17463497
Beschreibung
Quiz von Good Guy Beket, aktualisiert more than 1 year ago
|
Erstellt von Good Guy Beket
vor mehr als 5 Jahre
|
|
Frage 1
Frage
What are two methods to maintain certificate revocation status? (Choose two.)
Antworten
-
subordinate CA
-
OCSP
-
DNS
-
LDAP
-
CRL
Frage 2
Frage
The following message was encrypted using a Caesar cipher with a key of 2:
fghgpf vjg ecuvng
What is the plaintext message?
Antworten
-
invade the castle
-
defend the castle
-
defend the region
-
invade the region
Frage 3
Frage
What is the purpose of a digital certificate?
Antworten
-
It ensures that the person who is gaining access to a network device is authorized.
-
It provides proof that data has a traditional signature attached.
-
It guarantees that a website has not been hacked.
-
It authenticates a website and establishes a secure connection to exchange confidential data
Frage 4
Frage
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
Antworten
-
data integrity
-
non-repudiation
-
origin authentication
-
data confidentiality
Frage 5
Frage
In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location?
Antworten
-
intrusion detection and prevention
-
anti-phishing
-
telemetry
-
safe browsing
Frage 6
Frage
On a Windows host, which tool can be used to create and maintain blacklists and whitelists?
Antworten
-
Group Policy Editor
-
Local Users and Groups
-
Computer Management
-
Task Manager
Frage 7
Frage
Which statement describes agentless antivirus protection?
Antworten
-
Host-based antivirus systems provide agentless antivirus protection.
-
The antivirus protection is provided by the router that is connected to a cloud service.
-
The antivirus protection is provided by the ISP.
-
Antivirus scans are performed on hosts from a centralized system.
Frage 8
Frage
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
Antworten
-
risk avoidance
-
risk retention
-
risk reduction
-
risk sharing
Frage 9
Frage
In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?
Antworten
-
risk reduction
-
risk avoidance
-
risk retention
-
risk sharing
Frage 10
Frage
What is a host-based intrusion detection system (HIDS)?
Antworten
-
It identifies potential attacks and sends alerts but does not stop the traffic.
-
It detects and stops potential direct attacks but does not scan for malware.
-
It is an agentless system that scans files on a host for potential malware.
-
It combines the functionalities of antimalware applications with firewall protection.
Frage 11
Frage
What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file?
Antworten
-
behavior-based
-
agent-based
-
signature-based
-
heuristic-based
Frage 12
Frage
Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks?
Antworten
-
firewall
-
workstation
-
server
-
switch
Frage 13
Frage
Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component?
Antworten
-
user interaction
-
attack vector
-
attack complexity
-
privileges required
Frage 14
Frage
In addressing an identified risk, which strategy aims to stop performing the activities that create risk?
Antworten
-
risk reduction
-
risk avoidance
-
risk retention
-
risk sharing
Frage 15
Frage
Which statement describes the term iptables?
Antworten
-
It is a file used by a DHCP server to store current active IP addresses.
-
It is a DHCP application in Windows.
-
It is a DNS daemon in Linux.
-
It is a rule-based firewall application in Linux.
Frage 16
Frage
For network systems, which management system addresses the inventory and control of hardware and software configurations?
Antworten
-
asset management
-
vulnerability management
-
risk management
-
configuration management
Frage 17
Frage
Which statement describes the anomaly-based intrusion detection approach?
Antworten
-
It compares the signatures of incoming traffic to a known intrusion database.
-
It compares the antivirus definition file to a cloud based repository for latest updates.
-
It compares the operations of a host against a well-defined security policy.
-
It compares the behavior of a host to an established baseline to identify potential intrusions.
Frage 18
Frage
What is the first step taken in risk assessment?
Antworten
-
Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
-
Establish a baseline to indicate risk before security controls are implemented.
-
Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness.
-
Perform audits to verify threats are eliminated.
Frage 19
Frage
Which statement describes the threat-vulnerability (T-V) pairing?
Antworten
-
It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
-
It is the comparison between known malware and system risks.
-
It is the detection of malware against a central vulnerability research center.
-
It is the advisory notice from a vulnerability research center.
Frage 20
Frage
Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites?
Antworten
-
whitelisting
-
HIDS
-
blacklisting
-
baselining
Frage 21
Frage
Which statement describes the use of a Network Admission Control (NAC) solution?
Antworten
-
It provides network access to only authorized and compliant systems.
-
A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint.
-
It provides endpoint protection from viruses and malware.
-
It provides filtering and blacklisting of websites being accessed by end users.
Frage 22
Frage
Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?
Antworten
-
heuristics-based
-
packet-based
-
behavior-based
-
signature-based
Frage 23
Frage
Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information?
Antworten
-
Gramm-Leach-Bliley Act (GLBA)
-
Health Insurance Portability and Accountability Act (HIPAA)
-
Federal Information Security Management Act of 2002 (FISMA)
-
Sarbanes-Oxley Act of 2002 (SOX)
Frage 24
Frage
Which statement describes the term attack surface?
Antworten
-
It is the total sum of vulnerabilities in a system that is accessible to an attacker.
-
It is the group of hosts that experiences the same attack.
-
It is the network interface where attacks originate.
-
It is the total number of attacks toward an organization within a day.
Frage 25
Frage
Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification?
Antworten
-
assess
-
discover
-
verify
-
prioritize assets
Frage 26
Frage
When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
Antworten
-
session duration
-
critical asset address space
-
ports used
-
total throughput
Frage 27
Frage
Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.)
Antworten
-
Modified Base
-
Confidentiality Requirement
-
Exploit Code Maturity
-
Exploitability
-
Impact metrics
Frage 28
Frage
In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?
Antworten
-
risk analysis
-
penetration testing
-
vulnerability assessment
-
strength of network security testing
Frage 29
Frage
Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two)
Antworten
-
scope
-
attack complexity
-
user interaction
-
attack vector
-
privileges required
Frage 30
Frage
Which statement describes the Cisco Threat Grid Glovebox?
Antworten
-
It is a network-based IDS/IPS.
-
It is a firewall appliance.
-
It is a host-based intrusion detection system (HIDS) solution to fight against malware
-
It is a sandbox product for analyzing malware behaviors.
Frage 31
Frage
How does using HTTPS complicate network security monitoring?
Antworten
-
HTTPS cannot protect visitors to a company-provided web site.
-
HTTPS can be used to infiltrate DNS queries.
-
Web browser traffic is directed to infected servers.
-
HTTPS adds complexity to captured packets.
Frage 32
Frage
Which protocol is used to send e-mail messages between two servers that are in different e-mail domains?
Antworten
-
POP3
-
SMTP
-
HTTP
-
IMAP4
Frage 33
Frage
What are two ways that ICMP can be a security threat to a company? (Choose two.)
Antworten
-
by collecting information about a network
-
by corrupting network IP data packets
-
by providing a conduit for DoS attacks
-
by corrupting data between email servers and email recipients
-
by the infiltration of web pages
Frage 34
Frage
Which function is provided by the Sguil application?
Antworten
-
It makes Snort-generated alerts readable and searchable.
-
It detects potential network intrusions.
-
It reports conversations between hosts on the network.
-
It prevents malware from attacking a host.
Frage 35
Frage
Which two options are network security monitoring approaches that use advanced analytic techniques to analyze network telemetry data? (Choose two.)
Antworten
-
NetFlow
-
Snorby
-
NBAD
-
NBA
-
IPFIX
-
Sguil
Frage 36
Frage
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security.
Which two methods does Linux use to log data in order to identify a security event? (Choose two.)
Antworten
-
Apache access logs
-
Event Viewer
-
NetFlow
-
SPAN
-
syslog
Frage 37
Frage
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security.
What is a daemon?
Antworten
-
a background process that runs without the need for user interaction
-
a record to keep track of important events
-
a type of security attack
-
an application that monitors and analyzes suspicious activity
Frage 38
Frage
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security.
Because the company uses discretionary access control (DAC) for user file management, what feature would need to be supported on the server?
Antworten
-
access based on security clearance held
-
principle of least privilege
-
role-based access control
-
user-based data access control
Frage 39
Frage
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security.
What are two benefits of using an ext4 partition instead of ext3? (Choose two.)
Antworten
-
compatibility with CDFS
-
compatibility with NTFS
-
decreased load time
-
improved performance
-
an increase in the number of supported devices
-
increase in the size of supported files
Frage 40
Frage
How can IMAP be a security threat to a company?
Antworten
-
It can be used to encode stolen data and send to a threat actor.
-
An email can be used to bring malware to a host.
-
Encrypted data is decrypted.
-
Someone inadvertently clicks on a hidden iFrame.
Frage 41
Frage
A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?
Antworten
-
Open the Task Manager, right-click on the lsass process and choose End Task.
-
Uninstall the lsass application because it is a legacy application and no longer required by Windows.
-
Move it to Program Files (x86) because it is a 32bit application.
-
Delete the file because it is probably malware.
Frage 42
Frage
How does a web proxy device provide data loss prevention (DLP) for an enterprise?
Antworten
-
by checking the reputation of external web servers
-
by functioning as a firewall
-
by inspecting incoming traffic for potential exploits
-
by scanning and logging outgoing traffic
Frage 43
Frage
A system analyst is reviewing syslog messages and notices that the PRI value of a message is 26. What is the severity value of the message?
Antworten
-
1
-
2
-
3
-
6
Frage 44
Frage
Which statement describes session data in security logs?
Antworten
-
It is a record of a conversation between network hosts.
-
It can be used to describe or predict network behavior.
-
It reports detailed network activities between network hosts.
-
It shows the result of network sessions.
Frage 45
Frage
In a Cisco AVC system, in which module is NetFlow deployed?
Antworten
-
Management and Reporting
-
Metrics Collection
-
Control
-
Application Recognition
Frage 46
Frage
What port number would be used if a threat actor was using NTP to direct DDoS attacks?
Antworten
-
443
-
25
-
69
-
123
Frage 47
Frage
Which information can be provided by the Cisco NetFlow utility?
Antworten
-
IDS and IPS capabilities
-
security and user account restrictions
-
peak usage times and traffic routing
-
source and destination UDP port mapping
Frage 48
Frage
What is Tor?
Antworten
-
a type of Instant Messaging (IM) software used on the darknet
-
a way to share processors between network devices across the Internet
-
a rule created in order to match a signature of a known exploit
-
a software platform and network of P2P hosts that function as Internet routers
Frage 49
Frage
Which statement describes statistical data in network security monitoring processes?
Antworten
-
It shows the results of network activities between network hosts.
-
It contains conversations between network hosts.
-
It is created through an analysis of other forms of network data.
-
It lists each alert message along with statistical information.
Frage 50
Frage
Refer to the exhibit. A network administrator is reviewing an Apache access log message. What is the status of the access request by the client?
Antworten
-
The request was unsuccessful because of server errors.
-
The request was fulfilled successfully.
-
The request was redirected to another web server.
-
The request was unsuccessful because of client errors.
Frage 51
Frage
How might corporate IT professionals deal with DNS-based cyber threats?
Antworten
-
Monitor DNS proxy server logs and look for unusual DNS queries.
-
Use IPS/IDS devices to scan internal corporate traffic.
-
Limit the number of simultaneously opened browsers or browser tabs.
-
Limit the number of DNS queries permitted within the organization.
Frage 52
Frage
Refer to the exhibit. A junior network engineer is handed a print-out of the network information shown. Which protocol or service originated the information shown in the graphic?
Antworten
-
NetFlow
-
TACACS+
-
RADIUS
-
Syslog
Frage 53
Frage
Which technology is used in Cisco Next-Generation IPS devices to consolidate multiple security layers into a single platform?
Antworten
-
FirePOWER
-
WinGate
-
Apache Traffic Server
-
Squid
Frage 54
Frage
Refer to the exhibit. How is the traffic from the client web browser being altered when connected to the destination website of www.cisco.com?
Antworten
-
Traffic is sent in plain-text by the user machine and is encrypted by the TOR node in France and decrypted by the TOR node in Germany.
-
Traffic is encrypted by the user machine and sent directly to the cisco.com server to be decrypted.
-
Traffic is encrypted by the user machine, and the TOR network only routes the traffic through France, Canada, Germany, and delivers it to cisco.com.
-
Traffic is encrypted by the user machine, and the TOR network encrypts next-hop information on a hop-by-hop basis.
Frage 55
Frage
Which Windows log contains information about installations of software, including Windows updates?
Antworten
-
setup logs
-
application logs
-
system logs
-
security logs
Frage 56
Frage
Which Windows log records events related to login attempts and operations related to file or object access?
Antworten
-
setup logs
-
security logs
-
application logs
-
system logs
Frage 57
Frage
What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?
Antworten
-
The timestamp represents the round trip duration value.
-
The syslog message indicates the time an email is received.
-
There is a problem associated with NTP.
-
The syslog message should be treated with high priority.
Frage 58
Frage
Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server? (Choose two.)
Antworten
-
HTTPS
-
DHCP
-
HTML
-
DNS
-
HTTP
Frage 59
Frage
Which protocol is a name resolution protocol often used by malware to communicate with command-and-control (CnC) servers?
Antworten
-
IMAP
-
HTTPS
-
DNS
-
ICMP
Frage 60
Frage
How is the hash value of files useful in network security investigations?
Antworten
-
It helps identify malware signatures
-
It is used to decode files
-
It verifies confidentiality of files
-
It is used as a key for encryption
Frage 61
Frage
Which tool is a Security Onion integrated host-based intrusion detection system?
Antworten
-
OSSEC
-
Sguil
-
ELSA
-
Snort
Frage 62
Frage
Which type of evidence supports an assertion based on previously obtained evidence?
Antworten
-
Direct evidence
-
Corroborating evidence
-
Best evidence
-
Indirect evidence
Frage 63
Frage
Which tool is developed by Cisco and provides an interactive dashboard that allows investigation of the threat landscape?
Antworten
-
Wireshark
-
Talos
-
Sguil
-
Snort
Frage 64
Frage
Which term is used to describe the process of converting log entries into a common format?
Antworten
-
Standardization
-
Normalization
-
Classification
-
Systemization
Frage 65
Frage
According to NIST, which step in the digital forensics process involves extracting relevant information from data?
Antworten
-
Collection
-
Examination
-
Analysis
-
Reporting
Frage 66
Frage
A law office uses a Linux host as the firewall device for the network. The IT administrator is adding a rule to the firewall iptables to block internal hosts from connecting to a remote device that has the IP address 209.165.202.133. Which command should the administrator use?
Antworten
-
IPTABLES –I FORWARD –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
-
IPTABLES –I INPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
-
IPTABLES –I PASS –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
-
IPTABLES –I OUTPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
Frage 67
Frage
What procedure should be avoided in a digital forensics investigation?
Antworten
-
Secure physical access to the computer under investigation
-
Reboot the affected system upon arrival
-
Make a copy of the hard drive
-
Recover deleted files
Frage 68
Frage
Which statement describes a feature of timestamps in Linux?
Antworten
-
Human readable timestamps measure the number of seconds that have passed since January 1, 1970.
-
All devices generate human readable and unix epoch timestamps
-
It is easier to work with Unix epoch timestamps for addition and subtraction operations
-
Unix epoch timestamps are easier for humans to interpret
Frage 69
Frage
Which tool is included with Security Onion that is used by Snort to automatically download new rules?
Antworten
-
Sguil
-
Wireshark
-
PulledPork
-
ELSA
Frage 70
Frage
Which tool would an analyst use to start a workflow investigation?
Antworten
-
Sguil
-
Bro
-
Snort
-
ELSA
Frage 71
Frage
What is indicated by a Snort signature ID that is below 3464?
Antworten
-
The SID was created by Sourcefire and distributed under a GPL agreement
-
This is a custom signature developed by the organization to address locally observed rules
-
The SID was created by members of emerging threats
-
The SID was created by the Snort community and is maintained in community rules
Frage 72
Frage
How does an application program interact with the operating system?
Antworten
-
Accessing BIOS or UEFI
-
Making API calls
-
Sending files
-
Using processes
Frage 73
Frage
A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert?
Antworten
-
TRUE NEGATIVE
-
TRUE POSITIVE
-
FALSE POSITIVE
-
FALSE NEGATIVE
Frage 74
Frage
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.
How would a certified cybersecurity analyst classify this type of threat actor?
Antworten
-
Amateur
-
Hacktivist
-
State-sponsored
-
Terrorist
Frage 75
Frage
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.
The security team at this company has removed the compromised server and preserved it with the security hack still embedded. What type of evidence is this?
Antworten
-
Best
-
Classified
-
Corroborating
-
Indirect
Frage 76
Frage
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.
Which type of attack was achieved?
Antworten
-
Access
-
DoS
-
DDoS
-
Social engineering
Frage 77
Frage
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. the threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.
What would be the threat attribution in this case?
Antworten
-
Evaluating the server alert data
-
Obtaining the most volatile evidence
-
Determining who is responsible for the attack
-
Reporting the incident to the proper authorities
Frage 78
Frage
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. the threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.
What are three common tools used to carry out this type of attack? (Choose three.)
Antworten
-
Ping sweep
-
TCP SYN flood
-
Buffer overflow
-
IP, MAC and DHCP Spoofing
-
Smurf attack
-
Man-in-the-middle
Frage 79
Frage
Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What is the function provided by the ampersand symbol used in the command?
Antworten
-
It instructs the tcpdump to capture data that starts with the symbol.
-
It tells the Linux shell to execute the tcpdump process in the background.
-
It tells the Linux shell to display the captured data on the console.
-
It tells the Linux shell to execute the tcpdump process indefinitely.
Frage 80
Frage
Refer to the exhibit. A cybersecurity analyst is using Sguil to verify security alerts. How is the current view sorted?
Antworten
-
By sensor number
-
By source IP
-
By frequency
-
By Date/Time
Frage 81
Frage
Which three procedures in Sguil are provided to security analysts to address alerts? (Choose three.)
Antworten
-
Expire false positives
-
Pivot to other information sources and tools
-
Construct queries using query builder
-
Escalate an uncertain alert
-
Correlate similar alerts into a single line
-
Categorize true positives
Frage 82
Frage
Which two strings will be matched by the regular expression? (Choose two.)
Level[^12]
Antworten
-
Level4
-
Level3
-
Level2
-
Level1
-
Level12
Frage 83
Frage
Which statement describes the status after the Security Onion VM is started?
Antworten
-
Sguil becomes enabled via the sudo Sguil –e terminal command
-
Awk becomes enabled via the sudo awk terminal command
-
Pullpork is used by ELSA as an open source search engine
-
Snort is enabled by default
Frage 84
Frage
What are the three core functions provided by the Security Onion? (Choose three.)
Antworten
-
Business continuity planning
-
Full packet capture
-
Alert analysis
-
Intrusion detection
-
Security device management
-
Threat containment
Frage 85
Frage
Refer to the exhibit. A network security analyst is using the Follow TCP Stream feature in Wireshark to rebuild the TCP transaction. However, the transaction data seems indecipherable. What is the explanation for this?
Antworten
-
The transaction data is encoded with base64
-
The transaction data is a binary file
-
The data shown is line noise
-
The transaction data is corrupted
Frage 86
Frage
What is the tool that has alert records linked directly to the search functionality of the Enterprise Log Search and Archive (ELSA)?
Antworten
-
Sguil
-
Wireshark
-
CapMe
-
Snort
Frage 87
Frage
Refer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?
Antworten
-
66
-
1514
-
6666
-
48598
Frage 88
Frage
Which two types of unreadable network traffic could be eliminated from data collected by NSM? (Choose two.)
Antworten
-
Routing updates traffic
-
STP traffic
-
SSL traffic
-
IPSec traffic
-
Broadcast traffic
Frage 89
Frage
When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations of a system? (Choose two.)
Antworten
-
Collect email and web logs for forensic reconstruction.
-
Analyze the infrastructure path used for delivery.
-
Audit endpoints to forensically determine origin of exploit.
-
Conduct full malware analysis.
-
Conduct employee awareness training and email testing.
Frage 90
Frage
Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?
Antworten
-
Detail how incidents should be handled based on the mission and functions of an organization.
-
Develop metrics for measuring the incident response capability and its effectiveness.
-
Create an organizational structure and definition of roles, responsibilities, and levels of authority.
-
Prioritize severity ratings of security incidents.
Frage 91
Frage
What is the objective the threat actor in establishing a two-way communication channel between the target system and a CnC infrastructure?
Antworten
-
to allow the threat actor to issue commands to the software that is installed on the target
-
to steal network bandwidth from the network where the target is located
-
to launch a buffer overflow attack
-
to send user data stored on the target to the threat actor
Frage 92
Frage
After containment, what is the first step of eradicating an attack?
Antworten
-
Hold meetings on lessons learned.
-
Change all passwords.
-
Patch all vulnerabilities.
-
Identify all hosts that need remediation.
Frage 93
Frage
What is defined in the SOP of a computer security incident response capability (CSIRC)?
Antworten
-
the procedures that are followed during an incident response
-
the metrics for measuring incident response capabilities
-
the roadmap for increasing incident response capabilities
-
the details on how an incident is handled
Frage 94
Frage
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
The threat actor has already placed malware on the server causing its performance to slow. The network administrator has found and removed the malware as well as patched the security hole where the threat actor gained access. The network administrator can find no other security issue. What stage of the Cyber Kill Chain did the threat actor achieve?
Antworten
-
actions on objectives
-
command and control
-
delivery
-
exploitation
-
installation
Frage 95
Frage
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
If the web server runs Microsoft IIS, which Windows tool would the network administrator use to view the access logs?
Antworten
-
Event Viewer
-
net command
-
PowerShell
-
Task Manager
Frage 96
Frage
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
Reports of network slowness lead the network administrator to review server alerts. The administrator confirms that an alert was an actual security incident. Which type of security alert classification would this be?
Antworten
-
false negative
-
false positive
-
true negative
-
true positive
Frage 97
Frage
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
The network administrator believes that the threat actor used a commonly available tool to slow the server down. The administrator concludes that based on the source IP address identified in the alert, the threat actor was probably one of the students. What type of hacker would the student be classified as?
Antworten
-
black hat
-
gray hat
-
red hat
-
white hat
Frage 98
Frage
What is the goal of an attack in the installation phase of the Cyber Kill Chain?
Antworten
-
Create a back door in the target system to allow for future access.
-
Establish command and control (CnC) with the target system.
-
Use the information from the reconnaissance phase to develop a weapon against the target.
-
Break the vulnerability and gain control of the target.
Frage 99
Frage
Which meta-feature element in the Diamond Model describes information gained by the adversary?
Antworten
-
resources
-
methodology
-
direction
-
results
Frage 100
Frage
What is a benefit of using the VERIS community database?
Antworten
-
It can be used to discover how other organizations dealt with a particular type of security incident.
-
Companies who pay to contribute and access the database are protected from security threats.
-
It can be used to discover the name of known threat actors.
-
The database can be easily compressed.
Frage 101
Frage
When a security attack has occurred, which two approaches should security professionals take to mitigate a compromised system during the Actions on Objectives step as defined by the Cyber Kill Chain model? (Choose two.)
Antworten
-
Build detections for the behavior of known malware.
-
Train web developers for securing code.
-
Detect data exfiltration, lateral movement, and unauthorized credential usage.
-
Perform forensic analysis of endpoints for rapid triage.
-
Collect malware files and metadata for future analysis.
Frage 102
Frage
A threat actor has identified the potential vulnerability of the web server of an organization and is building an attack. What will the threat actor possibly do to build an attack weapon?
Antworten
-
Obtain an automated tool in order to deliver the malware payload through the vulnerability.
-
Install a webshell on the web server for persistent access.
-
Create a point of persistence by adding services.
-
Collect credentials of the web server developers and administrators.
Frage 103
Frage
Which action is taken in the postincident phase of the NIST incident response life cycle?
Antworten
-
Document the handling of the incident.
-
identify and validate incidents.
-
Conduct CSIRT response training.
-
Implement procedures to contain threats.
Frage 104
Frage
Which top-level element of the VERIS schema would allow a company to log who the actors were, what actions affected the asset, which assets were affected, and how the asset was affected?
Antworten
-
incident description
-
incident tracking
-
discovery and response
-
victim demographics
Frage 105
Frage
What is the role of vendor teams as they relate to CSIRT?
Antworten
-
Coordinate incident handling across multiple CSIRTs.
-
Handle customer reports concerning security vulnerabilities.
-
Use data from many sources to determine incident activity trends.
-
Provide incident handling to other organizations as a fee-based service.
Frage 106
Frage
According to information outlined by the Cyber Kill Chain, which two approaches can help identify reconnaissance threats? (Choose two.)
Antworten
-
Analyze web log alerts and historical search data.
-
Audit endpoints to forensically determine origin of exploit.
-
Build playbooks for detecting browser behavior.
-
Conduct full malware analysis.
-
Understand targeted servers, people, and data available to attack.
Frage 107
Frage
To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)
Antworten
-
measures used to prevent an incident
-
time and date the evidence was collected
-
extent of the damage to resources and assets
-
vulnerabilities that were exploited in an attack
-
serial numbers and hostnames of devices used as evidence
-
location of all evidence
Frage 108
Frage
Which schema or model was created to anonymously share quality information about security events to the security community?
Antworten
-
VERIS
-
Diamond
-
CSIRT
-
Cyber Kill Chain
Frage 109
Frage
What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?
Antworten
-
It provides a roadmap for maturing the incident response capability.
-
It provides metrics for measuring the incident response capability and effectiveness.
-
It defines how the incident response teams will communicate with the rest of the organization and with other organizations.
-
It details how incidents should be handled based on the organizational mission and functions.
Frage 110
Frage
What information is gathered by the CSIRT when determining the scope of a security incident?
Antworten
-
the processes used to preserve evidence
-
the strategies and procedures used for incident containment
-
the networks, systems, and applications affected by an incident
-
the amount of time and resources needed to handle an incident
Frage 111
Frage
What is the main purpose of exploitations by a threat actor through the weapon delivered to a target during the Cyber Kill Chain exploitation phase?
Antworten
-
Launch a DoS attack
-
Send a message back to CnC controlled by the threat actor
-
Break the vulnerability and gain control of the target
-
Establish a back door into the system
Frage 112
Frage
Which term is used in the Diamond Model of intrusion to describe a tool that a threat actor uses toward a target system?
Antworten
-
infrastructure
-
capability
-
weaponization
-
adversary
Frage 113
Frage
What is the role of a Computer Emergency Response Team?
Antworten
-
Receive, review, and respond to security incidents in an organization.
-
Provide national standards as a fee-based service.
-
Coordinate security incident handling across multiple CSIRTs.
-
Provide security awareness, best practices, and security vulnerability information to a specific population.
Frage 114
Frage
A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet. To which attack phase do these activities belong according to the Cyber Kill Chain model?
Antworten
-
Actions on objectives
-
Exploitation
-
Reconnaissance
-
Weaponization
Frage 115
Frage
In which phase of the NIST incident response life cycle is evidence gathered that can assist subsequent investigations by authorities?
Antworten
-
Preparation
-
Containment, Eradication and Recovery
-
Postincident activities
-
Detection and analysis
Frage 116
Frage
The company will be using both Linux- and Windows- based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two).
Antworten
-
Iptable
-
SIEM
-
Snort
-
Windows Table
Frage 117
Frage
The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.)
Antworten
-
802 is authentication
-
HTTPS web-service
-
FTP transfers
-
Local NTP server
-
File and directory permission
Frage 118
Frage
The entrepreneur is concerned about company employees having uninterrupted access to important resources and data. Which of the CIA triad components would address the concern?
Antworten
-
Authentication
-
Confidentiality
-
Integrity
-
Availability
Frage 119
Frage
Use the following scenario to answer the questions. An entrepreneur is starting a small business and is considering the server services needed for the startup company. The company handling the IT service is presenting options to the company. The company will be using both Linux- and Windows-based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two.)
Antworten
-
Iptable
-
Windows Firewall
-
Snort
-
SIEM
-
Wireshark
Frage 120
Frage
What is the Stream Ciphers?
Antworten
-
Stream ciphers operate on each bit (instead of block)
-
Random answer (do not click, dumbass)
Frage 121
Frage
Grey Hat Hackers are..
Antworten
-
Commit crimes and do unethical things but not for personal gain or to cause damage.
-
May compromise network and then disclose the problem so the organization can fix the problem.
-
Random answer1
-
Random answer2
Frage 122
Frage
“Vulnerability Broker” Threat Actors ...
Antworten
-
Discover exploits and report them to vendors, sometimes for prizes or rewards.
-
Random answer 1 (click here to get free $500!)
Frage 123
Frage
Definition of the attack " Sniffer "…
Antworten
-
an application or device that can read, monitor, and capture network data exchanges and read network packets
-
Random answer 1 (do not click)
Frage 124
Frage
Which type of security threat can be described as software that attaches itself to another program to execute a specific unwanted function?
Antworten
-
virus
-
worm
-
proxy Trojan horse
-
Denial of Service Trojan horse
Frage 125
Frage
What is the significant characteristic of worm malware?
Hint:
Virus requires a host program to run, worms can run by themselves. Automatically replicates itself and spreads across the network from system to system
Antworten
-
A worm can execute independently of the host system.
-
A worm must be triggered by an event on the host system.
-
Worm malware disguises itself as legitimate software.
-
Once installed on a host system, a worm does not replicate itself
Frage 126
Frage
What is the purpose of a reconnaissance attack on a computer network?
Antworten
-
Also known as information gathering, reconnaissance attacks perform unauthorized discovery and mapping of systems, services, or vulnerabilities.
-
Random answer 1
Frage 127
Frage
Type of access attack that attempts to manipulate individuals into performing actions or divulging confidential information needed to access a network.
Antworten
-
Social engineering attacks
-
Random answer 1
Frage 128
Frage
What kind of DDOS term are malware designed to infect a host and communicate with a handler system and can also log keystrokes, gather passwords, capture and analyze packets, and more?
Antworten
-
Bots
-
Random answer 1
Frage 129
Frage
What term DDoS attack refers to a group of zombies infected using self-propagating malware (i.e., bots) and are controlled by handlers?
Antworten
-
Botnet
-
Random answer 1 (do not click)
Frage 130
Frage
What term DDoS attack refers to a master command-and-control server controlling groups of zombies?
Antworten
-
Handlers
-
Bots
-
Botnet
-
Botmaster
Frage 131
Frage
What term DDoS attack refers to a group of compromised hosts (i.e. agents) that run malicious code referred to as robots (i.e. bots) ?
Antworten
-
Zombies
-
Handlers
-
Botmaster
-
Scrum master
Frage 132
Frage
What term DDoS attack refers to the malware designed to infect a host and communicate with a handler system. It can also log keystrokes, gather passwords, capture and analyze packets, and more...
Antworten
-
Bots
-
Zombies
-
Handlers
-
Handlermaster
Frage 133
Frage
What term DDoS attack refers to a group of zombies infected using self-propogating malware (i.e. bots) and are controlled by handlers.
Antworten
-
Botnet
-
Handlers
-
Handlermaster
-
Scrum master
Frage 134
Frage
What DDOS attack term refers to the threat actor in control of the botnet handlers?
Antworten
-
Botmaster
-
Zombies
-
Zombie master
-
Scrum master
Frage 135
Frage
Types of attacks targeting IP:
Antworten
-
DOS
-
buffer overflow
-
Random answer 1 (do not click here)
Frage 136
Frage
The DoS attacks...
Antworten
-
Originates from multiple, coordinated sources
-
Compromises many hosts
-
Random answer 1
Frage 137
Frage
ICMP attacks...
Antworten
-
Can be used to identify hosts on a network, the structure of a network, and determine the operating systems at use on the network. Can also be used as a vehicle for various types of DoS attacks. ICMP can also be used for data exfiltration through ICMP traffic from inside the network.
-
To carry diagnostic messages and to report error conditions when routes, hosts, and ports are unavailable. ICMP messages are generated by devices when a network error or outage occurs.
-
Random answer 1 (do not click here)
Frage 138
Frage
Two major sources of DoS attacks (choose two):
Antworten
-
Maliciously Formatted Packets
-
Overwhelming Quantity of Traffic
-
Random answer 1 (don't click)
Frage 139
Frage
Which tool is used to provide a list of open ports on network devices?
Antworten
-
Nmap
-
Sguil
-
ELSA
-
Security Onion
Frage 140
Frage
The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this?
Antworten
-
remote access
-
Random answer 1
Frage 141
Frage
What is IPS?
Antworten
-
Intrusion prevention system that stops trigger packets
-
Random answer
Frage 142
Frage
What is the ACL?
Antworten
-
Is a series of commands that control whether a device forwards or drops packets based on information found in the packet header
-
Random answer
Frage 143
Frage
What is the The syslog logging service?
Antworten
-
Serivce that allows networking devices to send their system messages across the network to syslog servers.
-
Service that provides three primary functions: Gather logging information for monitoring and troubleshooting; Select the type of logging information that is captured; Specify the destination of captured syslog messages.
-
Random answer 1
Frage 144
Frage
________ is an usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information.
Antworten
-
Packet filtering (Stateless) firewalls
-
Random answer
Frage 145
Frage
This type firewalls filters IP traffic between a pair of bridged interfaces
Antworten
-
Transparent firewall
-
Random answer
Frage 146
Frage
What systems provide real time reporting and long-term analysis of security events?
Antworten
-
Security Information Event Management (SIEM)
-
Random answer
Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.