ECE 6015 Digital Forensic Mid Term Study Quiz Chapter 1

Description

This is quiz for midterm
Marjorie Blanco
Quiz by Marjorie Blanco, updated more than 1 year ago
Marjorie Blanco
Created by Marjorie Blanco about 3 years ago
19
0

Resource summary

Question 1

Question
Ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access.
Answer
  • Confidentiality
  • Integrity
  • Availability

Question 2

Question
Ensuring that data have not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable.
Answer
  • Availability
  • Integrity
  • Confidentiality

Question 3

Question
Ensuring that authorized users have timely, reliable access to resources when they are needed - networks, systems, and applications are up and running.
Answer
  • Confidentiality
  • Integrity
  • Availability

Question 4

Question
Patch your systems regularly
Answer
  • Cyber hygiene
  • Non-repudiation
  • Data Integrity

Question 5

Question
Only installed signed software updates
Answer
  • Cyber hygiene
  • Non-repudiation
  • Data Integrity

Question 6

Question
Source code changes virtually undetectable
Answer
  • Cyber hygiene
  • Non-repudiation
  • Data Integrity

Question 7

Question
What is it Governance?
Answer
  • Policy
  • Regulations
  • Compliance
  • Oversight
  • Micro management

Question 8

Question
What is the role of the CISO?
Answer
  • Security Policy
  • Compliance
  • No sayer
  • Protect Corporate Secrets
  • Protect personal interest
  • Protect Information Assets
  • Business Enablement

Question 9

Question
The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.
Answer
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Question 10

Question
Requirement for multiple people to authenticate in order to perform certain administrative tasks.
Answer
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Question 11

Question
Separation of network into separate mini-networks/segments with distinct security boundaries and protection profiles to limit ability to “pivot” from entry point.
Answer
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Question 12

Question
A set of system resources that operate in the same security domain and that share the protection of a single, common, continuous security perimeter.
Answer
  • Least privilege
  • Two Person Integrity
  • Network Separation
  • Enclave

Question 13

Question
1-10-60 Challenge To effectively combat sophisticated cyberthreats:
Answer
  • Detect intrusions in under one minute.
  • Investigate and understand threats in under 10 hours.
  • Contain and eliminate the adversary from the environment in under 60 minutes.
  • Detect intrusions in under one hour.

Question 14

Question
The time an attack goes undetected (i.e., the delta between intrusion and detection).
Answer
  • Dwell Time
  • Advanced Persistent Threat

Question 15

Question
[blank_start]Advanced Persistent Threat (APT)[blank_end] attack uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a proloned period of time, with potentially destructive consequences.
Answer
  • Advanced Persistent Threat (APT)
  • Gain Access
  • 1-10-60 Challenge

Question 16

Question
Five Stages of an Evolving APT Attack
Answer
  • Gain Access
  • Establish a Foothold
  • Deepen Access
  • Move Laterally
  • Look, Learn, and Remain
  • Move Horizontally
  • Shallow Access
  • Detection
  • Remain calm then panic

Question 17

Question
Stage 1: [blank_start]Gain Access[blank_end] Like a burglar forcing open a door with a crowbar, cybercriminals usually gain entry through a [blank_start]network[blank_end], an infected [blank_start]file[blank_end], junk email, or an app [blank_start]vulnerability[blank_end] to insert [blank_start]malware[blank_end] into a target network.
Answer
  • network
  • front door
  • file
  • router
  • vulnerability
  • hardening
  • malware
  • firewall
  • Gain Access
  • Look, Learn, and Remain

Question 18

Question
[blank_start]Functional Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets all functional requirements – [blank_start]Availability[blank_end] and [blank_start]Integrity[blank_end]
Answer
  • Functional Testing
  • Performance/Load Testing
  • Penetration Testing
  • Availability
  • Confidentiality
  • Integrity
  • Confidentiality

Question 19

Question
[blank_start]Performance/Load Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets performance requirements under a real or simulated load - [blank_start]Availability[blank_end]
Answer
  • Performance/Load Testing
  • Penetration Testing
  • Functional Testing
  • Availability
  • Confidentiality

Question 20

Question
[blank_start]Penetration Testing[blank_end]: Test cases performed to simulate intrusion by an intentional or unintentional cyber threat actor – Confidentiality and Availability (perhaps some Integrity)
Answer
  • Penetration Testing
  • Performance/Load Testing
  • Functional Testing

Question 21

Question
Identify the Incident Response in the MITRE Framework
Answer
  • Preparation
  • Post-Incident Activity
  • Containment
  • Detection
  • Eradication/Recovery
  • Eradication/Recovery1
  • Containment1

Question 22

Question
[blank_start]Preparation[blank_end]: Without good preparation, any subsequent incident response is going to be disorganized and has the potential to make the incident worse.
Answer
  • Preparation
  • Panic
  • Trainning

Question 23

Question
Preparation step include:
Answer
  • Create incident response plan
  • Train the team
  • Acquire tools
  • Prepping the environment for defense (hardening) and altering
  • Practice
  • Determine the root cause
  • Alter system configuration

Question 24

Question
[blank_start]Detection[blank_end]: Process where the organization first becomes aware of a set of events that possibly indicates malicious activity. Depending on the size, an org may receive >100 million events per day.
Answer
  • Detection
  • Preparation
  • Analysis

Question 25

Question
Detection sources can include: [blank_start]Activity logs[blank_end]: A security analyst may receive an alert that a specific administrator account was in use during the time where the administrator was on vacation. [blank_start]External sources[blank_end]: An ISP or law enforcement agency may detect malicious activity originating in an organization's network and contact them and advise them of the situation. [blank_start]Internal users[blank_end]: An employee contacting the help desk and informing agent that services are no longer available, or files are suddenly encrypted
Answer
  • Activity logs
  • Retrospective
  • External sources
  • Internal users
  • Internal users
  • External sources

Question 26

Question
Incident response coordinator: Individual often has overall responsibility for the security of the organization's information; responsible for management of the CSIRT prior to, during, and after an incident
Answer
  • Chief Security Officer (CSO)
  • Information Security Officer (ISO)
  • Chief Information Security Officer (CISO)
  • Chief Executive Officer (CEO)
  • Chief Financial Officer (CFO)

Question 27

Question
[blank_start]CSIRT senior analyst(s)[blank_end]: Personnel with [blank_start]extensive[blank_end] training and experience in incident response, digital forensics, network data examination
Answer
  • CSIRT senior analyst(s)
  • Incident response coordinator
  • Security operations center analyst
  • CSIRT analyst(s):
  • extensive
  • minimal

Question 28

Question
CSIRT senior analyst(s):
Answer
  • Often take part in training junior personnel
  • Engage with other CSIRT members to acquire and analyze evidence, direct containment activities, and assist other personnel with remediation
  • Has overall responsibility for the security of the organization's information.

Question 29

Question
[blank_start]CSIRT analyst(s)[blank_end]: Personnel with CSIRT responsibilities that have [blank_start]less[blank_end] exposure or experience in incident response activities
Answer
  • CSIRT analyst(s)
  • Security operations center analyst
  • Legal
  • less
  • extensive

Question 30

Question
[blank_start]Security operations center analyst[blank_end]: Analysts assigned to the 24/7 Security Operations Center (SOC) [blank_start]monitoring[blank_end] capability; serve as the point person when it comes to incident [blank_start]detection[blank_end] and alerting.
Answer
  • Security operations center analyst
  • CSIRT analyst(s)
  • Chief Information Security Officer (CISO
  • monitoring
  • reporting
  • detection
  • isolation

Question 31

Question
[blank_start]Organizational support personnel[blank_end]: Assist with a variety of [blank_start]non-technical[blank_end] issues that fall outside those that are addressed by the CSIRT core and technical support personnel.
Answer
  • Organizational support personnel
  • Tech support personnel
  • IT security engineer(s) / analyst(s)
  • non-technical
  • technical

Question 32

Question
Organizational support personnel include:
Answer
  • Legal
  • Engineering
  • Human Resources
  • Marketing / Communications
  • Transportation
  • Facilities
  • Corporate Security
  • Finance

Question 33

Question
Devoting time and resources to implement security controls that are irrelevant to the threats the organization is trying to mitigate.
Answer
  • Mismatching Control to Threat
  • Alert Fatigue

Question 34

Question
Stage 2: [blank_start]Establish Foothold[blank_end] Cybercriminals implant [blank_start]malware[blank_end] that allows the creation of a network of [blank_start]backdoors[blank_end] and tunnels used to move around in systems [blank_start]undetected[blank_end]. The malware often employs techniques like rewriting code to help hackers [blank_start]cover[blank_end] their tracks.
Answer
  • malware
  • anti virus
  • backdoors
  • hardening
  • undetected
  • detected
  • cover
  • expose
  • Establish Foothold
  • Gain Access
  • Move Laterally
  • Look, Learn, and Remain
  • Deepen Access

Question 35

Question
Stage 3: [blank_start]Deepen Access[blank_end] Once inside, hackers use techniques such as password cracking to gain access to [blank_start]administrator[blank_end] rights so they can control more of the system and get even [blank_start]greater[blank_end] levels of access.
Answer
  • administrator
  • user
  • greater
  • lesser
  • Deepen Access
  • Move Laterally
  • Gain Access
  • Look, Learn, and Remain
  • Establish Foothold

Question 36

Question
Stage 4: [blank_start]Move Laterally[blank_end] Deeper inside the system with [blank_start]administrator[blank_end] rights, hackers can move around at will. They can also attempt to access other servers and other secure parts of the network.
Answer
  • Move Laterally
  • Deepen Access
  • administrator
  • user
  • Establish Foothold
  • Gain Access
  • Look, Learn, and Remain

Question 37

Question
Stage 5: [blank_start]Look, Learn, and Remain[blank_end] From inside system, hackers understand how it works and its vulnerabilities Harvest the information they want at will. Hackers keep this process running indefinitely or withdraw once they accomplish a specific goal. They often leave a back door open to access the system again in the future.
Answer
  • Look, Learn, and Remain
  • Move Laterally
  • Gain Access
  • Deepen Access
  • Establish Foothold
Show full summary Hide full summary

Similar

Orbital Mechanics
Luke Hansford
Software Processes
Nurul Aiman Abdu
Module 1: Introduction to Engineering Materials
Kyan Clay
Mathematics
rhiannonsian
AOCS - Attitude and orbit control systems
Luke Hansford
Ordinary Differential Equations
rhiannonsian
audio electronics
Lillian Mehler
Building Structures
Niat Habtemariam
communication system
Lillian Mehler
Advanced Propulsion
Luke Hansford