Frage 1
Frage
Ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access.
Antworten
-
Confidentiality
-
Integrity
-
Availability
Frage 2
Frage
Ensuring that data have not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable.
Antworten
-
Availability
-
Integrity
-
Confidentiality
Frage 3
Frage
Ensuring that authorized users have timely, reliable access to resources when they are needed - networks, systems, and applications are up and running.
Antworten
-
Confidentiality
-
Integrity
-
Availability
Frage 4
Frage
Patch your systems regularly
Antworten
-
Cyber hygiene
-
Non-repudiation
-
Data Integrity
Frage 5
Frage
Only installed signed software updates
Antworten
-
Cyber hygiene
-
Non-repudiation
-
Data Integrity
Frage 6
Frage
Source code changes virtually undetectable
Antworten
-
Cyber hygiene
-
Non-repudiation
-
Data Integrity
Frage 7
Frage
What is it Governance?
Antworten
-
Policy
-
Regulations
-
Compliance
-
Oversight
-
Micro management
Frage 8
Frage
What is the role of the CISO?
Antworten
-
Security Policy
-
Compliance
-
No sayer
-
Protect Corporate Secrets
-
Protect personal interest
-
Protect Information Assets
-
Business Enablement
Frage 9
Frage
The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.
Antworten
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Frage 10
Frage
Requirement for multiple people to authenticate in order to perform certain administrative tasks.
Antworten
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Frage 11
Frage
Separation of network into separate mini-networks/segments with distinct security boundaries and protection profiles to limit ability to “pivot” from entry point.
Antworten
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Frage 12
Frage
A set of system resources that operate in the same security domain and that share the protection of a single, common, continuous security perimeter.
Antworten
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Frage 13
Frage
1-10-60 Challenge
To effectively combat sophisticated cyberthreats:
Antworten
-
Detect intrusions in under one minute.
-
Investigate and understand threats in under 10 hours.
-
Contain and eliminate the adversary from the environment in under 60 minutes.
-
Detect intrusions in under one hour.
Frage 14
Frage
The time an attack goes undetected (i.e., the delta between intrusion and detection).
Frage 15
Frage
[blank_start]Advanced Persistent Threat (APT)[blank_end] attack uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a proloned period of time, with potentially destructive consequences.
Frage 16
Frage
Five Stages of an Evolving APT Attack
Antworten
-
Gain Access
-
Establish a Foothold
-
Deepen Access
-
Move Laterally
-
Look, Learn, and Remain
-
Move Horizontally
-
Shallow Access
-
Detection
-
Remain calm then panic
Frage 17
Frage
Stage 1: [blank_start]Gain Access[blank_end]
Like a burglar forcing open a door with a crowbar, cybercriminals usually gain entry through a [blank_start]network[blank_end], an infected [blank_start]file[blank_end], junk email, or an app [blank_start]vulnerability[blank_end] to insert [blank_start]malware[blank_end] into a target network.
Antworten
-
network
-
front door
-
file
-
router
-
vulnerability
-
hardening
-
malware
-
firewall
-
Gain Access
-
Look, Learn, and Remain
Frage 18
Frage
[blank_start]Functional Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets all functional requirements – [blank_start]Availability[blank_end] and [blank_start]Integrity[blank_end]
Antworten
-
Functional Testing
-
Performance/Load Testing
-
Penetration Testing
-
Availability
-
Confidentiality
-
Integrity
-
Confidentiality
Frage 19
Frage
[blank_start]Performance/Load Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets performance requirements under a real or simulated load - [blank_start]Availability[blank_end]
Antworten
-
Performance/Load Testing
-
Penetration Testing
-
Functional Testing
-
Availability
-
Confidentiality
Frage 20
Frage
[blank_start]Penetration Testing[blank_end]: Test cases performed to simulate intrusion by an intentional or unintentional cyber threat actor – Confidentiality and Availability (perhaps some Integrity)
Antworten
-
Penetration Testing
-
Performance/Load Testing
-
Functional Testing
Frage 21
Frage
Identify the Incident Response in the MITRE Framework
Antworten
-
Preparation
-
Post-Incident Activity
-
Containment
-
Detection
-
Eradication/Recovery
-
Eradication/Recovery1
-
Containment1
Frage 22
Frage
[blank_start]Preparation[blank_end]: Without good preparation, any subsequent incident response is going to be disorganized and has the potential to make the incident worse.
Antworten
-
Preparation
-
Panic
-
Trainning
Frage 23
Frage
Preparation step include:
Antworten
-
Create incident response plan
-
Train the team
-
Acquire tools
-
Prepping the environment for defense (hardening) and altering
-
Practice
-
Determine the root cause
-
Alter system configuration
Frage 24
Frage
[blank_start]Detection[blank_end]: Process where the organization first becomes aware of a set of events that possibly indicates malicious activity. Depending on the size, an org may receive >100 million events per day.
Antworten
-
Detection
-
Preparation
-
Analysis
Frage 25
Frage
Detection sources can include:
[blank_start]Activity logs[blank_end]: A security analyst may receive an alert that a specific administrator account was in use during the time where the administrator was on vacation.
[blank_start]External sources[blank_end]: An ISP or law enforcement agency may detect malicious activity originating in an organization's network and contact them and advise them of the situation.
[blank_start]Internal users[blank_end]: An employee contacting the help desk and informing agent that services are no longer available, or files are suddenly encrypted
Antworten
-
Activity logs
-
Retrospective
-
External sources
-
Internal users
-
Internal users
-
External sources
Frage 26
Frage
Incident response coordinator: Individual often has overall responsibility for the security of the organization's information; responsible for management of the CSIRT prior to, during, and after an incident
Antworten
-
Chief Security Officer (CSO)
-
Information Security Officer (ISO)
-
Chief Information Security Officer (CISO)
-
Chief Executive Officer (CEO)
-
Chief Financial Officer (CFO)
Frage 27
Frage
[blank_start]CSIRT senior analyst(s)[blank_end]: Personnel with [blank_start]extensive[blank_end] training and experience in incident response, digital forensics, network data examination
Frage 28
Frage
CSIRT senior analyst(s):
Antworten
-
Often take part in training junior personnel
-
Engage with other CSIRT members to acquire and analyze evidence, direct containment activities, and assist other personnel with remediation
-
Has overall responsibility for the security of the organization's information.
Frage 29
Frage
[blank_start]CSIRT analyst(s)[blank_end]: Personnel with CSIRT responsibilities that have [blank_start]less[blank_end] exposure or experience in incident response activities
Frage 30
Frage
[blank_start]Security operations center analyst[blank_end]: Analysts assigned to the 24/7 Security Operations Center (SOC) [blank_start]monitoring[blank_end] capability; serve as the point person when it comes to incident [blank_start]detection[blank_end] and alerting.
Frage 31
Frage
[blank_start]Organizational support personnel[blank_end]: Assist with a variety of [blank_start]non-technical[blank_end] issues that fall outside those that are addressed by the CSIRT core and technical support personnel.
Frage 32
Frage
Organizational support personnel include:
Frage 33
Frage
Devoting time and resources to implement security controls that are irrelevant to the threats the organization is trying to mitigate.
Frage 34
Frage
Stage 2: [blank_start]Establish Foothold[blank_end]
Cybercriminals implant [blank_start]malware[blank_end] that allows the creation of a network of [blank_start]backdoors[blank_end] and tunnels used to move around in systems [blank_start]undetected[blank_end].
The malware often employs techniques like rewriting code to help hackers [blank_start]cover[blank_end] their tracks.
Antworten
-
malware
-
anti virus
-
backdoors
-
hardening
-
undetected
-
detected
-
cover
-
expose
-
Establish Foothold
-
Gain Access
-
Move Laterally
-
Look, Learn, and Remain
-
Deepen Access
Frage 35
Frage
Stage 3: [blank_start]Deepen Access[blank_end]
Once inside, hackers use techniques such as password cracking to gain access to [blank_start]administrator[blank_end] rights so they can control more of the system and get even [blank_start]greater[blank_end] levels of access.
Antworten
-
administrator
-
user
-
greater
-
lesser
-
Deepen Access
-
Move Laterally
-
Gain Access
-
Look, Learn, and Remain
-
Establish Foothold
Frage 36
Frage
Stage 4: [blank_start]Move Laterally[blank_end]
Deeper inside the system with [blank_start]administrator[blank_end] rights, hackers can move around at will. They can also attempt to access other servers and other secure parts of the network.
Antworten
-
Move Laterally
-
Deepen Access
-
administrator
-
user
-
Establish Foothold
-
Gain Access
-
Look, Learn, and Remain
Frage 37
Frage
Stage 5: [blank_start]Look, Learn, and Remain[blank_end]
From inside system, hackers understand how it works and its vulnerabilities
Harvest the information they want at will.
Hackers keep this process running indefinitely or withdraw once they accomplish a specific goal.
They often leave a back door open to access the system again in the future.
Antworten
-
Look, Learn, and Remain
-
Move Laterally
-
Gain Access
-
Deepen Access
-
Establish Foothold