Set 06 Flashcards
(10 cards)
Q61: Malware essentially codifies the malicious activities intended by an attacker and can be analyzed using the Cyber Kill Chain model which represents (iterations of) steps typically involved in a cyber stack.
What is the first step in the Cyber Kill Chan Model that Cyber Attackers Follow?
A. Establishing a command-and-control channel for attackers to remotely commander the victims system
B. Reconnaissance is the 1st step where an attacker identifies or attracts the potential targets by scanning
C. Exploiting a vulnerability and executing malicious code on the victims system
D. The 1st step is to gain access to the targets by sending crafted input to trigger a vulnerability.
B. Reconnaissance is the 1st step where an attacker identifies or attracts the potential targets by scanning
Q62: Which concept address information flow with different privacy needs depending on the entities the information or the environment in which it is exchanged. A. PII B. PHI C. Integrity of the information D. Contextual Integrity
D. Contextual Integrity
Q63: A framework that acknowledges that currently systems are interconnected, and provides basis on how to secure them A. NIST B. FAIR C. ISO D. ITIL
A. NIST
Q64: An adversary cannot determin which candidate a user voted for, this is true for A. Ballot Secrecy B. Ballot anonymity C. Vote confidence D. Vote secrecy
A. Ballot Secrecy
Q65: The term 'jurisdiction' is used to refer to a state, or any political sub-division of a state, that has the authority to do? A. Place probable cause B. Address conflict of law C. Enforce laws or regulation D. All of above
C. Enforce laws or regulation
Q66: Anomaly detection is an essential technique of identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.
This supposedly supports the detection of what?
A. Economic vulnerability and social vulnerability
B. Environmental vulnerability
C. Physical and real-time vulnerability
D. 0-day attacks
D. 0-day attacks
Q67: \_\_\_\_\_ is oriented towards operational risk and security practices rather than techology. A. STRIDE B. Attack trees C. Fair D. Octave Allegro
D. Octave Allegro
Q68: Cybercrime can be categorized into \_\_\_\_\_ types A. 3 B. 2 C. 6 D. 4
A. 3
Q69: What is the best detection approach when dealing with DDos?
A. Include monitoring host activities involved in encryption
B. Use the layer 7 capability firewall for detection
C. Analyze the statically properties of traffic
D. Look for synchronized activities both in C&C like traffic and malicious traffic.
C. Analyze the statically properties of traffic ???
Q70: Before performing any penetration testm, through legal procedure, which key points listed below is not mandatory?
A. Type of broadband company used by the firm
B,. System and network
C. Characteristics of work done in the firm
D. Know the nature of the organization
D. Know the nature of the organization
