Question 1
Question
Ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access.
Answer
-
Confidentiality
-
Integrity
-
Availability
Question 2
Question
Ensuring that data have not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable.
Answer
-
Availability
-
Integrity
-
Confidentiality
Question 3
Question
Ensuring that authorized users have timely, reliable access to resources when they are needed - networks, systems, and applications are up and running.
Answer
-
Confidentiality
-
Integrity
-
Availability
Question 4
Question
Patch your systems regularly
Answer
-
Cyber hygiene
-
Non-repudiation
-
Data Integrity
Question 5
Question
Only installed signed software updates
Answer
-
Cyber hygiene
-
Non-repudiation
-
Data Integrity
Question 6
Question
Source code changes virtually undetectable
Answer
-
Cyber hygiene
-
Non-repudiation
-
Data Integrity
Question 7
Question
What is it Governance?
Answer
-
Policy
-
Regulations
-
Compliance
-
Oversight
-
Micro management
Question 8
Question
What is the role of the CISO?
Answer
-
Security Policy
-
Compliance
-
No sayer
-
Protect Corporate Secrets
-
Protect personal interest
-
Protect Information Assets
-
Business Enablement
Question 9
Question
The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.
Answer
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Question 10
Question
Requirement for multiple people to authenticate in order to perform certain administrative tasks.
Answer
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Question 11
Question
Separation of network into separate mini-networks/segments with distinct security boundaries and protection profiles to limit ability to “pivot” from entry point.
Answer
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Question 12
Question
A set of system resources that operate in the same security domain and that share the protection of a single, common, continuous security perimeter.
Answer
-
Least privilege
-
Two Person Integrity
-
Network Separation
-
Enclave
Question 13
Question
1-10-60 Challenge
To effectively combat sophisticated cyberthreats:
Answer
-
Detect intrusions in under one minute.
-
Investigate and understand threats in under 10 hours.
-
Contain and eliminate the adversary from the environment in under 60 minutes.
-
Detect intrusions in under one hour.
Question 14
Question
The time an attack goes undetected (i.e., the delta between intrusion and detection).
Question 15
Question
[blank_start]Advanced Persistent Threat (APT)[blank_end] attack uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a proloned period of time, with potentially destructive consequences.
Question 16
Question
Five Stages of an Evolving APT Attack
Answer
-
Gain Access
-
Establish a Foothold
-
Deepen Access
-
Move Laterally
-
Look, Learn, and Remain
-
Move Horizontally
-
Shallow Access
-
Detection
-
Remain calm then panic
Question 17
Question
Stage 1: [blank_start]Gain Access[blank_end]
Like a burglar forcing open a door with a crowbar, cybercriminals usually gain entry through a [blank_start]network[blank_end], an infected [blank_start]file[blank_end], junk email, or an app [blank_start]vulnerability[blank_end] to insert [blank_start]malware[blank_end] into a target network.
Answer
-
network
-
front door
-
file
-
router
-
vulnerability
-
hardening
-
malware
-
firewall
-
Gain Access
-
Look, Learn, and Remain
Question 18
Question
[blank_start]Functional Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets all functional requirements – [blank_start]Availability[blank_end] and [blank_start]Integrity[blank_end]
Answer
-
Functional Testing
-
Performance/Load Testing
-
Penetration Testing
-
Availability
-
Confidentiality
-
Integrity
-
Confidentiality
Question 19
Question
[blank_start]Performance/Load Testing[blank_end]: Test cases performed to confirm the system operates as it was designed/specified and meets performance requirements under a real or simulated load - [blank_start]Availability[blank_end]
Answer
-
Performance/Load Testing
-
Penetration Testing
-
Functional Testing
-
Availability
-
Confidentiality
Question 20
Question
[blank_start]Penetration Testing[blank_end]: Test cases performed to simulate intrusion by an intentional or unintentional cyber threat actor – Confidentiality and Availability (perhaps some Integrity)
Answer
-
Penetration Testing
-
Performance/Load Testing
-
Functional Testing
Question 21
Question
Identify the Incident Response in the MITRE Framework
Answer
-
Preparation
-
Post-Incident Activity
-
Containment
-
Detection
-
Eradication/Recovery
-
Eradication/Recovery1
-
Containment1
Question 22
Question
[blank_start]Preparation[blank_end]: Without good preparation, any subsequent incident response is going to be disorganized and has the potential to make the incident worse.
Answer
-
Preparation
-
Panic
-
Trainning
Question 23
Question
Preparation step include:
Answer
-
Create incident response plan
-
Train the team
-
Acquire tools
-
Prepping the environment for defense (hardening) and altering
-
Practice
-
Determine the root cause
-
Alter system configuration
Question 24
Question
[blank_start]Detection[blank_end]: Process where the organization first becomes aware of a set of events that possibly indicates malicious activity. Depending on the size, an org may receive >100 million events per day.
Answer
-
Detection
-
Preparation
-
Analysis
Question 25
Question
Detection sources can include:
[blank_start]Activity logs[blank_end]: A security analyst may receive an alert that a specific administrator account was in use during the time where the administrator was on vacation.
[blank_start]External sources[blank_end]: An ISP or law enforcement agency may detect malicious activity originating in an organization's network and contact them and advise them of the situation.
[blank_start]Internal users[blank_end]: An employee contacting the help desk and informing agent that services are no longer available, or files are suddenly encrypted
Answer
-
Activity logs
-
Retrospective
-
External sources
-
Internal users
-
Internal users
-
External sources
Question 26
Question
Incident response coordinator: Individual often has overall responsibility for the security of the organization's information; responsible for management of the CSIRT prior to, during, and after an incident
Answer
-
Chief Security Officer (CSO)
-
Information Security Officer (ISO)
-
Chief Information Security Officer (CISO)
-
Chief Executive Officer (CEO)
-
Chief Financial Officer (CFO)
Question 27
Question
[blank_start]CSIRT senior analyst(s)[blank_end]: Personnel with [blank_start]extensive[blank_end] training and experience in incident response, digital forensics, network data examination
Question 28
Question
CSIRT senior analyst(s):
Answer
-
Often take part in training junior personnel
-
Engage with other CSIRT members to acquire and analyze evidence, direct containment activities, and assist other personnel with remediation
-
Has overall responsibility for the security of the organization's information.
Question 29
Question
[blank_start]CSIRT analyst(s)[blank_end]: Personnel with CSIRT responsibilities that have [blank_start]less[blank_end] exposure or experience in incident response activities
Question 30
Question
[blank_start]Security operations center analyst[blank_end]: Analysts assigned to the 24/7 Security Operations Center (SOC) [blank_start]monitoring[blank_end] capability; serve as the point person when it comes to incident [blank_start]detection[blank_end] and alerting.
Question 31
Question
[blank_start]Organizational support personnel[blank_end]: Assist with a variety of [blank_start]non-technical[blank_end] issues that fall outside those that are addressed by the CSIRT core and technical support personnel.
Question 32
Question
Organizational support personnel include:
Question 33
Question
Devoting time and resources to implement security controls that are irrelevant to the threats the organization is trying to mitigate.
Question 34
Question
Stage 2: [blank_start]Establish Foothold[blank_end]
Cybercriminals implant [blank_start]malware[blank_end] that allows the creation of a network of [blank_start]backdoors[blank_end] and tunnels used to move around in systems [blank_start]undetected[blank_end].
The malware often employs techniques like rewriting code to help hackers [blank_start]cover[blank_end] their tracks.
Answer
-
malware
-
anti virus
-
backdoors
-
hardening
-
undetected
-
detected
-
cover
-
expose
-
Establish Foothold
-
Gain Access
-
Move Laterally
-
Look, Learn, and Remain
-
Deepen Access
Question 35
Question
Stage 3: [blank_start]Deepen Access[blank_end]
Once inside, hackers use techniques such as password cracking to gain access to [blank_start]administrator[blank_end] rights so they can control more of the system and get even [blank_start]greater[blank_end] levels of access.
Answer
-
administrator
-
user
-
greater
-
lesser
-
Deepen Access
-
Move Laterally
-
Gain Access
-
Look, Learn, and Remain
-
Establish Foothold
Question 36
Question
Stage 4: [blank_start]Move Laterally[blank_end]
Deeper inside the system with [blank_start]administrator[blank_end] rights, hackers can move around at will. They can also attempt to access other servers and other secure parts of the network.
Answer
-
Move Laterally
-
Deepen Access
-
administrator
-
user
-
Establish Foothold
-
Gain Access
-
Look, Learn, and Remain
Question 37
Question
Stage 5: [blank_start]Look, Learn, and Remain[blank_end]
From inside system, hackers understand how it works and its vulnerabilities
Harvest the information they want at will.
Hackers keep this process running indefinitely or withdraw once they accomplish a specific goal.
They often leave a back door open to access the system again in the future.
Answer
-
Look, Learn, and Remain
-
Move Laterally
-
Gain Access
-
Deepen Access
-
Establish Foothold