Phase 4 Flashcards
1
Q
What are the default windows event logs?
A
System, security, application
2
Q
Which default windows tool is used to view windows logs?
A
Event viewer
3
Q
What is the default location for log files in Linux?
A
/var/log
4
Q
In addition to event files (*evtx), in which formats can you save windows logs?
A
Xml(.xml), text(.txt), comma separated value (*.csv)
5
Q
Which two products were combined to create a SIEM?
A
Security event manager, security information manager
6
Q
What is the default port for communications with elasticsearch?
A
9200
7
Q
What is the default port for communications with kibana?
A
5601
8
Q
Which operational level do cyber professionals generally think at from three discussed in this lecture (introduction to strategy?
A
Tactical
9
Q
Which component of the log stash pipeline is closest to the raw data?
Input
Filters
Elastic search
Output
A
Input
10
Q
What level requires communication of a plan and organizational buy-in of the strategy?
A
Strategic
11
Q
What is the default port utilized by log stash to communicate with elastic search ?
A
9200
12
Q
At which level is the vision of the organization laid out?
A
Strategic
13
Q
After installing filebeats on a server to pull the syslog files, what port needs to be configured for communications on the log stash server, by default?
A
5443
14
Q
Strategy is: (5 things)
A
Built with consideration of the threat
Planned
Built upon experience
Holistic
The efficient use of resources
15
Q
What does the filter component accomplish in the log stash pipeline?
A
Allows customization of the search criteria used by kibana when pulling data from elastic search
16
Q
Does the national security strategy discuss tactics? ( true or false)
A
False
17
Q
all elastic stack components must be installed on the same server, true or false?
A
False
18
Q
Strategic leaders must balance and prioritize risk? True or false
A
True
19
Q
Which elastic stack component creates data visualizations?
A
Kibana
20
Q
What are the “must haves” for organizational strategy? 4 things
A
Vision
Practice
Include all sectors
Consider all levels
21
Q
Using the layered security model which tool is used at every layer?
A
SIEM
22
Q
Strategy is not : (3 choices)
A
Leadership
Benchmarking
Best practices
23
Q
How many pillars does the us 2017 national security strategy have?
A
4
24
Q
Who would find the national security strategy document useful?
A
Everyone
25
Leaders of strategic planning map out objectives for 1-2 years and are classified as which level?
Operational
26
Under the products of a strategic leader, match the first steps to what they include: 4 steps
1. Name the organization
2. Number of people and subunits
3. Major resources and capabilities
4. Identify significant facilities
27
What can a well-communicated vision for an organization do? 4 things
Stretch aspirations
Unite the teams in a common effort(vision)
Establish and inspire performance
Set expectations
28
What question does the mission answer?
Why do we exist?
29
Name the seven factors for environmental analysis
International
Political
Economic/budget
Social
Technology
Demographic
Legal/regulatory
30
Select the three devices level security tool examples using a bottom-up approach
Input validation
Identity access management
Intrusion prevention systems
Data loss prevention
2FA
firewalls
Intrusion prevention systems
2FA
firewalls
31
Using the define the problem stage of operational design, who needs to contribute to the problem definition?
Everyone
32
Operational environment can include: 3 things
Conditions
Influences
Circumstances
33
During the first linked YouTube video, in the slides, on modern information warfare, what classi😾fication
State-sponsored against a private company
34
Referencing the YouTube video, what device is used as a way to pay for everything in China?
Huawei phone
35
During the second linked YouTube video on modern information warfare, how long has information warfare been used?
Since biblical times
36
Select the variables that drive changes in the operational environment continuous assessment :
The refinement or a change in goals
Changes in the environment
The addition of new actors
Strategic context and systematic nature of the problem
Changes in resources, methods, or processes
Strategic trends
Strategic guidance
The refinement or a change in goals
Changes in the environment
The addition of new actors
Changes in resources, methods, or processes
37
Name the two vital components that make up the most important steps in operational design
Describe the operational environment
Define the problem to be solved
38
What is the 4th step of the basic operational approach?
Identify the operational limitations
39
When building a business strategy, what questions are used to define (ENDS)?
What is the end state that must be achieved, how is it related to the strategic end state, and what objectives must be achieved to enable that end state?
40
True or false
Operational design as a business strategy impairs dialog between leaders and staff
False
41
True or false
A better understanding of the problem and its root causes is a direct potential value-added for business strategy using operational design
True
42
Complex adaptive systems are unpredictable. True or false
True
43
Name a model that uses a manned simulation
War games
44
When developing an operational approach, what questions must the mission answer?
Who, what, when, where, and why
45
What is the aim of framing the operational environment?
The aim is to understand existing conditions in order to drive the set of conditions we wish to see at the end of operations
46
Define the term system used in operational design
A functionally physically and/or behaviorally related group Of regularly interacting or independent elements; that group of elements forming a unified whole
47
What are the 2 framing stages of operational design methodology
Frame operational environment
Frame the problem
48
What is the primary product of operational design when applied to the cybersecurity elements of a business?
Intelligence
49
Using the OODA loop, what does the D stand for?
decide
50
In a production environment, why is it important To know which version of splunk is installed?
Testing and compatibility with all components
51
What is the default location for the splunk installation?
/opt/splunk
52
During the Orient stage of the OODA loop, what is the spotlight put on for the blue force
Prioritized information needs of the decision maker
53
Where is the splunk application (binary) located?
/opt/splunk/bin
54
What is the default port to access the splunk web interface?
8000
55
During the ACT stage of the OODA loop, what determines the results of the actions taken
Metrics and feedback
56
What should the SPLUNK_HOME environment variable contain?
/opt/splunk
57
Which stage would the red team observe from the blue team to drive movement
Act
Decide
Orient
Observe
Act
Decide
58
Which criteria are used to measure the effectiveness of intelligence:
Usability
Timeliness
Accuracy
59
Who created the 5 rings
Colonel John Warden
60
Which ring of the 5 rings houses the electrical grid?
Infrastructure
61
When intelligence is provided early, what does this prevent from occurring?
Threat actions
62
What is the business equivalent of the population in warden's 5 rings
Petroleum
Employees
Users
Staff
Employees
Users
Staff
63
When must intelligence flow to the decision-maker in an operation?
During
Before
After
64
Judging intelligence as successful requires which criteria?
Accuracy
Utilization
Timeliness
Actionability
Relevance
65
Sun tzu said to match your strengths against their strengths, true or false?
False
66
Who defines the level of precision required?
Customer
67
Who can limit the level of precision possible?
Collector
68
Parallel attacks are sequential attacks, true or false?
False
69
The final criterion requiring the intelligence to be shared and disseminated in the format requested by the decision makers is called
Tailored
70
What are the intangible elements of the domains of conflict in the information environment?
Information and cognitive
71
According to the strategist, sun tzu, who do we need to know for our victory to not be endangered?
Know the enemy and know yourself
72
Where in the sun tzu quote does the mission drive direction of effort and the allocation of resources?
Know yourself
73
Of the motivations for intelligence, which of the following questions is NOT To be considered:
What authority do you have to collect the data and information?
How much time does it take to conduct the intelligence?
How is that data gathered?
What is done to and with the data?
How much time does it take to conduct the intelligence?
74
What are the three components of understanding the role of threat intelligence?
Operating environment
Threats
Mission
75
In the planning and direction stage, information consumers should NOT :
Dictate particular source or collection method
76
In understanding the role of threat intelligence, the mission defined what exactly?
The equipment
The things you do
The personnel
77
Which is not a transform in maltego?
Network CIDR
Email addresses from domain
Person from domain
Explore historical snapshots
Network CIDR
78
When understanding the enemy's role in threat intelligence, what type of field do these threats operate within?
Rapidly-changing
79
True or false
Results from the transform are added as parent entities to the domain entity in maltego
False
80
What term describes the space you operate in threat intelligence
Operating environment
81
Which area of the mission/threat/operating environment do threat actors act within the role of threat intelligence?
The area of intersection between threat and operating environment
82
The IP address in maltegobcan be found by running the "To IP Address [DNS]" transform from which of the following:
Email addresses
Domain entities
DNS entities
Phone numbers
DNS entities
83
Why is the intersection of all three areas, mission/threat/operating environment, our point of greatest concern?
These are the threats relevant to the mission and that are active in the operating areas.
84
What does strategy provide that enables the cyber security engineering topics to be cohesive?
The why
Framework
Purpose
85
When defining a threat, what is the additional component that makes a threat more dangerous to the organization?
Knowledge
86
Understanding the operating environment is one purpose of intelligence. True or false?
True
87
Reducing risk is not the purpose of intelligence. True or false
False
88
What does intelligence at the strategic level require more than tactical?
More analysis
89
In the intelligence process cycle, how do all phases function after the cycle has begun?
Continuously
90
In a healthy intelligence cycle, what occurs between every phase of the cycle?
Evaluation and feedback
91
True or false
Karl Popper states: scientists must be willing to stand firm in their beliefs if the evidence shows otherwise.
False
92
A conjectured relationship between two phenomena can be:
Causal
Non causal
Causal : a directly causes b
Non causal: a and b are caused by c ; hence a and b are correlated
93
What are the steps in order to construct a theory: 4 steps
Induce
Deduce
Test
Revise
94
What are the 3 curves used in models
Bell
S
Exponential
95
What are the 3 curves used in models
Bell
S
Exponential
96
What is a model
A replica or representation of an object idea or actual system
97
What is data decomposition
Breaking down the problem or issue into its component parts so that each part can be considered separately
98
What criteria for data evaluation are used to answer the question: what is the reason the data was made available?
Objectivity
99
Name the 4 core features in the diamond model overview
Adversary
Victim
Infrastructure
Capabilities
100
When using analytical thinking, what qualitative analysis would be used for unknown data?
Challenges and redrawing techniques
Structured analysis
Imagination techniques
Diagnostic techniques
101
When using analytical thinking, what type of quantitative analysis tools can we employ when we have known data?
Empirical analysis
Visualization techniques
Data-based computer tools
102
Match
Based on understanding of cases or objects by a researcher (qualitative/quantitative)
Based on statistical comparisons of the cases being studied (qualitative/quantitative)
Answers the questions, why, how or what happened (qualitative/quantitative)
Answers the questions how many, how much and how often (qualitative/quantitative)
Qualitative
Quantitative
Qualitative
Quantitative
103
Analysis should be scientific and based on
Evidence
104
True or false
Intuition is also very prone to be anti-biased
False
