Set 08 Flashcards
(10 cards)
Q81: A \_\_\_\_\_ is a machine which is offered as bait to attackers A. Hub B. Honeypot C. Honeywall D. Honeywell
B. Honeypot
Q82: Since the late 1990s, machine learning (ML) has been applied to automate the process of building models for detecting malware and attacks. The benefit of machine learning is its ability to generalize over a population of samples.
Which of the following is an example of machine learning?
A. After providing an ML algorithm samples of different malware families for ‘training’, the resultant model can classify new, unseen malware as belonging to one of those families.
B. Instructions, control flow graphs, and call graphs
C. System call sequences and other statistics (e.g., frequency and existence of system calls), system call parameters, data flow graphs and network payload features.
D. Both B and C are examples of machine learing.
A. After providing an ML algorithm samples of different malware families for ‘training’, the resultant model can classify new, unseen malware as belonging to one of those families.
Q83: While browsing the internet David saw the advertisement of used car in great condition, low miles, and below market price, he contact the car owner and made a small payment upfront before the final delivery. After some time, he didn't hear back from the car owner. This is an example of A. Advance fee fraud B. Social Media Fraud C. E-Commerce Fraud D. Automobile Fraud
A. Advance fee fraud
Q84: Criminals exploit vulnerabilities in organizations website the disagree with and use them to change the homepage of the website to a politically charged one to spread their message. This hacktivism type is called A. Denial of Services B. Low Orbit Ion Cannon (LOIC) Program C. Netstrickes D. Web Defacements
D. Web Defacements
Q85: The source code of the malware is often not available and , therefore, the first step of static analysis is to disassemble malware binary into assembly code and the most commonly used code obfuscation technique is packing.
Packing is part of the malware program?
A. Compressing and encrypting part of the malware.
B Operating system kernel, drivers, and Application Programming Interfaces (APIs)
C. Uncompressed and decrypt[ted part of the malware program
D. Static and run-time libraries in the infected machine;
A. Compressing and encrypting part of the malware.
Q86: There are several types of takedowns to disrupt malware operations. If the malware uses domain names to look up and to communicate with centralized C&C servers.
What is the line of action in the above scenario?
A. AS the botmaster has little control of the IP address diversity and down-time for compromised machines in a fast-flux network, we can use these features to detect fast-flux.
B. We perform takedown of C7C domains by ‘sinkhole’ the domains, i.e., making the C7C domains resolve to the defender’s servers so that botnet traffic is ‘trapped’ (that is, redirected) to these servers.
C. Among the algorithm-generated domains, the botmaster can pick a few to register and make them resolve to the C&C servers
D. We can partition the P2P botnet into isolated sub-networks, create a sinkhole node, or poison the communication channel by issuing command to stope malicious activities.
B. We perform takedown of C7C domains by ‘sinkhole’ the domains, i.e., making the C7C domains resolve to the defender’s servers so that botnet traffic is ‘trapped’ (that is, redirected) to these servers.
Q87: If malware is not detected during its distribution state, i.e., a detection system misses its presence in the payloads of network traffic or the filesystem and memory of the end-host, it can still be detected? A. During Packing B. By applying Dynamic Dataflow C. When it dissembled D. When It Executes
D. When It Executes
Q88: In IDS, \_\_\_\_\_ are attack events that should be reported in alerts by the detector. A. True Positives (TP) B. True Negative (TN) C. False Positives (FP) D. False Negatives (FN)
A. True Positives (TP)
Q89: At the core network, MPLS provides an interesting option to mitigate DDoS attacks
A. They pass all legitimate traffic through firewall.
B. They deploy IDS system between links
C. They reserve bandwidth and bandwidth usage control for legitimate traffic.
D. They stop all traffic for some time.
C. They reserve bandwidth and bandwidth usage control for legitimate traffic.
Q90: From a commercial point of view, attack graphs and vulnerability management techniques facilitate risk management and compliance with governance.
As the potential for cyber-attacks surge, and possibly becomes a risk to human life or corporate stability, regulators enforce protection and detection methods to confirm what?
A. Network threats are occasionally monitored.
B. The technical staff is well educated in detecting malware
C. Cyber-risk is effectively controlled in organizations
D. Top management is properly trained regarding cybersecurity.
C. Cyber-risk is effectively controlled in organizations
