ECE 6015 Digital Forensic Mid Term Study Quiz Chapter 1

Beschreibung

This is quiz for midterm
Marjorie Blanco
Quiz von Marjorie Blanco, aktualisiert more than 1 year ago
Marjorie Blanco
Erstellt von Marjorie Blanco vor etwa 3 Jahre
19
0

Zusammenfassung der Ressource

Frage 1

Frage
Ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access.
Antworten
  • Confidentiality
  • Integrity
  • Availability

Frage 2

Frage
Ensuring that data have not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable.
Antworten
  • Availability
  • Integrity
  • Confidentiality

Frage 3

Frage
Ensuring that authorized users have timely, reliable access to resources when they are needed - networks, systems, and applications are up and running.
Antworten
  • Confidentiality
  • Integrity
  • Availability

Frage 4

Frage
Patch your systems regularly
Antworten
  • Cyber hygiene
  • Non-repudiation
  • Data Integrity

Frage 5

Frage
Only installed signed software updates
Antworten
  • Cyber hygiene
  • Non-repudiation
  • Data Integrity

Frage 6

Frage
Source code changes virtually undetectable
Antworten
  • Cyber hygiene
  • Non-repudiation
  • Data Integrity

Frage 7

Frage
What is it Governance?
Antworten
  • Policy
  • Regulations
  • Compliance
  • Oversight
  • Micro management

Frage 8

Frage
What is the role of the CISO?
Antworten
  • Security Policy
  • Compliance
  • No sayer
  • Protect Corporate Secrets
  • Protect personal interest
  • Protect Information Assets
  • Business Enablement

Frage 9

Frage
The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.
Antworten
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Frage 10

Frage
Requirement for multiple people to authenticate in order to perform certain administrative tasks.
Antworten
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Frage 11

Frage
Separation of network into separate mini-networks/segments with distinct security boundaries and protection profiles to limit ability to “pivot” from entry point.
Antworten
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Frage 12

Frage
A set of system resources that operate in the same security domain and that share the protection of a single, common, continuous security perimeter.
Antworten
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Frage 13

Frage
1-10-60 Challenge To effectively combat sophisticated cyberthreats:
Antworten
  • Detect intrusions in under one minute.
  • Investigate and understand threats in under 10 hours.
  • Contain and eliminate the adversary from the environment in under 60 minutes.
  • Detect intrusions in under one hour.

Frage 14

Frage
The time an attack goes undetected (i.e., the delta between intrusion and detection).
Antworten
  • Dwell Time
  • Advanced Persistent Threat

Frage 15

Frage
[blank_start]Advanced Persistent Threat (APT)[blank_end] attack uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a proloned period of time, with potentially destructive consequences.
Antworten
  • Advanced Persistent Threat (APT)
  • Gain Access
  • 1-10-60 Challenge

Frage 16

Frage
Five Stages of an Evolving APT Attack
Antworten
  • Gain Access
  • Establish a Foothold
  • Deepen Access
  • Move Laterally
  • Look, Learn, and Remain
  • Move Horizontally
  • Shallow Access
  • Detection
  • Remain calm then panic

Frage 17

Frage
Stage 1: [blank_start]Gain Access[blank_end] Like a burglar forcing open a door with a crowbar, cybercriminals usually gain entry through a [blank_start]network[blank_end], an infected [blank_start]file[blank_end], junk email, or an app [blank_start]vulnerability[blank_end] to insert [blank_start]malware[blank_end] into a target network.
Antworten
  • network
  • front door
  • file
  • router
  • vulnerability
  • hardening
  • malware
  • firewall
  • Gain Access
  • Look, Learn, and Remain

Frage 18

Frage
[blank_start]Functional Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets all functional requirements – [blank_start]Availability[blank_end] and [blank_start]Integrity[blank_end]
Antworten
  • Functional Testing
  • Performance/Load Testing
  • Penetration Testing
  • Availability
  • Confidentiality
  • Integrity
  • Confidentiality

Frage 19

Frage
[blank_start]Performance/Load Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets performance requirements under a real or simulated load - [blank_start]Availability[blank_end]
Antworten
  • Performance/Load Testing
  • Penetration Testing
  • Functional Testing
  • Availability
  • Confidentiality

Frage 20

Frage
[blank_start]Penetration Testing[blank_end]: Test cases performed to simulate intrusion by an intentional or unintentional cyber threat actor – Confidentiality and Availability (perhaps some Integrity)
Antworten
  • Penetration Testing
  • Performance/Load Testing
  • Functional Testing

Frage 21

Frage
Identify the Incident Response in the MITRE Framework
Antworten
  • Preparation
  • Post-Incident Activity
  • Containment
  • Detection
  • Eradication/Recovery
  • Eradication/Recovery1
  • Containment1

Frage 22

Frage
[blank_start]Preparation[blank_end]: Without good preparation, any subsequent incident response is going to be disorganized and has the potential to make the incident worse.
Antworten
  • Preparation
  • Panic
  • Trainning

Frage 23

Frage
Preparation step include:
Antworten
  • Create incident response plan
  • Train the team
  • Acquire tools
  • Prepping the environment for defense (hardening) and altering
  • Practice
  • Determine the root cause
  • Alter system configuration

Frage 24

Frage
[blank_start]Detection[blank_end]: Process where the organization first becomes aware of a set of events that possibly indicates malicious activity. Depending on the size, an org may receive >100 million events per day.
Antworten
  • Detection
  • Preparation
  • Analysis

Frage 25

Frage
Detection sources can include: [blank_start]Activity logs[blank_end]: A security analyst may receive an alert that a specific administrator account was in use during the time where the administrator was on vacation. [blank_start]External sources[blank_end]: An ISP or law enforcement agency may detect malicious activity originating in an organization's network and contact them and advise them of the situation. [blank_start]Internal users[blank_end]: An employee contacting the help desk and informing agent that services are no longer available, or files are suddenly encrypted
Antworten
  • Activity logs
  • Retrospective
  • External sources
  • Internal users
  • Internal users
  • External sources

Frage 26

Frage
Incident response coordinator: Individual often has overall responsibility for the security of the organization's information; responsible for management of the CSIRT prior to, during, and after an incident
Antworten
  • Chief Security Officer (CSO)
  • Information Security Officer (ISO)
  • Chief Information Security Officer (CISO)
  • Chief Executive Officer (CEO)
  • Chief Financial Officer (CFO)

Frage 27

Frage
[blank_start]CSIRT senior analyst(s)[blank_end]: Personnel with [blank_start]extensive[blank_end] training and experience in incident response, digital forensics, network data examination
Antworten
  • CSIRT senior analyst(s)
  • Incident response coordinator
  • Security operations center analyst
  • CSIRT analyst(s):
  • extensive
  • minimal

Frage 28

Frage
CSIRT senior analyst(s):
Antworten
  • Often take part in training junior personnel
  • Engage with other CSIRT members to acquire and analyze evidence, direct containment activities, and assist other personnel with remediation
  • Has overall responsibility for the security of the organization's information.

Frage 29

Frage
[blank_start]CSIRT analyst(s)[blank_end]: Personnel with CSIRT responsibilities that have [blank_start]less[blank_end] exposure or experience in incident response activities
Antworten
  • CSIRT analyst(s)
  • Security operations center analyst
  • Legal
  • less
  • extensive

Frage 30

Frage
[blank_start]Security operations center analyst[blank_end]: Analysts assigned to the 24/7 Security Operations Center (SOC) [blank_start]monitoring[blank_end] capability; serve as the point person when it comes to incident [blank_start]detection[blank_end] and alerting.
Antworten
  • Security operations center analyst
  • CSIRT analyst(s)
  • Chief Information Security Officer (CISO
  • monitoring
  • reporting
  • detection
  • isolation

Frage 31

Frage
[blank_start]Organizational support personnel[blank_end]: Assist with a variety of [blank_start]non-technical[blank_end] issues that fall outside those that are addressed by the CSIRT core and technical support personnel.
Antworten
  • Organizational support personnel
  • Tech support personnel
  • IT security engineer(s) / analyst(s)
  • non-technical
  • technical

Frage 32

Frage
Organizational support personnel include:
Antworten
  • Legal
  • Engineering
  • Human Resources
  • Marketing / Communications
  • Transportation
  • Facilities
  • Corporate Security
  • Finance

Frage 33

Frage
Devoting time and resources to implement security controls that are irrelevant to the threats the organization is trying to mitigate.
Antworten
  • Mismatching Control to Threat
  • Alert Fatigue

Frage 34

Frage
Stage 2: [blank_start]Establish Foothold[blank_end] Cybercriminals implant [blank_start]malware[blank_end] that allows the creation of a network of [blank_start]backdoors[blank_end] and tunnels used to move around in systems [blank_start]undetected[blank_end]. The malware often employs techniques like rewriting code to help hackers [blank_start]cover[blank_end] their tracks.
Antworten
  • malware
  • anti virus
  • backdoors
  • hardening
  • undetected
  • detected
  • cover
  • expose
  • Establish Foothold
  • Gain Access
  • Move Laterally
  • Look, Learn, and Remain
  • Deepen Access

Frage 35

Frage
Stage 3: [blank_start]Deepen Access[blank_end] Once inside, hackers use techniques such as password cracking to gain access to [blank_start]administrator[blank_end] rights so they can control more of the system and get even [blank_start]greater[blank_end] levels of access.
Antworten
  • administrator
  • user
  • greater
  • lesser
  • Deepen Access
  • Move Laterally
  • Gain Access
  • Look, Learn, and Remain
  • Establish Foothold

Frage 36

Frage
Stage 4: [blank_start]Move Laterally[blank_end] Deeper inside the system with [blank_start]administrator[blank_end] rights, hackers can move around at will. They can also attempt to access other servers and other secure parts of the network.
Antworten
  • Move Laterally
  • Deepen Access
  • administrator
  • user
  • Establish Foothold
  • Gain Access
  • Look, Learn, and Remain

Frage 37

Frage
Stage 5: [blank_start]Look, Learn, and Remain[blank_end] From inside system, hackers understand how it works and its vulnerabilities Harvest the information they want at will. Hackers keep this process running indefinitely or withdraw once they accomplish a specific goal. They often leave a back door open to access the system again in the future.
Antworten
  • Look, Learn, and Remain
  • Move Laterally
  • Gain Access
  • Deepen Access
  • Establish Foothold
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

Orbital Mechanics
Luke Hansford
Software Processes
Nurul Aiman Abdu
Module 1: Introduction to Engineering Materials
Kyan Clay
Mathematics
rhiannonsian
AOCS - Attitude and orbit control systems
Luke Hansford
Ordinary Differential Equations
rhiannonsian
audio electronics
Lillian Mehler
Building Structures
Niat Habtemariam
communication system
Lillian Mehler
Advanced Propulsion
Luke Hansford