Fundamentals of Information Security [State Exam | Part 2 + 23 new questions]

Descripción

Advanced (State Exam) Fundamentals of Information Security [Teachers: Abdulanova Altynay, Sagymbekova Azhar; STATE EXAM] ▼ Test sobre Fundamentals of Information Security [State Exam | Part 2 + 23 new questions], creado por Good Guy Beket el 26/03/2019.
Good Guy Beket
Test por Good Guy Beket, actualizado hace más de 1 año
Good Guy Beket
Creado por Good Guy Beket hace más de 5 años
879
15

Resumen del Recurso

Pregunta 1

Pregunta
What are two methods to maintain certificate revocation status? (Choose two.)
Respuesta
  • subordinate CA
  • OCSP
  • DNS
  • LDAP
  • CRL

Pregunta 2

Pregunta
The following message was encrypted using a Caesar cipher with a key of 2: fghgpf vjg ecuvng What is the plaintext message?
Respuesta
  • invade the castle
  • defend the castle
  • defend the region
  • invade the region

Pregunta 3

Pregunta
What is the purpose of a digital certificate?
Respuesta
  • It ensures that the person who is gaining access to a network device is authorized.
  • It provides proof that data has a traditional signature attached.
  • It guarantees that a website has not been hacked.
  • It authenticates a website and establishes a secure connection to exchange confidential data

Pregunta 4

Pregunta
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
Respuesta
  • data integrity
  • non-repudiation
  • origin authentication
  • data confidentiality

Pregunta 5

Pregunta
In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location?
Respuesta
  • intrusion detection and prevention
  • anti-phishing
  • telemetry
  • safe browsing

Pregunta 6

Pregunta
On a Windows host, which tool can be used to create and maintain blacklists and whitelists?
Respuesta
  • Group Policy Editor
  • Local Users and Groups
  • Computer Management
  • Task Manager

Pregunta 7

Pregunta
Which statement describes agentless antivirus protection?
Respuesta
  • Host-based antivirus systems provide agentless antivirus protection.
  • The antivirus protection is provided by the router that is connected to a cloud service.
  • The antivirus protection is provided by the ISP.
  • Antivirus scans are performed on hosts from a centralized system.

Pregunta 8

Pregunta
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
Respuesta
  • risk avoidance
  • risk retention
  • risk reduction
  • risk sharing

Pregunta 9

Pregunta
In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?
Respuesta
  • risk reduction
  • risk avoidance
  • risk retention
  • risk sharing

Pregunta 10

Pregunta
What is a host-based intrusion detection system (HIDS)?
Respuesta
  • It identifies potential attacks and sends alerts but does not stop the traffic.
  • It detects and stops potential direct attacks but does not scan for malware.
  • It is an agentless system that scans files on a host for potential malware.
  • It combines the functionalities of antimalware applications with firewall protection.

Pregunta 11

Pregunta
What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file?
Respuesta
  • behavior-based
  • agent-based
  • signature-based
  • heuristic-based

Pregunta 12

Pregunta
Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks?
Respuesta
  • firewall
  • workstation
  • server
  • switch

Pregunta 13

Pregunta
Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component?
Respuesta
  • user interaction
  • attack vector
  • attack complexity
  • privileges required

Pregunta 14

Pregunta
In addressing an identified risk, which strategy aims to stop performing the activities that create risk?
Respuesta
  • risk reduction
  • risk avoidance
  • risk retention
  • risk sharing

Pregunta 15

Pregunta
Which statement describes the term iptables?
Respuesta
  • It is a file used by a DHCP server to store current active IP addresses.
  • It is a DHCP application in Windows.
  • It is a DNS daemon in Linux.
  • It is a rule-based firewall application in Linux.

Pregunta 16

Pregunta
For network systems, which management system addresses the inventory and control of hardware and software configurations?
Respuesta
  • asset management
  • vulnerability management
  • risk management
  • configuration management

Pregunta 17

Pregunta
Which statement describes the anomaly-based intrusion detection approach?
Respuesta
  • It compares the signatures of incoming traffic to a known intrusion database.
  • It compares the antivirus definition file to a cloud based repository for latest updates.
  • It compares the operations of a host against a well-defined security policy.
  • It compares the behavior of a host to an established baseline to identify potential intrusions.

Pregunta 18

Pregunta
What is the first step taken in risk assessment?
Respuesta
  • Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
  • Establish a baseline to indicate risk before security controls are implemented.
  • Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness.
  • Perform audits to verify threats are eliminated.

Pregunta 19

Pregunta
Which statement describes the threat-vulnerability (T-V) pairing?
Respuesta
  • It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
  • It is the comparison between known malware and system risks.
  • It is the detection of malware against a central vulnerability research center.
  • It is the advisory notice from a vulnerability research center.

Pregunta 20

Pregunta
Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites?
Respuesta
  • whitelisting
  • HIDS
  • blacklisting
  • baselining

Pregunta 21

Pregunta
Which statement describes the use of a Network Admission Control (NAC) solution?
Respuesta
  • It provides network access to only authorized and compliant systems.
  • A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint.
  • It provides endpoint protection from viruses and malware.
  • It provides filtering and blacklisting of websites being accessed by end users.

Pregunta 22

Pregunta
Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?
Respuesta
  • heuristics-based
  • packet-based
  • behavior-based
  • signature-based

Pregunta 23

Pregunta
Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information?
Respuesta
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Federal Information Security Management Act of 2002 (FISMA)
  • Sarbanes-Oxley Act of 2002 (SOX)

Pregunta 24

Pregunta
Which statement describes the term attack surface?
Respuesta
  • It is the total sum of vulnerabilities in a system that is accessible to an attacker.
  • It is the group of hosts that experiences the same attack.
  • It is the network interface where attacks originate.
  • It is the total number of attacks toward an organization within a day.

Pregunta 25

Pregunta
Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification?
Respuesta
  • assess
  • discover
  • verify
  • prioritize assets

Pregunta 26

Pregunta
When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
Respuesta
  • session duration
  • critical asset address space
  • ports used
  • total throughput

Pregunta 27

Pregunta
Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.)
Respuesta
  • Modified Base
  • Confidentiality Requirement
  • Exploit Code Maturity
  • Exploitability
  • Impact metrics

Pregunta 28

Pregunta
In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?
Respuesta
  • risk analysis
  • penetration testing
  • vulnerability assessment
  • strength of network security testing

Pregunta 29

Pregunta
Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two)
Respuesta
  • scope
  • attack complexity
  • user interaction
  • attack vector
  • privileges required

Pregunta 30

Pregunta
Which statement describes the Cisco Threat Grid Glovebox?
Respuesta
  • It is a network-based IDS/IPS.
  • It is a firewall appliance.
  • It is a host-based intrusion detection system (HIDS) solution to fight against malware
  • It is a sandbox product for analyzing malware behaviors.

Pregunta 31

Pregunta
How does using HTTPS complicate network security monitoring?
Respuesta
  • HTTPS cannot protect visitors to a company-provided web site.
  • HTTPS can be used to infiltrate DNS queries.
  • Web browser traffic is directed to infected servers.
  • HTTPS adds complexity to captured packets.

Pregunta 32

Pregunta
Which protocol is used to send e-mail messages between two servers that are in different e-mail domains?
Respuesta
  • POP3
  • SMTP
  • HTTP
  • IMAP4

Pregunta 33

Pregunta
What are two ways that ICMP can be a security threat to a company? (Choose two.)
Respuesta
  • by collecting information about a network
  • by corrupting network IP data packets
  • by providing a conduit for DoS attacks
  • by corrupting data between email servers and email recipients
  • by the infiltration of web pages

Pregunta 34

Pregunta
Which function is provided by the Sguil application?
Respuesta
  • It makes Snort-generated alerts readable and searchable.
  • It detects potential network intrusions.
  • It reports conversations between hosts on the network.
  • It prevents malware from attacking a host.

Pregunta 35

Pregunta
Which two options are network security monitoring approaches that use advanced analytic techniques to analyze network telemetry data? (Choose two.)
Respuesta
  • NetFlow
  • Snorby
  • NBAD
  • NBA
  • IPFIX
  • Sguil

Pregunta 36

Pregunta
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. Which two methods does Linux use to log data in order to identify a security event? (Choose two.)
Respuesta
  • Apache access logs
  • Event Viewer
  • NetFlow
  • SPAN
  • syslog

Pregunta 37

Pregunta
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. What is a daemon?
Respuesta
  • a background process that runs without the need for user interaction
  • a record to keep track of important events
  • a type of security attack
  • an application that monitors and analyzes suspicious activity

Pregunta 38

Pregunta
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. Because the company uses discretionary access control (DAC) for user file management, what feature would need to be supported on the server?
Respuesta
  • access based on security clearance held
  • principle of least privilege
  • role-based access control
  • user-based data access control

Pregunta 39

Pregunta
A system administrator has recommended to the CIO a move of some applications from a Windows server to a Linux server. The proposed server will use ext4 partitions and serve as a web server, file server, and print server. The CIO is considering the recommendation, but has some questions regarding security. What are two benefits of using an ext4 partition instead of ext3? (Choose two.)
Respuesta
  • compatibility with CDFS
  • compatibility with NTFS
  • decreased load time
  • improved performance
  • an increase in the number of supported devices
  • increase in the size of supported files

Pregunta 40

Pregunta
How can IMAP be a security threat to a company?
Respuesta
  • It can be used to encode stolen data and send to a threat actor.
  • An email can be used to bring malware to a host.
  • Encrypted data is decrypted.
  • Someone inadvertently clicks on a hidden iFrame.

Pregunta 41

Pregunta
A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?
Respuesta
  • Open the Task Manager, right-click on the lsass process and choose End Task.
  • Uninstall the lsass application because it is a legacy application and no longer required by Windows.
  • Move it to Program Files (x86) because it is a 32bit application.
  • Delete the file because it is probably malware.

Pregunta 42

Pregunta
How does a web proxy device provide data loss prevention (DLP) for an enterprise?
Respuesta
  • by checking the reputation of external web servers
  • by functioning as a firewall
  • by inspecting incoming traffic for potential exploits
  • by scanning and logging outgoing traffic

Pregunta 43

Pregunta
A system analyst is reviewing syslog messages and notices that the PRI value of a message is 26. What is the severity value of the message?
Respuesta
  • 1
  • 2
  • 3
  • 6

Pregunta 44

Pregunta
Which statement describes session data in security logs?
Respuesta
  • It is a record of a conversation between network hosts.
  • It can be used to describe or predict network behavior.
  • It reports detailed network activities between network hosts.
  • It shows the result of network sessions.

Pregunta 45

Pregunta
In a Cisco AVC system, in which module is NetFlow deployed?
Respuesta
  • Management and Reporting
  • Metrics Collection
  • Control
  • Application Recognition

Pregunta 46

Pregunta
What port number would be used if a threat actor was using NTP to direct DDoS attacks?
Respuesta
  • 443
  • 25
  • 69
  • 123

Pregunta 47

Pregunta
Which information can be provided by the Cisco NetFlow utility?
Respuesta
  • IDS and IPS capabilities
  • security and user account restrictions
  • peak usage times and traffic routing
  • source and destination UDP port mapping

Pregunta 48

Pregunta
What is Tor?
Respuesta
  • a type of Instant Messaging (IM) software used on the darknet
  • a way to share processors between network devices across the Internet
  • a rule created in order to match a signature of a known exploit
  • a software platform and network of P2P hosts that function as Internet routers

Pregunta 49

Pregunta
Which statement describes statistical data in network security monitoring processes?
Respuesta
  • It shows the results of network activities between network hosts.
  • It contains conversations between network hosts.
  • It is created through an analysis of other forms of network data.
  • It lists each alert message along with statistical information.

Pregunta 50

Pregunta
Refer to the exhibit. A network administrator is reviewing an Apache access log message. What is the status of the access request by the client?
Respuesta
  • The request was unsuccessful because of server errors.
  • The request was fulfilled successfully.
  • The request was redirected to another web server.
  • The request was unsuccessful because of client errors.

Pregunta 51

Pregunta
How might corporate IT professionals deal with DNS-based cyber threats?
Respuesta
  • Monitor DNS proxy server logs and look for unusual DNS queries.
  • Use IPS/IDS devices to scan internal corporate traffic.
  • Limit the number of simultaneously opened browsers or browser tabs.
  • Limit the number of DNS queries permitted within the organization.

Pregunta 52

Pregunta
Refer to the exhibit. A junior network engineer is handed a print-out of the network information shown. Which protocol or service originated the information shown in the graphic?
Respuesta
  • NetFlow
  • TACACS+
  • RADIUS
  • Syslog

Pregunta 53

Pregunta
Which technology is used in Cisco Next-Generation IPS devices to consolidate multiple security layers into a single platform?
Respuesta
  • FirePOWER
  • WinGate
  • Apache Traffic Server
  • Squid

Pregunta 54

Pregunta
Refer to the exhibit. How is the traffic from the client web browser being altered when connected to the destination website of www.cisco.com?
Respuesta
  • Traffic is sent in plain-text by the user machine and is encrypted by the TOR node in France and decrypted by the TOR node in Germany.
  • Traffic is encrypted by the user machine and sent directly to the cisco.com server to be decrypted.
  • Traffic is encrypted by the user machine, and the TOR network only routes the traffic through France, Canada, Germany, and delivers it to cisco.com.
  • Traffic is encrypted by the user machine, and the TOR network encrypts next-hop information on a hop-by-hop basis.

Pregunta 55

Pregunta
Which Windows log contains information about installations of software, including Windows updates?
Respuesta
  • setup logs
  • application logs
  • system logs
  • security logs

Pregunta 56

Pregunta
Which Windows log records events related to login attempts and operations related to file or object access?
Respuesta
  • setup logs
  • security logs
  • application logs
  • system logs

Pregunta 57

Pregunta
What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?
Respuesta
  • The timestamp represents the round trip duration value.
  • The syslog message indicates the time an email is received.
  • There is a problem associated with NTP.
  • The syslog message should be treated with high priority.

Pregunta 58

Pregunta
Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server? (Choose two.)
Respuesta
  • HTTPS
  • DHCP
  • HTML
  • DNS
  • HTTP

Pregunta 59

Pregunta
Which protocol is a name resolution protocol often used by malware to communicate with command-and-control (CnC) servers?
Respuesta
  • IMAP
  • HTTPS
  • DNS
  • ICMP

Pregunta 60

Pregunta
How is the hash value of files useful in network security investigations?
Respuesta
  • It helps identify malware signatures
  • It is used to decode files
  • It verifies confidentiality of files
  • It is used as a key for encryption

Pregunta 61

Pregunta
Which tool is a Security Onion integrated host-based intrusion detection system?
Respuesta
  • OSSEC
  • Sguil
  • ELSA
  • Snort

Pregunta 62

Pregunta
Which type of evidence supports an assertion based on previously obtained evidence?
Respuesta
  • Direct evidence
  • Corroborating evidence
  • Best evidence
  • Indirect evidence

Pregunta 63

Pregunta
Which tool is developed by Cisco and provides an interactive dashboard that allows investigation of the threat landscape?
Respuesta
  • Wireshark
  • Talos
  • Sguil
  • Snort

Pregunta 64

Pregunta
Which term is used to describe the process of converting log entries into a common format?
Respuesta
  • Standardization
  • Normalization
  • Classification
  • Systemization

Pregunta 65

Pregunta
According to NIST, which step in the digital forensics process involves extracting relevant information from data?
Respuesta
  • Collection
  • Examination
  • Analysis
  • Reporting

Pregunta 66

Pregunta
A law office uses a Linux host as the firewall device for the network. The IT administrator is adding a rule to the firewall iptables to block internal hosts from connecting to a remote device that has the IP address 209.165.202.133. Which command should the administrator use?
Respuesta
  • IPTABLES –I FORWARD –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
  • IPTABLES –I INPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
  • IPTABLES –I PASS –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP
  • IPTABLES –I OUTPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP

Pregunta 67

Pregunta
What procedure should be avoided in a digital forensics investigation?
Respuesta
  • Secure physical access to the computer under investigation
  • Reboot the affected system upon arrival
  • Make a copy of the hard drive
  • Recover deleted files

Pregunta 68

Pregunta
Which statement describes a feature of timestamps in Linux?
Respuesta
  • Human readable timestamps measure the number of seconds that have passed since January 1, 1970.
  • All devices generate human readable and unix epoch timestamps
  • It is easier to work with Unix epoch timestamps for addition and subtraction operations
  • Unix epoch timestamps are easier for humans to interpret

Pregunta 69

Pregunta
Which tool is included with Security Onion that is used by Snort to automatically download new rules?
Respuesta
  • Sguil
  • Wireshark
  • PulledPork
  • ELSA

Pregunta 70

Pregunta
Which tool would an analyst use to start a workflow investigation?
Respuesta
  • Sguil
  • Bro
  • Snort
  • ELSA

Pregunta 71

Pregunta
What is indicated by a Snort signature ID that is below 3464?
Respuesta
  • The SID was created by Sourcefire and distributed under a GPL agreement
  • This is a custom signature developed by the organization to address locally observed rules
  • The SID was created by members of emerging threats
  • The SID was created by the Snort community and is maintained in community rules

Pregunta 72

Pregunta
How does an application program interact with the operating system?
Respuesta
  • Accessing BIOS or UEFI
  • Making API calls
  • Sending files
  • Using processes

Pregunta 73

Pregunta
A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert?
Respuesta
  • TRUE NEGATIVE
  • TRUE POSITIVE
  • FALSE POSITIVE
  • FALSE NEGATIVE

Pregunta 74

Pregunta
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. How would a certified cybersecurity analyst classify this type of threat actor?
Respuesta
  • Amateur
  • Hacktivist
  • State-sponsored
  • Terrorist

Pregunta 75

Pregunta
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. The security team at this company has removed the compromised server and preserved it with the security hack still embedded. What type of evidence is this?
Respuesta
  • Best
  • Classified
  • Corroborating
  • Indirect

Pregunta 76

Pregunta
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. Which type of attack was achieved?
Respuesta
  • Access
  • DoS
  • DDoS
  • Social engineering

Pregunta 77

Pregunta
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. the threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What would be the threat attribution in this case?
Respuesta
  • Evaluating the server alert data
  • Obtaining the most volatile evidence
  • Determining who is responsible for the attack
  • Reporting the incident to the proper authorities

Pregunta 78

Pregunta
Use the following scenario to answer the questions. a company has just had a cybersecurity incident. the threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What are three common tools used to carry out this type of attack? (Choose three.)
Respuesta
  • Ping sweep
  • TCP SYN flood
  • Buffer overflow
  • IP, MAC and DHCP Spoofing
  • Smurf attack
  • Man-in-the-middle

Pregunta 79

Pregunta
Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What is the function provided by the ampersand symbol used in the command?
Respuesta
  • It instructs the tcpdump to capture data that starts with the symbol.
  • It tells the Linux shell to execute the tcpdump process in the background.
  • It tells the Linux shell to display the captured data on the console.
  • It tells the Linux shell to execute the tcpdump process indefinitely.

Pregunta 80

Pregunta
Refer to the exhibit. A cybersecurity analyst is using Sguil to verify security alerts. How is the current view sorted?
Respuesta
  • By sensor number
  • By source IP
  • By frequency
  • By Date/Time

Pregunta 81

Pregunta
Which three procedures in Sguil are provided to security analysts to address alerts? (Choose three.)
Respuesta
  • Expire false positives
  • Pivot to other information sources and tools
  • Construct queries using query builder
  • Escalate an uncertain alert
  • Correlate similar alerts into a single line
  • Categorize true positives

Pregunta 82

Pregunta
Which two strings will be matched by the regular expression? (Choose two.) Level[^12]
Respuesta
  • Level4
  • Level3
  • Level2
  • Level1
  • Level12

Pregunta 83

Pregunta
Which statement describes the status after the Security Onion VM is started?
Respuesta
  • Sguil becomes enabled via the sudo Sguil –e terminal command
  • Awk becomes enabled via the sudo awk terminal command
  • Pullpork is used by ELSA as an open source search engine
  • Snort is enabled by default

Pregunta 84

Pregunta
What are the three core functions provided by the Security Onion? (Choose three.)
Respuesta
  • Business continuity planning
  • Full packet capture
  • Alert analysis
  • Intrusion detection
  • Security device management
  • Threat containment

Pregunta 85

Pregunta
Refer to the exhibit. A network security analyst is using the Follow TCP Stream feature in Wireshark to rebuild the TCP transaction. However, the transaction data seems indecipherable. What is the explanation for this?
Respuesta
  • The transaction data is encoded with base64
  • The transaction data is a binary file
  • The data shown is line noise
  • The transaction data is corrupted

Pregunta 86

Pregunta
What is the tool that has alert records linked directly to the search functionality of the Enterprise Log Search and Archive (ELSA)?
Respuesta
  • Sguil
  • Wireshark
  • CapMe
  • Snort

Pregunta 87

Pregunta
Refer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?
Respuesta
  • 66
  • 1514
  • 6666
  • 48598

Pregunta 88

Pregunta
Which two types of unreadable network traffic could be eliminated from data collected by NSM? (Choose two.)
Respuesta
  • Routing updates traffic
  • STP traffic
  • SSL traffic
  • IPSec traffic
  • Broadcast traffic

Pregunta 89

Pregunta
When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations of a system? (Choose two.)
Respuesta
  • Collect email and web logs for forensic reconstruction.
  • Analyze the infrastructure path used for delivery.
  • Audit endpoints to forensically determine origin of exploit.
  • Conduct full malware analysis.
  • Conduct employee awareness training and email testing.

Pregunta 90

Pregunta
Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?
Respuesta
  • Detail how incidents should be handled based on the mission and functions of an organization.
  • Develop metrics for measuring the incident response capability and its effectiveness.
  • Create an organizational structure and definition of roles, responsibilities, and levels of authority.
  • Prioritize severity ratings of security incidents.

Pregunta 91

Pregunta
What is the objective the threat actor in establishing a two-way communication channel between the target system and a CnC infrastructure?
Respuesta
  • to allow the threat actor to issue commands to the software that is installed on the target
  • to steal network bandwidth from the network where the target is located
  • to launch a buffer overflow attack
  • to send user data stored on the target to the threat actor

Pregunta 92

Pregunta
After containment, what is the first step of eradicating an attack?
Respuesta
  • Hold meetings on lessons learned.
  • Change all passwords.
  • Patch all vulnerabilities.
  • Identify all hosts that need remediation.

Pregunta 93

Pregunta
What is defined in the SOP of a computer security incident response capability (CSIRC)?
Respuesta
  • the procedures that are followed during an incident response
  • the metrics for measuring incident response capabilities
  • the roadmap for increasing incident response capabilities
  • the details on how an incident is handled

Pregunta 94

Pregunta
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. The threat actor has already placed malware on the server causing its performance to slow. The network administrator has found and removed the malware as well as patched the security hole where the threat actor gained access. The network administrator can find no other security issue. What stage of the Cyber Kill Chain did the threat actor achieve?
Respuesta
  • actions on objectives
  • command and control
  • delivery
  • exploitation
  • installation

Pregunta 95

Pregunta
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. If the web server runs Microsoft IIS, which Windows tool would the network administrator use to view the access logs?
Respuesta
  • Event Viewer
  • net command
  • PowerShell
  • Task Manager

Pregunta 96

Pregunta
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. Reports of network slowness lead the network administrator to review server alerts. The administrator confirms that an alert was an actual security incident. Which type of security alert classification would this be?
Respuesta
  • false negative
  • false positive
  • true negative
  • true positive

Pregunta 97

Pregunta
A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. The network administrator believes that the threat actor used a commonly available tool to slow the server down. The administrator concludes that based on the source IP address identified in the alert, the threat actor was probably one of the students. What type of hacker would the student be classified as?
Respuesta
  • black hat
  • gray hat
  • red hat
  • white hat

Pregunta 98

Pregunta
What is the goal of an attack in the installation phase of the Cyber Kill Chain?
Respuesta
  • Create a back door in the target system to allow for future access.
  • Establish command and control (CnC) with the target system.
  • Use the information from the reconnaissance phase to develop a weapon against the target.
  • Break the vulnerability and gain control of the target.

Pregunta 99

Pregunta
Which meta-feature element in the Diamond Model describes information gained by the adversary?
Respuesta
  • resources
  • methodology
  • direction
  • results

Pregunta 100

Pregunta
What is a benefit of using the VERIS community database?
Respuesta
  • It can be used to discover how other organizations dealt with a particular type of security incident.
  • Companies who pay to contribute and access the database are protected from security threats.
  • It can be used to discover the name of known threat actors.
  • The database can be easily compressed.

Pregunta 101

Pregunta
When a security attack has occurred, which two approaches should security professionals take to mitigate a compromised system during the Actions on Objectives step as defined by the Cyber Kill Chain model? (Choose two.)
Respuesta
  • Build detections for the behavior of known malware.
  • Train web developers for securing code.
  • Detect data exfiltration, lateral movement, and unauthorized credential usage.
  • Perform forensic analysis of endpoints for rapid triage.
  • Collect malware files and metadata for future analysis.

Pregunta 102

Pregunta
A threat actor has identified the potential vulnerability of the web server of an organization and is building an attack. What will the threat actor possibly do to build an attack weapon?
Respuesta
  • Obtain an automated tool in order to deliver the malware payload through the vulnerability.
  • Install a webshell on the web server for persistent access.
  • Create a point of persistence by adding services.
  • Collect credentials of the web server developers and administrators.

Pregunta 103

Pregunta
Which action is taken in the postincident phase of the NIST incident response life cycle?
Respuesta
  • Document the handling of the incident.
  • identify and validate incidents.
  • Conduct CSIRT response training.
  • Implement procedures to contain threats.

Pregunta 104

Pregunta
Which top-level element of the VERIS schema would allow a company to log who the actors were, what actions affected the asset, which assets were affected, and how the asset was affected?
Respuesta
  • incident description
  • incident tracking
  • discovery and response
  • victim demographics

Pregunta 105

Pregunta
What is the role of vendor teams as they relate to CSIRT?
Respuesta
  • Coordinate incident handling across multiple CSIRTs.
  • Handle customer reports concerning security vulnerabilities.
  • Use data from many sources to determine incident activity trends.
  • Provide incident handling to other organizations as a fee-based service.

Pregunta 106

Pregunta
According to information outlined by the Cyber Kill Chain, which two approaches can help identify reconnaissance threats? (Choose two.)
Respuesta
  • Analyze web log alerts and historical search data.
  • Audit endpoints to forensically determine origin of exploit.
  • Build playbooks for detecting browser behavior.
  • Conduct full malware analysis.
  • Understand targeted servers, people, and data available to attack.

Pregunta 107

Pregunta
To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)
Respuesta
  • measures used to prevent an incident
  • time and date the evidence was collected
  • extent of the damage to resources and assets
  • vulnerabilities that were exploited in an attack
  • serial numbers and hostnames of devices used as evidence
  • location of all evidence

Pregunta 108

Pregunta
Which schema or model was created to anonymously share quality information about security events to the security community?
Respuesta
  • VERIS
  • Diamond
  • CSIRT
  • Cyber Kill Chain

Pregunta 109

Pregunta
What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?
Respuesta
  • It provides a roadmap for maturing the incident response capability.
  • It provides metrics for measuring the incident response capability and effectiveness.
  • It defines how the incident response teams will communicate with the rest of the organization and with other organizations.
  • It details how incidents should be handled based on the organizational mission and functions.

Pregunta 110

Pregunta
What information is gathered by the CSIRT when determining the scope of a security incident?
Respuesta
  • the processes used to preserve evidence
  • the strategies and procedures used for incident containment
  • the networks, systems, and applications affected by an incident
  • the amount of time and resources needed to handle an incident

Pregunta 111

Pregunta
What is the main purpose of exploitations by a threat actor through the weapon delivered to a target during the Cyber Kill Chain exploitation phase?
Respuesta
  • Launch a DoS attack
  • Send a message back to CnC controlled by the threat actor
  • Break the vulnerability and gain control of the target
  • Establish a back door into the system

Pregunta 112

Pregunta
Which term is used in the Diamond Model of intrusion to describe a tool that a threat actor uses toward a target system?
Respuesta
  • infrastructure
  • capability
  • weaponization
  • adversary

Pregunta 113

Pregunta
What is the role of a Computer Emergency Response Team?
Respuesta
  • Receive, review, and respond to security incidents in an organization.
  • Provide national standards as a fee-based service.
  • Coordinate security incident handling across multiple CSIRTs.
  • Provide security awareness, best practices, and security vulnerability information to a specific population.

Pregunta 114

Pregunta
A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet. To which attack phase do these activities belong according to the Cyber Kill Chain model?
Respuesta
  • Actions on objectives
  • Exploitation
  • Reconnaissance
  • Weaponization

Pregunta 115

Pregunta
In which phase of the NIST incident response life cycle is evidence gathered that can assist subsequent investigations by authorities?
Respuesta
  • Preparation
  • Containment, Eradication and Recovery
  • Postincident activities
  • Detection and analysis

Pregunta 116

Pregunta
The company will be using both Linux- and Windows- based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two).
Respuesta
  • Iptable
  • SIEM
  • Snort
  • Windows Table

Pregunta 117

Pregunta
The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.)
Respuesta
  • 802 is authentication
  • HTTPS web-service
  • FTP transfers
  • Local NTP server
  • File and directory permission

Pregunta 118

Pregunta
The entrepreneur is concerned about company employees having uninterrupted access to important resources and data. Which of the CIA triad components would address the concern?
Respuesta
  • Authentication
  • Confidentiality
  • Integrity
  • Availability

Pregunta 119

Pregunta
Use the following scenario to answer the questions. An entrepreneur is starting a small business and is considering the server services needed for the startup company. The company handling the IT service is presenting options to the company. The company will be using both Linux- and Windows-based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two.)
Respuesta
  • Iptable
  • Windows Firewall
  • Snort
  • SIEM
  • Wireshark

Pregunta 120

Pregunta
What is the Stream Ciphers?
Respuesta
  • Stream ciphers operate on each bit (instead of block)
  • Random answer (do not click, dumbass)

Pregunta 121

Pregunta
Grey Hat Hackers are..
Respuesta
  • Commit crimes and do unethical things but not for personal gain or to cause damage.
  • May compromise network and then disclose the problem so the organization can fix the problem.
  • Random answer1
  • Random answer2

Pregunta 122

Pregunta
“Vulnerability Broker” Threat Actors ...
Respuesta
  • Discover exploits and report them to vendors, sometimes for prizes or rewards.
  • Random answer 1 (click here to get free $500!)

Pregunta 123

Pregunta
Definition of the attack " Sniffer "…
Respuesta
  • an application or device that can read, monitor, and capture network data exchanges and read network packets
  • Random answer 1 (do not click)

Pregunta 124

Pregunta
Which type of security threat can be described as software that attaches itself to another program to execute a specific unwanted function?
Respuesta
  • virus
  • worm
  • proxy Trojan horse
  • Denial of Service Trojan horse

Pregunta 125

Pregunta
What is the significant characteristic of worm malware? Hint: Virus requires a host program to run, worms can run by themselves. Automatically replicates itself and spreads across the network from system to system
Respuesta
  • A worm can execute independently of the host system.
  • A worm must be triggered by an event on the host system.
  • Worm malware disguises itself as legitimate software.
  • Once installed on a host system, a worm does not replicate itself

Pregunta 126

Pregunta
What is the purpose of a reconnaissance attack on a computer network?
Respuesta
  • Also known as information gathering, reconnaissance attacks perform unauthorized discovery and mapping of systems, services, or vulnerabilities.
  • Random answer 1

Pregunta 127

Pregunta
Type of access attack that attempts to manipulate individuals into performing actions or divulging confidential information needed to access a network.
Respuesta
  • Social engineering attacks
  • Random answer 1

Pregunta 128

Pregunta
What kind of DDOS term are malware designed to infect a host and communicate with a handler system and can also log keystrokes, gather passwords, capture and analyze packets, and more?
Respuesta
  • Bots
  • Random answer 1

Pregunta 129

Pregunta
What term DDoS attack refers to a group of zombies infected using self-propagating malware (i.e., bots) and are controlled by handlers?
Respuesta
  • Botnet
  • Random answer 1 (do not click)

Pregunta 130

Pregunta
What term DDoS attack refers to a master command-and-control server controlling groups of zombies?
Respuesta
  • Handlers
  • Bots
  • Botnet
  • Botmaster

Pregunta 131

Pregunta
What term DDoS attack refers to a group of compromised hosts (i.e. agents) that run malicious code referred to as robots (i.e. bots) ?
Respuesta
  • Zombies
  • Handlers
  • Botmaster
  • Scrum master

Pregunta 132

Pregunta
What term DDoS attack refers to the malware designed to infect a host and communicate with a handler system. It can also log keystrokes, gather passwords, capture and analyze packets, and more...
Respuesta
  • Bots
  • Zombies
  • Handlers
  • Handlermaster

Pregunta 133

Pregunta
What term DDoS attack refers to a group of zombies infected using self-propogating malware (i.e. bots) and are controlled by handlers.
Respuesta
  • Botnet
  • Handlers
  • Handlermaster
  • Scrum master

Pregunta 134

Pregunta
What DDOS attack term refers to the threat actor in control of the botnet handlers?
Respuesta
  • Botmaster
  • Zombies
  • Zombie master
  • Scrum master

Pregunta 135

Pregunta
Types of attacks targeting IP:
Respuesta
  • DOS
  • buffer overflow
  • Random answer 1 (do not click here)

Pregunta 136

Pregunta
The DoS attacks...
Respuesta
  • Originates from multiple, coordinated sources
  • Compromises many hosts
  • Random answer 1

Pregunta 137

Pregunta
ICMP attacks...
Respuesta
  • Can be used to identify hosts on a network, the structure of a network, and determine the operating systems at use on the network. Can also be used as a vehicle for various types of DoS attacks. ICMP can also be used for data exfiltration through ICMP traffic from inside the network.
  • To carry diagnostic messages and to report error conditions when routes, hosts, and ports are unavailable. ICMP messages are generated by devices when a network error or outage occurs.
  • Random answer 1 (do not click here)

Pregunta 138

Pregunta
Two major sources of DoS attacks (choose two):
Respuesta
  • Maliciously Formatted Packets
  • Overwhelming Quantity of Traffic
  • Random answer 1 (don't click)

Pregunta 139

Pregunta
Which tool is used to provide a list of open ports on network devices?
Respuesta
  • Nmap
  • Sguil
  • ELSA
  • Security Onion

Pregunta 140

Pregunta
The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this?
Respuesta
  • remote access
  • Random answer 1

Pregunta 141

Pregunta
What is IPS?
Respuesta
  • Intrusion prevention system that stops trigger packets
  • Random answer

Pregunta 142

Pregunta
What is the ACL?
Respuesta
  • Is a series of commands that control whether a device forwards or drops packets based on information found in the packet header
  • Random answer

Pregunta 143

Pregunta
What is the The syslog logging service?
Respuesta
  • Serivce that allows networking devices to send their system messages across the network to syslog servers.
  • Service that provides three primary functions: Gather logging information for monitoring and troubleshooting; Select the type of logging information that is captured; Specify the destination of captured syslog messages.
  • Random answer 1

Pregunta 144

Pregunta
________ is an usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information.
Respuesta
  • Packet filtering (Stateless) firewalls
  • Random answer

Pregunta 145

Pregunta
This type firewalls filters IP traffic between a pair of bridged interfaces
Respuesta
  • Transparent firewall
  • Random answer

Pregunta 146

Pregunta
What systems provide real time reporting and long-term analysis of security events?
Respuesta
  • Security Information Event Management (SIEM)
  • Random answer
Mostrar resumen completo Ocultar resumen completo

Similar

reading test 9 form
svetlana.gainano
Glosario de Términos Educativos
maya velasquez
Mapa conceptual de la materia._1
gaby271975
Inglés - Verbos Compuestos I (Phrasal Verbs)
Sil Vere
FISIOLOGÍA DEL RIÑON
Patricia Ortiz
Didáctica de la expresión escrita
Estibalitz Etxaide
Comunicación y Medios
isabel lugo
La historia de la Física 
Diego Rondine
DERECHO LABORAL LINEA DEL TIEMPO
felipe cardenas
MANUAL DE MUSCULOS DE MIEMBRO SUPERIOR
cristian felipe pèrez cruz
USO DE HERRAMIENTAS DE DISEÑO AUTOCAD
mart cruzz