Lecture 4

Question 2

What is a key risk indicator (KRI)?

Answer 2

Metrics of the upper and lower bounds of specific indicators of normal network activity

Question 3

What might a KRI exceeding its normal bounds indicate?

Answer 3

A compromise or indicator of compromise IOC

Question 4

What does IOC stand for in cybersecurity?

Answer 4

Indicator of compromise

Question 5

What does an IOC show?

Answer 5

Malicious activity is occurring in early stages of an attack

Question 6

What is the purpose of IOC information?

Answer 6

To aid predictive analysis or discover attacks before they occur

Question 7

What are the two main categories of threat intelligence sources?

Answer 7

Open source and closed source

Question 8

What does OSINT stand for?

Answer 8

Open source intelligence

Question 9

What is CISCP?

Answer 9

Cyber Information Sharing and Collaboration Program that enables unclassified information exchange through partnerships

Question 10

Name two services CISCP provides.

Answer 10

Analyst to analyst technical exchanges and digital malware analysis

Question 11

What are two concerns about public information-sharing centres?

Answer 11

Privacy and speed

Question 12

What is AIS in cybersecurity threat sharing?

Answer 12

Automated Indicator Sharing for cyber threat indicators exchange via computers

Question 13

Name the two tools that facilitate AIS.

Answer 13

STIX and TAXII

Question 14

What does STIX stand for?

Answer 14

Structured Threat Information Expression

Question 15

What does TAXII stand for?

Answer 15

Trusted Automated Exchange of Intelligence Information

Question 16

What is closed source information?

Answer 16

Proprietary threat intelligence shared in private restricted centres

Question 17

What is required to participate in closed source threat sharing centres?

Answer 17

Vetting process and meeting certain criteria

Question 18

What is a vulnerability database?

Answer 18

Repository of known vulnerabilities and exploitation information

Question 19

What are threat maps?

Answer 19

Cyber threats shown on a geographic diagram

Question 20

What is the purpose of file and code repositories in threat intelligence?

Answer 20

Where victims upload malicious files and code for analysis by others

Question 21

What is the dark web?

Answer 21

A small portion of the deep web accessed using special software often linked with illegal activities

Question 22

What is the clear web?

Answer 22

The internet accessible via standard browsers indexed by search engines

Question 23

What is the deep web?

Answer 23

Parts of the internet not indexed by search engines including private or paywall content

Question 24

What software is commonly used to access the dark web?

Answer 24

Tor browser

Question 25

What domain extension do dark web sites use?

Answer 25

.onion

Question 26

Name three major tasks in securing endpoint computers.

Answer 26

Confirming secure startup, protecting from attacks, hardening protection

Question 27

What firmware interface replaced BIOS for improved boot functionality?

Answer 27

Unified Extensible Firmware Interface UEFI

Question 28

Name one feature of UEFI over BIOS.

Answer 28

Support for hard drives larger than 2TB

Question 29

What is a BIOS attack?

Answer 29

Malware infecting the BIOS firmware to compromise boot process

Question 30

What is chain of trust in boot security?

Answer 30

Validating each boot step element based on the previous to ensure integrity

Question 31

What is considered the strongest starting point in chain of trust?

Answer 31

Hardware root of trust that cannot be modified like software

Question 32

Name one software used to protect computer endpoints.

Answer 32

Antivirus software

Question 33

What is static analysis in antivirus software?

Answer 33

Signature based monitoring scanning for known virus patterns before execution

Question 34

What is heuristic monitoring also called?

Answer 34

Dynamic analysis that detects unknown threats by behavior

Question 35

What technique is used in antimalware spam protection?

Answer 35

Bayesian filtering analyzing word frequency in emails

Question 36

What feature helps prevent spyware infections?

Answer 36

Antispyware using pop-up blockers

Question 37

What protocol secures cookies between browser and web server?

Answer 37

HTTPS protocol

Question 38

What is HIDS?

Answer 38

Host Intrusion Detection System software that detects attacks on an endpoint

Question 39

What is HIPS?

Answer 39

Host Intrusion Prevention System that blocks attacks following rules immediately

Question 40

What does EDR stand for?

Answer 40

Endpoint Detection and Response

Question 41

What advantage do EDR tools have over HIDS and HIPS?

Answer 41

Aggregate data centrally and perform sophisticated analytics for anomalies

Question 42

What is patch management?

Answer 42

Administering and applying software updates to fix vulnerabilities

Question 43

Name two patch management tools or options.

Answer 43

Automated patch update service and forced updates in Windows 10

Question 44

Name one OS security configuration practice.

Answer 44

Disabling unnecessary ports and services

Question 45

What is Windows 10 Tamper Protection?

Answer 45

Feature that prevents unauthorized changes to security settings or registry

Question 46

What is application whitelisting?

Answer 46

Allowing only approved software to run to restrict malware

Question 47

What is a sandbox in security?

Answer 47

Isolated environment to run code safely without affecting the system

Question 48

What is the risk of insecure applications?

Answer 48

They open doors for attackers to exploit data and operating systems

Question 49

What is a directory traversal attack?

Answer 49

Attack that moves from root directory to restricted folders to access confidential files

Question 50

Name a memory vulnerability exploited by attackers.

Answer 50

Buffer overflow

Question 51

What are the stages of application development?

Answer 51

Development testing staging production

Question 52

What is software diversity?

Answer 52

Developing multiple program variants from the same specs for error detection and reliability

Question 53

What does provisioning mean in IT?

Answer 53

Configuring deploying and managing system resources enterprise wide

Question 54

What is SecDevOps?

Answer 54

Integration of secure development best practices into agile software development and deployment

Question 55

Name one continuous process automated by SecDevOps.

Answer 55

Continuous integration

Question 56

What are two types of code analysis used in testing?

Answer 56

Static code analysis and dynamic code analysis

Question 57

What is fuzzing in dynamic code analysis?

Answer 57

Providing random input to trigger exceptions and find vulnerabilities

Question 58

Why is sharing threat intelligence important?

Answer 58

It helps organizations improve defenses by learning from others experiences

Question 59

What is one often overlooked step in securing endpoint computers?

Answer 59

Confirming computer started without malicious activity