her company and has been asked to review a new platform that will combine software programs and tools in order to orchestrate a range of security operations, threat intelligence sources, as well as incident response mechanisms all into one. Which has she been asked to review?

Answer 19

SOAR (Security orchestration, automation, and response) combines software programs and tools in order to orchestrate a range of security options, threat intelligence sources, and incident response mechanisms.

Question 20

What is data enrichment?

Answer 20

The process of enhancing data for cybersecurity analysis. Combining data from multiple orgs.

Question 21

What is SCAP?

Answer 21

Security Content Automation Protocol. Open standard that enables an automated vulnerability management, measurement, and policy compliance evaluation.

Question 22

What are the standards of SCAP?

Answer 22

Common Vulnerabilities and Exposures (CVE)
Common Configuration Enumeration (CCE)
Common Platform Enumeration (CPE)
Common Weakness Enumeration (CWE)

Question 23

Define the standards of SCAP.

Answer 23

Common Vulnerabilities and Exposures (cve)
Vulnerabilities in operating systems and application software

Common Configuration Enumeration CCE
Configuration best-practice statements

Common Platform Enumeration CPE
Vulnerabilities in operating systems, applications, and hardware devices

Common Weakness Enumeration CWE
Software design flaws that could result in a vulnerability

Question 24

Clustering?

Answer 24

A form of statistical analysis that separates groups (clusters) of similar data points from a larger set based on specific characteristics.

Question 25

stack counting?

Answer 25

the application of frequency analysis (how often something occurs) to large sets of data to identify outliers.

Question 26

Integrated intelligence?

Answer 26

Combining different sources to be used in threat hunting.

Question 27

Artyom wants to implement a new threat detection and analysis system which automates a lot of the process of finding new intrusions and breaches at his company. He wants the system to analyze user behavior and determine when there are anomalies and abnormalities. What feature should he look for when looking for a new system to implement?

Answer 27

Machine learning

Question 28

Attack vector?

Answer 28

The methods by which threat actors will use to attack systems, networks, and devices of an enterprise.

Question 29

executable process analysis

Answer 29

Tools that allow for an investigation of how malware functions.

Question 30

What is DevSecOps?

Answer 30

The process of integrating secure development best practices and methodologies into application software development and deployment processes using the agile model.

Question 31

What are the automated courses of action for DevSecOps?

Answer 31

Continuous Monitoring (examining processes in real-time Continuous Validation (ongoing approvals of code), Continuous Integration (ensuring security features are incorporated at each stage), Continuous Delivery (moving code to each stage as it is completed), Continuous Deployment (continual code implementation).

Question 32

HIPAA?

Answer 32

Health Insurance Portability and Accountability Act

Question 33

What are the critical data types?

Answer 33

Personally identifiable information (PII) Sensitive Personal Information (SPI) Personal health information (PHI) Financial information Intellectual property High value asset (HVA) information Corporate information

Question 34

What do PII AND SPI consist of?

Answer 34

Personally identifiable information (full name,ssn, driver's license number) Sensitive Personal Information (biometric data,sex, political party affiliation)

Question 35

What do (PHI) & Financial information consist of?

Answer 35

Personal health information (mental health history, healthcare services used) Financial information (name, card number, expiration date)

Question 36

What are Intellectual property, corporate information & (HVA) information?

Answer 36

Intellectual property (trademarks, copyrights, patents) creation or invention of the mind Corporate information (replacement cost, price earnings ratio, discounted cash flow) High value asset information (assets, systems, instructions)

Question 37

Compare downtime and recovery time.

Answer 37

Downtime is the time an incident interrupts normal business processes Recovery time is time needed for the IT systems to be disinfected and returned to normal

Question 38

Data integrity?

Answer 38

The correctness and completeness of data.

Question 39

system process criticality?

Answer 39

The degree to which the impacted systems affect the overall functionality of the entire system.

Question 40

What is the Sarbanes-Oxley Act? SOX

Answer 40

Defines regulations for financial reporting and auditing in the United States.

Question 41

General Data Protection Regulation?

Answer 41

Will inform the EU's Information Commissioner's Office (ICO) if they suffer a breach involving personal info of employees/customers.

Question 42

Personal Information Protection and Electronic Documents Act?

Answer 42

Canadian, protects user data.

Question 43

Lessons learned report?

Answer 43

Should be created at the end of projects to discuss what is being done correctly, what isn't being done correctly, and what needs to change.

Question 44

What are the steps of the Cyber Incident Response Plan?

Answer 44

Preparation Identification Analysis Containment Eradication Recovery Follow-up

Question 45

Alika has just finished eradicating a piece of malware from a computer system. What should she do next as part of the validation process?

Answer 45

Patching

Question 46

What are the steps in the validation process?

Answer 46

Patching (All patches should be applied) Permissions (review compromised system) Scanning (scan and identify issues) Security Monitoring (check system is monitored correctly)

Question 47

secure disposal?

Answer 47

The destruction of a hard drive.

Question 48

California Consumer Privacy Act (CCPA)

Answer 48

Allows users to know what personal data is being collected about them, to know whether their personal data is sold or disclosed and to whom, to say no to the sale of personal data.

Question 49

What symptom might indicate a potential DDoS attack?

Answer 49

A large, constant spike in bandwidth consumption

Question 50

Bartolo sees a notification from a security device on the perimeter of the network that ICMP echo requests have been received for the entire range of IP addresses on the external subnet. Which of the following has been detected?

Answer 50

Ping sweep, ICMP echo requests are sent to a range of addresses to discover which hosts may be online and active.

Question 51

nslookup?

Answer 51

name server lookup, used to obtain the IP address or domain name of a host.

Question 52

Chain of custody?

Answer 52

To keep track of the people who have had access to certain items, such as pieces of evidence

Question 53

Server Message Block, SMB?

Answer 53

Protocol for a network that uses Microsoft Windows. Uses named pipes or logical connections.

Question 54

write blocker?

Answer 54

A device or special software on a digital forensics workstation that allows a hard drive to be examined without the possibility of accidentally writing to the drive.

Question 55

Computers that communicate with a command and control server are referred to as _____?

Answer 55

bots or zombies. A collection of bots communicating with the same command and control server and under the control of the same person or group is known as a botnet.

Question 56

Kevin is working the after-hours shift in the NOC and receives an alert that there has been a potential intrusion into one of the servers. He pulls out the incident response plan and sees that the first step is to notify the on-call manager. Where might he find that information?

Answer 56

The escalation list

Question 57

The security administrator for a large organization wants to prevent customer service employees from being able to access control panels or command prompts. Which of the following could the security administrator implement in order to accomplish this goal?

Answer 57

Group policy

Question 58

Nichole, a cybersecurity analyst, has received an alert about a potential ping flood on one of the company's Windows servers. She is able to connect to the server via an out-of-band management network. What native tool might help her verify what is occurring on the server at the moment?

Answer 58

Resource Monitor (audits and displays CPU and other endpoint resources)

Question 59

Ines is reviewing the network traffic logs and sees what appears to be beaconing. Which of the following best describes the traffic she has noticed?

Answer 59

The traffic is most likely being sent to a command and control server.

Question 60

data ownership policy

Answer 60

A policy that defines the duties of a data custodian and a data owner for the protection of data.

Question 61

acceptable use policy (AUP)?

Answer 61

A policy that defines the actions users may perform while accessing devices and networks belonging to the organization.

Question 62

data retention policy?

Answer 62

A policy that outlines how to maintain information in the user’s possession for a predetermined length of time.

Question 63

continuous monitoring policy?

Answer 63

A policy that defines how the organization may monitor its employees.

Question 64

What is an audit?

Answer 64

An audit is an evaluation by an external third party that examines the security of an organization.

Question 65

Craig has been asked to implement the ISO standards for cybersecurity in his organization. With which of the following families of standards should he become familiar?

Answer 65

ISO 27000

Question 66

An outside consultant has been hired to perform a risk analysis for a company. As part of the report, he details the likelihood of certain events occurring, as well as the impact they would have. What could he use to display this information in his report?

Answer 66

A risk matrix, displays the results of qualitative, quantitative, and semi-quantitative risk calculations.

Question 67

What are the types of system controls?

Answer 67

Deterrent-discourage security violations Detective-identifies threats Corrective-mitigates damage caused Preventative-stop threats for coming in contact with vuln Physical-security in a defined location Compensating-provides an alt to normal controls

Question 68

What institute in the U.S. government publishes cybersecurity guidelines?

Answer 68

NIST (National Institute of Standards and Technology)

Question 69

Business Impact Analysis. (BIP)?

Answer 69

quantifies the impact a loss of functions may have on the business

Question 70

Data Loss Prevention (dlp)?

Answer 70

Security tools used to recognize and identify data critical to the organization and ensure it is protected.

Question 71

John the Ripper?

Answer 71

Brute force password cracker

Question 72

In an in house pen testing exercise, what color is the team doing the penetrating?

Answer 72

Red team

Question 73

In an in house pen testing exercise, what color is the team defending?

Answer 73

Blue Team

Question 74

Josh wants to be able to prevent tablets and other devices from accessing certain systems unless the devices are physically on the company's multi-building HQ campus. What can he use as a solution?

Answer 74

Geofencing. Defines geographical boundaries for an app.

Question 75

What are the 3 components of the CIA triad?

Answer 75

Confidentiality-Only you and people you want can view the data Integrity-Your data has not been altered Availability-You can freely access your data

Question 76

What are the AAA of computer resources?

Answer 76

Authentication-Validation of credentials Authorization-Permission granted for admittance Accounting-Record of user actions

Question 77

Who in an IT department is responsible for collecting the data?

Answer 77

Data controller

Question 78

What is an NDA?

Answer 78

Non disclosure agreement. Any information learned by the consultant will be highly confidential and is not to be disclosed to anyone who is unauthorized to view the information.

Question 79

Discretionary Access Control?

Answer 79

Discretionary access control is where every object has an owner who has total control over that object.

Question 80

Payment Card Industry Data Security Standard (PCI DSS)?

Answer 80

Set of standards to which merchants must be compliant.

Question 81

Digital Rights Management (DRM)?

Answer 81

Access control technologies, designed to restrict the use and duplication of digital content across a wide range of devices.

Question 82

Aaron has been tasked with embedding unique information within albums that are going to be distributed by the record label that he works for before they are protected by DRM. Which of the following describes what he has been asked to do?

Answer 82

Watermarking

Question 83

Mandatory Access Control (MAC)?

Answer 83

Users assigned controls by custodian's desires

Question 84

What is an Access Control List (ACL)?

Answer 84

Contains rules that administer certain assets by granting or denying access to them.

Question 85

What is data sovereignty?

Answer 85

Data collected from a nation’s citizens must be stored on servers in that country.

Question 86

Gramm–Leach–Bliley Act (GLBA)?

Answer 86

Financial institutions must explain their information-sharing practices to their customers and to safeguard sensitive data.