Fundamentals of Information Security [State Exam | Part 2 + 23 new questions]

Good Guy Beket
Quiz by Good Guy Beket, updated more than 1 year ago
Good Guy Beket
Created by Good Guy Beket about 2 years ago
641
14

Description

Advanced Fundamentals of Information Security [Teachers: Abdulanova Altynay, Sagymbekova Azhar; STATE EXAM] ▼ (State Exam) Quiz on Fundamentals of Information Security [State Exam | Part 2 + 23 new questions], created by Good Guy Beket on 26/03/2019.

Resource summary

Question 1

Question
What are two methods to maintain certificate revocation status? (Choose two.)
Answer
  • subordinate CA
  • OCSP
  • DNS
  • LDAP
  • CRL

Question 2

Question
The following message was encrypted using a Caesar cipher with a key of 2: fghgpf vjg ecuvng What is the plaintext message?
Answer
  • invade the castle
  • defend the castle
  • defend the region
  • invade the region

Question 3

Question
What is the purpose of a digital certificate?
Answer
  • It ensures that the person who is gaining access to a network device is authorized.
  • It provides proof that data has a traditional signature attached.
  • It guarantees that a website has not been hacked.
  • It authenticates a website and establishes a secure connection to exchange confidential data

Question 4

Question
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
Answer
  • data integrity
  • non-repudiation
  • origin authentication
  • data confidentiality

Question 5

Question
In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location?
Answer
  • intrusion detection and prevention
  • anti-phishing
  • telemetry
  • safe browsing

Question 6

Question
On a Windows host, which tool can be used to create and maintain blacklists and whitelists?
Answer
  • Group Policy Editor
  • Local Users and Groups
  • Computer Management
  • Task Manager

Question 7

Question
Which statement describes agentless antivirus protection?
Answer
  • Host-based antivirus systems provide agentless antivirus protection.
  • The antivirus protection is provided by the router that is connected to a cloud service.
  • The antivirus protection is provided by the ISP.
  • Antivirus scans are performed on hosts from a centralized system.

Question 8

Question
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
Answer
  • risk avoidance
  • risk retention
  • risk reduction
  • risk sharing

Question 9

Question
In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?
Answer
  • risk reduction
  • risk avoidance
  • risk retention
  • risk sharing

Question 10

Question
What is a host-based intrusion detection system (HIDS)?
Answer
  • It identifies potential attacks and sends alerts but does not stop the traffic.
  • It detects and stops potential direct attacks but does not scan for malware.
  • It is an agentless system that scans files on a host for potential malware.
  • It combines the functionalities of antimalware applications with firewall protection.

Question 11

Question
What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file?
Answer
  • behavior-based
  • agent-based
  • signature-based
  • heuristic-based

Question 12

Question
Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks?
Answer
  • firewall
  • workstation
  • server
  • switch

Question 13

Question
Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component?
Answer
  • user interaction
  • attack vector
  • attack complexity
  • privileges required

Question 14

Question
In addressing an identified risk, which strategy aims to stop performing the activities that create risk?
Answer
  • risk reduction
  • risk avoidance
  • risk retention
  • risk sharing

Question 15

Question
Which statement describes the term iptables?
Answer
  • It is a file used by a DHCP server to store current active IP addresses.
  • It is a DHCP application in Windows.
  • It is a DNS daemon in Linux.
  • It is a rule-based firewall application in Linux.

Question 16

Question
For network systems, which management system addresses the inventory and control of hardware and software configurations?
Answer
  • asset management
  • vulnerability management
  • risk management
  • configuration management

Question 17

Question
Which statement describes the anomaly-based intrusion detection approach?
Answer
  • It compares the signatures of incoming traffic to a known intrusion database.
  • It compares the antivirus definition file to a cloud based repository for latest updates.
  • It compares the operations of a host against a well-defined security policy.
  • It compares the behavior of a host to an established baseline to identify potential intrusions.

Question 18

Question
What is the first step taken in risk assessment?
Answer
  • Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
  • Establish a baseline to indicate risk before security controls are implemented.
  • Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness.
  • Perform audits to verify threats are eliminated.

Question 19

Question
Which statement describes the threat-vulnerability (T-V) pairing?
Answer
  • It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
  • It is the comparison between known malware and system risks.
  • It is the detection of malware against a central vulnerability research center.
  • It is the advisory notice from a vulnerability research center.

Question 20

Question
Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites?
Answer
  • whitelisting
  • HIDS
  • blacklisting
  • baselining

Question 21

Question
Which statement describes the use of a Network Admission Control (NAC) solution?
Answer
  • It provides network access to only authorized and compliant systems.
  • A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint.
  • It provides endpoint protection from viruses and malware.
  • It provides filtering and blacklisting of websites being accessed by end users.

Question 22

Question
Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?
Answer
  • heuristics-based
  • packet-based
  • behavior-based
  • signature-based

Question 23

Question
Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information?
Answer
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Federal Information Security Management Act of 2002 (FISMA)
  • Sarbanes-Oxley Act of 2002 (SOX)

Question 24

Question
Which statement describes the term attack surface?
Answer
  • It is the total sum of vulnerabilities in a system that is accessible to an attacker.
  • It is the group of hosts that experiences the same attack.
  • It is the network interface where attacks originate.
  • It is the total number of attacks toward an organization within a day.

Question 25

Question
Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification?
Answer
  • assess
  • discover
  • verify
  • prioritize assets

Question 26

Question
When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
Answer
  • session duration
  • critical asset address space
  • ports used
  • total throughput

Question 27

Question
Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.)
Answer
  • Modified Base
  • Confidentiality Requirement
  • Exploit Code Maturity
  • Exploitability
  • Impact metrics

Question 28

Question
In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?
Answer
  • risk analysis
  • penetration testing
  • vulnerability assessment
  • strength of network security testing

Question 29

Question
Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two)
Answer
  • scope
  • attack complexity
  • user interaction
  • attack vector
  • privileges required

Question 30

Question
Which statement describes the Cisco Threat Grid Glovebox?
Answer
  • It is a network-based IDS/IPS.
  • It is a firewall appliance.
  • It is a host-based intrusion detection system (HIDS) solution to fight against malware
  • It is a sandbox product for analyzing malware behaviors.

Question 31

Question
How does using HTTPS complicate network security monitoring?
Answer
  • HTTPS cannot protect visitors to a company-provided web site.
  • HTTPS can be used to infiltrate DNS queries.
  • Web browser traffic is directed to infected servers.
  • HTTPS adds complexity to captured packets.

Question 32

Question
Which protocol is used to send e-mail messages between two servers that are in different e-mail domains?
Answer
  • POP3
  • SMTP
  • HTTP
  • IMAP4

Question 33

Question
What are two ways that ICMP can be a security threat to a company? (Choose two.)
Answer
  • by collecting information about a network
  • by corrupting network IP data packets
  • by providing a conduit for DoS attacks
  • by corrupting data between email servers and email recipients
  • by the infiltration of web pages

Question 34

Question
Which function is provided by the Sguil application?
Answer
  • It makes Snort-generated alerts readable and searchable.
  • It detects potential network intrusions.
  • It reports conversations between hosts on the network.
  • It prevents malware from attacking a host.

Question 35

Question
Which two options are network security monitoring approaches that use advanced analytic techniques to analyze network telemetry data? (Choose two.)
Answer
  • NetFlow
  • Snorby
  • NBAD
  • NBA
  • IPFIX
  • Sguil

Question 36

Question
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. Which two methods does Linux use to log data in order to identify a security event? (Choose two.)
Answer
  • Apache access logs
  • Event Viewer
  • NetFlow
  • SPAN
  • syslog

Question 37

Question
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. What is a daemon?
Answer
  • a background process that runs without the need for user interaction
  • a record to keep track of important events
  • a type of security attack
  • an application that monitors and analyzes suspicious activity

Question 38

Question
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. Because the company uses discretionary access control (DAC) for user file management, what feature would need to be supported on the server?
Answer
  • access based on security clearance held
  • principle of least privilege
  • role-based access control
  • user-based data access control

Question 39

Question
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. What are two benefits of using an ext4 partition instead of ext3? (Choose two.)
Answer
  • compatibility with CDFS
  • compatibility with NTFS
  • decreased load time
  • improved performance
  • an increase in the number of supported devices
  • increase in the size of supported files

Question 40

Question
How can IMAP be a security threat to a company?
Answer
  • It can be used to encode stolen data and send to a threat actor.
  • An email can be used to bring malware to a host.
  • Encrypted data is decrypted.
  • Someone inadvertently clicks on a hidden iFrame.

Question 41

Question
A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?
Answer
  • Open the Task Manager, right-click on the lsass process and choose End Task.
  • Uninstall the lsass application because it is a legacy application and no longer required by Windows.
  • Move it to Program Files (x86) because it is a 32bit application.
  • Delete the file because it is probably malware.

Question 42

Question
How does a web proxy device provide data loss prevention (DLP) for an enterprise?
Answer
  • by checking the reputation of external web servers
  • by functioning as a firewall
  • by inspecting incoming traffic for potential exploits
  • by scanning and logging outgoing traffic

Question 43

Question
A system analyst is reviewing syslog messages and notices that the PRI value of a message is 26. What is the severity value of the message?
Answer
  • 1
  • 2
  • 3
  • 6

Question 44

Question
Which statement describes session data in security logs?
Answer
  • It is a record of a conversation between network hosts.
  • It can be used to describe or predict network behavior.
  • It reports detailed network activities between network hosts.
  • It shows the result of network sessions.

Question 45

Question
In a Cisco AVC system, in which module is NetFlow deployed?
Answer
  • Management and Reporting
  • Metrics Collection
  • Control
  • Application Recognition

Question 46

Question
What port number would be used if a threat actor was using NTP to direct DDoS attacks?
Answer
  • 443
  • 25
  • 69
  • 123

Question 47

Question
Which information can be provided by the Cisco NetFlow utility?
Answer
  • IDS and IPS capabilities
  • security and user account restrictions
  • peak usage times and traffic routing
  • source and destination UDP port mapping

Question 48

Question
What is Tor?
Answer
  • a type of Instant Messaging (IM) software used on the darknet
  • a way to share processors between network devices across the Internet
  • a rule created in order to match a signature of a known exploit
  • a software platform and network of P2P hosts that function as Internet routers

Question 49

Question
Which statement describes statistical data in network security monitoring processes?
Answer
  • It shows the results of network activities between network hosts.
  • It contains conversations between network hosts.
  • It is created through an analysis of other forms of network data.
  • It lists each alert message along with statistical information.

Question 50

Question
Refer to the exhibit. A network administrator is reviewing an Apache access log message. What is the status of the access request by the client?
Answer
  • The request was unsuccessful because of server errors.
  • The request was fulfilled successfully.
  • The request was redirected to another web server.
  • The request was unsuccessful because of client errors.

Question 51

Question
How might corporate IT professionals deal with DNS-based cyber threats?
Answer
  • Monitor DNS proxy server logs and look for unusual DNS queries.
  • Use IPS/IDS devices to scan internal corporate traffic.
  • Limit the number of simultaneously opened browsers or browser tabs.
  • Limit the number of DNS queries permitted within the organization.

Question 52

Question
Refer to the exhibit. A junior network engineer is handed a print-out of the network information shown. Which protocol or service originated the information shown in the graphic?
Answer
  • NetFlow
  • TACACS+
  • RADIUS
  • Syslog

Question 53

Question
Which technology is used in Cisco Next-Generation IPS devices to consolidate multiple security layers into a single platform?
Answer
  • FirePOWER
  • WinGate
  • Apache Traffic Server
  • Squid

Question 54

Question
Refer to the exhibit. How is the traffic from the client web browser being altered when connected to the destination website of www.cisco.com?
Answer
  • Traffic is sent in plain-text by the user machine and is encrypted by the TOR node in France and decrypted by the TOR node in Germany.
  • Traffic is encrypted by the user machine and sent directly to the cisco.com server to be decrypted.
  • Traffic is encrypted by the user machine, and the TOR network only routes the traffic through France, Canada, Germany, and delivers it to cisco.com.
  • Traffic is encrypted by the user machine, and the TOR network encrypts next-hop information on a hop-by-hop basis.

Question 55

Question
Which Windows log contains information about installations of software, including Windows updates?
Answer
  • setup logs
  • application logs
  • system logs
  • security logs

Question 56

Question
Which Windows log records events related to login attempts and operations related to file or object access?
Answer
  • setup logs
  • security logs
  • application logs
  • system logs

Question 57

Question
What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?
Answer
  • The timestamp represents the round trip duration value.
  • The syslog message indicates the time an email is received.
  • There is a problem associated with NTP.
  • The syslog message should be treated with high priority.

Question 58

Question
Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server? (Choose two.)
Answer
  • HTTPS
  • DHCP
  • HTML
  • DNS
  • HTTP

Question 59

Question
Which protocol is a name resolution protocol often used by malware to communicate with command-and-control (CnC) servers?
Answer
  • IMAP
  • HTTPS
  • DNS
  • ICMP

Question 60

Question
How is the hash value of files useful in network security investigations?
Answer
  • It helps identify malware signatures
  • It is used to decode files
  • It verifies confidentiality of files
  • It is used as a key for encryption

Question 61

Question
Which tool is a Security Onion integrated host-based intrusion detection system?
Answer
  • OSSEC
  • Sguil
  • ELSA
  • Snort

Question 62

Question
Which type of evidence supports an assertion based on previously obtained evidence?
Answer
  • Direct evidence
  • Corroborating evidence
  • Best evidence
  • Indirect evidence

Question 63

Question
Which tool is developed by Cisco and provides an interactive dashboard that allows investigation of the threat landscape?
Answer
  • Wireshark
  • Talos
  • Sguil
  • Snort

Question 64

Question
Which term is used to describe the process of converting log entries into a common format?
Answer
  • Standardization
  • Normalization
  • Classification
  • Systemization

Question 65

Question
According to NIST, which step in the digital forensics process involves extracting relevant information from data?
Answer
  • Collection
  • Examination
  • Analysis
  • Reporting

Question 66

Question
A law office uses a Linux host as the firewall device for the network. The IT administrator is adding a rule to the firewall iptables to block internal hosts from connecting to a remote device that has the IP address 209.165.202.133. Which command should the administrator use?
Answer
  • IPTABLES –I FORWARD –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
  • IPTABLES –I INPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
  • IPTABLES –I PASS –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
  • IPTABLES –I OUTPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP

Question 67

Question
What procedure should be avoided in a digital forensics investigation?
Answer
  • Secure physical access to the computer under investigation
  • Reboot the affected system upon arrival
  • Make a copy of the hard drive
  • Recover deleted files

Question 68

Question
Which statement describes a feature of timestamps in Linux?
Answer
  • Human readable timestamps measure the number of seconds that have passed since January 1, 1970.
  • All devices generate human readable and unix epoch timestamps
  • It is easier to work with Unix epoch timestamps for addition and subtraction operations
  • Unix epoch timestamps are easier for humans to interpret

Question 69

Question
Which tool is included with Security Onion that is used by Snort to automatically download new rules?
Answer
  • Sguil
  • Wireshark
  • PulledPork
  • ELSA

Question 70

Question
Which tool would an analyst use to start a workflow investigation?
Answer
  • Sguil
  • Bro
  • Snort
  • ELSA

Question 71

Question
What is indicated by a Snort signature ID that is below 3464?
Answer
  • The SID was created by Sourcefire and distributed under a GPL agreement
  • This is a custom signature developed by the organization to address locally observed rules
  • The SID was created by members of emerging threats
  • The SID was created by the Snort community and is maintained in community rules

Question 72

Question
How does an application program interact with the operating system?
Answer
  • Accessing BIOS or UEFI
  • Making API calls
  • Sending files
  • Using processes

Question 73

Question
A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert?
Answer
  • TRUE NEGATIVE
  • TRUE POSITIVE
  • FALSE POSITIVE
  • FALSE NEGATIVE

Question 74

Question
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. How would a certified cybersecurity analyst classify this type of threat actor?
Answer
  • Amateur
  • Hacktivist
  • State-sponsored
  • Terrorist

Question 75

Question
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. The security team at this company has removed the compromised server and preserved it with the security hack still embedded. What type of evidence is this?
Answer
  • Best
  • Classified
  • Corroborating
  • Indirect

Question 76

Question
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. Which type of attack was achieved?
Answer
  • Access
  • DoS
  • DDoS
  • Social engineering

Question 77

Question
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. the threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What would be the threat attribution in this case?
Answer
  • Evaluating the server alert data
  • Obtaining the most volatile evidence
  • Determining who is responsible for the attack
  • Reporting the incident to the proper authorities

Question 78

Question
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. the threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What are three common tools used to carry out this type of attack? (Choose three.)
Answer
  • Ping sweep
  • TCP SYN flood
  • Buffer overflow
  • IP, MAC and DHCP Spoofing
  • Smurf attack
  • Man-in-the-middle

Question 79

Question
Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What is the function provided by the ampersand symbol used in the command?
Answer
  • It instructs the tcpdump to capture data that starts with the symbol.
  • It tells the Linux shell to execute the tcpdump process in the background.
  • It tells the Linux shell to display the captured data on the console.
  • It tells the Linux shell to execute the tcpdump process indefinitely.

Question 80

Question
Refer to the exhibit. A cybersecurity analyst is using Sguil to verify security alerts. How is the current view sorted?
Answer
  • By sensor number
  • By source IP
  • By frequency
  • By Date/Time

Question 81

Question
Which three procedures in Sguil are provided to security analysts to address alerts? (Choose three.)
Answer
  • Expire false positives
  • Pivot to other information sources and tools
  • Construct queries using query builder
  • Escalate an uncertain alert
  • Correlate similar alerts into a single line
  • Categorize true positives

Question 82

Question
Which two strings will be matched by the regular expression? (Choose two.) Level[^12]
Answer
  • Level4
  • Level3
  • Level2
  • Level1
  • Level12

Question 83

Question
Which statement describes the status after the Security Onion VM is started?
Answer
  • Sguil becomes enabled via the sudo Sguil –e terminal command
  • Awk becomes enabled via the sudo awk terminal command
  • Pullpork is used by ELSA as an open source search engine
  • Snort is enabled by default

Question 84

Question
What are the three core functions provided by the Security Onion? (Choose three.)
Answer
  • Business continuity planning
  • Full packet capture
  • Alert analysis
  • Intrusion detection
  • Security device management
  • Threat containment

Question 85

Question
Refer to the exhibit. A network security analyst is using the Follow TCP Stream feature in Wireshark to rebuild the TCP transaction. However, the transaction data seems indecipherable. What is the explanation for this?
Answer
  • The transaction data is encoded with base64
  • The transaction data is a binary file
  • The data shown is line noise
  • The transaction data is corrupted

Question 86

Question
What is the tool that has alert records linked directly to the search functionality of the Enterprise Log Search and Archive (ELSA)?
Answer
  • Sguil
  • Wireshark
  • CapMe
  • Snort

Question 87

Question
Refer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?
Answer
  • 66
  • 1514
  • 6666
  • 48598

Question 88

Question
Which two types of unreadable network traffic could be eliminated from data collected by NSM? (Choose two.)
Answer
  • Routing updates traffic
  • STP traffic
  • SSL traffic
  • IPSec traffic
  • Broadcast traffic

Question 89

Question
When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations of a system? (Choose two.)
Answer
  • Collect email and web logs for forensic reconstruction.
  • Analyze the infrastructure path used for delivery.
  • Audit endpoints to forensically determine origin of exploit.
  • Conduct full malware analysis.
  • Conduct employee awareness training and email testing.

Question 90

Question
Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?
Answer
  • Detail how incidents should be handled based on the mission and functions of an organization.
  • Develop metrics for measuring the incident response capability and its effectiveness.
  • Create an organizational structure and definition of roles, responsibilities, and levels of authority.
  • Prioritize severity ratings of security incidents.

Question 91

Question
What is the objective the threat actor in establishing a two-way communication channel between the target system and a CnC infrastructure?
Answer
  • to allow the threat actor to issue commands to the software that is installed on the target
  • to steal network bandwidth from the network where the target is located
  • to launch a buffer overflow attack
  • to send user data stored on the target to the threat actor

Question 92

Question
After containment, what is the first step of eradicating an attack?
Answer
  • Hold meetings on lessons learned.
  • Change all passwords.
  • Patch all vulnerabilities.
  • Identify all hosts that need remediation.

Question 93

Question
What is defined in the SOP of a computer security incident response capability (CSIRC)?
Answer
  • the procedures that are followed during an incident response
  • the metrics for measuring incident response capabilities
  • the roadmap for increasing incident response capabilities
  • the details on how an incident is handled

Question 94

Question
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. The threat actor has already placed malware on the server causing its performance to slow. The network administrator has found and removed the malware as well as patched the security hole where the threat actor gained access. The network administrator can find no other security issue. What stage of the Cyber Kill Chain did the threat actor achieve?
Answer
  • actions on objectives
  • command and control
  • delivery
  • exploitation
  • installation

Question 95

Question
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. If the web server runs Microsoft IIS, which Windows tool would the network administrator use to view the access logs?
Answer
  • Event Viewer
  • net command
  • PowerShell
  • Task Manager

Question 96

Question
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. Reports of network slowness lead the network administrator to review server alerts. The administrator confirms that an alert was an actual security incident. Which type of security alert classification would this be?
Answer
  • false negative
  • false positive
  • true negative
  • true positive

Question 97

Question
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. The network administrator believes that the threat actor used a commonly available tool to slow the server down. The administrator concludes that based on the source IP address identified in the alert, the threat actor was probably one of the students. What type of hacker would the student be classified as?
Answer
  • black hat
  • gray hat
  • red hat
  • white hat

Question 98

Question
What is the goal of an attack in the installation phase of the Cyber Kill Chain?
Answer
  • Create a back door in the target system to allow for future access.
  • Establish command and control (CnC) with the target system.
  • Use the information from the reconnaissance phase to develop a weapon against the target.
  • Break the vulnerability and gain control of the target.

Question 99

Question
Which meta-feature element in the Diamond Model describes information gained by the adversary?
Answer
  • resources
  • methodology
  • direction
  • results

Question 100

Question
What is a benefit of using the VERIS community database?
Answer
  • It can be used to discover how other organizations dealt with a particular type of security incident.
  • Companies who pay to contribute and access the database are protected from security threats.
  • It can be used to discover the name of known threat actors.
  • The database can be easily compressed.

Question 101

Question
When a security attack has occurred, which two approaches should security professionals take to mitigate a compromised system during the Actions on Objectives step as defined by the Cyber Kill Chain model? (Choose two.)
Answer
  • Build detections for the behavior of known malware.
  • Train web developers for securing code.
  • Detect data exfiltration, lateral movement, and unauthorized credential usage.
  • Perform forensic analysis of endpoints for rapid triage.
  • Collect malware files and metadata for future analysis.

Question 102

Question
A threat actor has identified the potential vulnerability of the web server of an organization and is building an attack. What will the threat actor possibly do to build an attack weapon?
Answer
  • Obtain an automated tool in order to deliver the malware payload through the vulnerability.
  • Install a webshell on the web server for persistent access.
  • Create a point of persistence by adding services.
  • Collect credentials of the web server developers and administrators.

Question 103

Question
Which action is taken in the postincident phase of the NIST incident response life cycle?
Answer
  • Document the handling of the incident.
  • identify and validate incidents.
  • Conduct CSIRT response training.
  • Implement procedures to contain threats.

Question 104

Question
Which top-level element of the VERIS schema would allow a company to log who the actors were, what actions affected the asset, which assets were affected, and how the asset was affected?
Answer
  • incident description
  • incident tracking
  • discovery and response
  • victim demographics

Question 105

Question
What is the role of vendor teams as they relate to CSIRT?
Answer
  • Coordinate incident handling across multiple CSIRTs.
  • Handle customer reports concerning security vulnerabilities.
  • Use data from many sources to determine incident activity trends.
  • Provide incident handling to other organizations as a fee-based service.

Question 106

Question
According to information outlined by the Cyber Kill Chain, which two approaches can help identify reconnaissance threats? (Choose two.)
Answer
  • Analyze web log alerts and historical search data.
  • Audit endpoints to forensically determine origin of exploit.
  • Build playbooks for detecting browser behavior.
  • Conduct full malware analysis.
  • Understand targeted servers, people, and data available to attack.

Question 107

Question
To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)
Answer
  • measures used to prevent an incident
  • time and date the evidence was collected
  • extent of the damage to resources and assets
  • vulnerabilities that were exploited in an attack
  • serial numbers and hostnames of devices used as evidence
  • location of all evidence

Question 108

Question
Which schema or model was created to anonymously share quality information about security events to the security community?
Answer
  • VERIS
  • Diamond
  • CSIRT
  • Cyber Kill Chain

Question 109

Question
What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?
Answer
  • It provides a roadmap for maturing the incident response capability.
  • It provides metrics for measuring the incident response capability and effectiveness.
  • It defines how the incident response teams will communicate with the rest of the organization and with other organizations.
  • It details how incidents should be handled based on the organizational mission and functions.

Question 110

Question
What information is gathered by the CSIRT when determining the scope of a security incident?
Answer
  • the processes used to preserve evidence
  • the strategies and procedures used for incident containment
  • the networks, systems, and applications affected by an incident
  • the amount of time and resources needed to handle an incident

Question 111

Question
What is the main purpose of exploitations by a threat actor through the weapon delivered to a target during the Cyber Kill Chain exploitation phase?
Answer
  • Launch a DoS attack
  • Send a message back to CnC controlled by the threat actor
  • Break the vulnerability and gain control of the target
  • Establish a back door into the system

Question 112

Question
Which term is used in the Diamond Model of intrusion to describe a tool that a threat actor uses toward a target system?
Answer
  • infrastructure
  • capability
  • weaponization
  • adversary

Question 113

Question
What is the role of a Computer Emergency Response Team?
Answer
  • Receive, review, and respond to security incidents in an organization.
  • Provide national standards as a fee-based service.
  • Coordinate security incident handling across multiple CSIRTs.
  • Provide security awareness, best practices, and security vulnerability information to a specific population.

Question 114

Question
A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet. To which attack phase do these activities belong according to the Cyber Kill Chain model?
Answer
  • Actions on objectives
  • Exploitation
  • Reconnaissance
  • Weaponization

Question 115

Question
In which phase of the NIST incident response life cycle is evidence gathered that can assist subsequent investigations by authorities?
Answer
  • Preparation
  • Containment, Eradication and Recovery
  • Postincident activities
  • Detection and analysis

Question 116

Question
The company will be using both Linux- and Windows- based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two).
Answer
  • Iptable
  • SIEM
  • Snort
  • Windows Table

Question 117

Question
The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.)
Answer
  • 802 is authentication
  • HTTPS web-service
  • FTP transfers
  • Local NTP server
  • File and directory permission

Question 118

Question
The entrepreneur is concerned about company employees having uninterrupted access to important resources and data. Which of the CIA triad components would address the concern?
Answer
  • Authentication
  • Confidentiality
  • Integrity
  • Availability

Question 119

Question
Use the following scenario to answer the questions. An entrepreneur is starting a small business and is considering the server services needed for the startup company. The company handling the IT service is presenting options to the company. The company will be using both Linux- and Windows-based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two.)
Answer
  • Iptable
  • Windows Firewall
  • Snort
  • SIEM
  • Wireshark

Question 120

Question
What is the Stream Ciphers?
Answer
  • Stream ciphers operate on each bit (instead of block)
  • Random answer (do not click, dumbass)

Question 121

Question
Grey Hat Hackers are..
Answer
  • Commit crimes and do unethical things but not for personal gain or to cause damage.
  • May compromise network and then disclose the problem so the organization can fix the problem.
  • Random answer1
  • Random answer2

Question 122

Question
“Vulnerability Broker” Threat Actors ...
Answer
  • Discover exploits and report them to vendors, sometimes for prizes or rewards.
  • Random answer 1 (click here to get free $500!)

Question 123

Question
Definition of the attack " Sniffer "…
Answer
  • an application or device that can read, monitor, and capture network data exchanges and read network packets
  • Random answer 1 (do not click)

Question 124

Question
Which type of security threat can be described as software that attaches itself to another program to execute a specific unwanted function?
Answer
  • virus
  • worm
  • proxy Trojan horse
  • Denial of Service Trojan horse

Question 125

Question
What is the significant characteristic of worm malware? Hint: Virus requires a host program to run, worms can run by themselves. Automatically replicates itself and spreads across the network from system to system
Answer
  • A worm can execute independently of the host system.
  • A worm must be triggered by an event on the host system.
  • Worm malware disguises itself as legitimate software.
  • Once installed on a host system, a worm does not replicate itself

Question 126

Question
What is the purpose of a reconnaissance attack on a computer network?
Answer
  • Also known as information gathering, reconnaissance attacks perform unauthorized discovery and mapping of systems, services, or vulnerabilities.
  • Random answer 1

Question 127

Question
Type of access attack that attempts to manipulate individuals into performing actions or divulging confidential information needed to access a network.
Answer
  • Social engineering attacks
  • Random answer 1

Question 128

Question
What kind of DDOS term are malware designed to infect a host and communicate with a handler system and can also log keystrokes, gather passwords, capture and analyze packets, and more?
Answer
  • Bots
  • Random answer 1

Question 129

Question
What term DDoS attack refers to a group of zombies infected using self-propagating malware (i.e., bots) and are controlled by handlers?
Answer
  • Botnet
  • Random answer 1 (do not click)

Question 130

Question
What term DDoS attack refers to a master command-and-control server controlling groups of zombies?
Answer
  • Handlers
  • Bots
  • Botnet
  • Botmaster

Question 131

Question
What term DDoS attack refers to a group of compromised hosts (i.e. agents) that run malicious code referred to as robots (i.e. bots) ?
Answer
  • Zombies
  • Handlers
  • Botmaster
  • Scrum master

Question 132

Question
What term DDoS attack refers to the malware designed to infect a host and communicate with a handler system. It can also log keystrokes, gather passwords, capture and analyze packets, and more...
Answer
  • Bots
  • Zombies
  • Handlers
  • Handlermaster

Question 133

Question
What term DDoS attack refers to a group of zombies infected using self-propogating malware (i.e. bots) and are controlled by handlers.
Answer
  • Botnet
  • Handlers
  • Handlermaster
  • Scrum master

Question 134

Question
What DDOS attack term refers to the threat actor in control of the botnet handlers?
Answer
  • Botmaster
  • Zombies
  • Zombie master
  • Scrum master

Question 135

Question
Types of attacks targeting IP:
Answer
  • DOS
  • buffer overflow
  • Random answer 1 (do not click here)

Question 136

Question
The DoS attacks...
Answer
  • Originates from multiple, coordinated sources
  • Compromises many hosts
  • Random answer 1

Question 137

Question
ICMP attacks...
Answer
  • Can be used to identify hosts on a network, the structure of a network, and determine the operating systems at use on the network. Can also be used as a vehicle for various types of DoS attacks. ICMP can also be used for data exfiltration through ICMP traffic from inside the network.
  • To carry diagnostic messages and to report error conditions when routes, hosts, and ports are unavailable. ICMP messages are generated by devices when a network error or outage occurs.
  • Random answer 1 (do not click here)

Question 138

Question
Two major sources of DoS attacks (choose two):
Answer
  • Maliciously Formatted Packets
  • Overwhelming Quantity of Traffic
  • Random answer 1 (don't click)

Question 139

Question
Which tool is used to provide a list of open ports on network devices?
Answer
  • Nmap
  • Sguil
  • ELSA
  • Security Onion

Question 140

Question
The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this?
Answer
  • remote access
  • Random answer 1

Question 141

Question
What is IPS?
Answer
  • Intrusion prevention system that stops trigger packets
  • Random answer

Question 142

Question
What is the ACL?
Answer
  • Is a series of commands that control whether a device forwards or drops packets based on information found in the packet header
  • Random answer

Question 143

Question
What is the The syslog logging service?
Answer
  • Serivce that allows networking devices to send their system messages across the network to syslog servers.
  • Service that provides three primary functions: Gather logging information for monitoring and troubleshooting; Select the type of logging information that is captured; Specify the destination of captured syslog messages.
  • Random answer 1

Question 144

Question
________ is an usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information.
Answer
  • Packet filtering (Stateless) firewalls
  • Random answer

Question 145

Question
This type firewalls filters IP traffic between a pair of bridged interfaces
Answer
  • Transparent firewall
  • Random answer

Question 146

Question
What systems provide real time reporting and long-term analysis of security events?
Answer
  • Security Information Event Management (SIEM)
  • Random answer
Show full summary Hide full summary

Similar

reading test 9 form
svetlana.gainano
Exam 70-410: Installing and Configuring Windows Server 2012 R2
Mike M
Plant Structure and Photosynthesis
Evangeline Taylor
Biology AQA 3.1.3 Osmosis and Diffusion
evie.daines
Mapas mentales con ExamTime
julii.perci
GCSE Biology B1 (OCR)
Usman Rauf
GCSE REVISION TIMETABLE
nimraa422
Mapa sobre ALGORITMOS
RICAUTER MOISES LOPEZ BERMUDEZ
ARTE DE GRECIA
Leonor Gimenez
Data Types
Santiago Castillo
SINDROME DE DOWN
clau lopez