Fundamentals of Information Security [State Exam | Part 2 + 23 new questions]

Question

What are two methods to maintain certificate revocation status? (Choose two.)

Answer 1

subordinate CA

Answer 2

invade the castle

Answer 3

defend the castle

Answer 4

defend the region

Answer 5

invade the region

Answer 6

It ensures that the person who is gaining access to a network device is authorized.

Answer 7

It provides proof that data has a traditional signature attached.

Answer 8

It guarantees that a website has not been hacked.

Answer 9

It authenticates a website and establishes a secure connection to exchange confidential data

Answer 10

data integrity

Answer 11

non-repudiation

Answer 12

origin authentication

Answer 13

data confidentiality

Answer 14

intrusion detection and prevention

Answer 15

anti-phishing

Answer 16

safe browsing

Answer 17

Group Policy Editor

Answer 18

Local Users and Groups

Answer 19

Computer Management

Answer 20

Task Manager

Answer 21

Host-based antivirus systems provide agentless antivirus protection.

Answer 22

The antivirus protection is provided by the router that is connected to a cloud service.

Answer 23

The antivirus protection is provided by the ISP.

Answer 24

Antivirus scans are performed on hosts from a centralized system.

Answer 25

risk avoidance

Answer 26

risk retention

Answer 27

risk reduction

Answer 28

risk sharing

Answer 29

risk reduction

Answer 30

risk avoidance

Answer 31

risk retention

Answer 32

risk sharing

Answer 33

It identifies potential attacks and sends alerts but does not stop the traffic.

Answer 34

It detects and stops potential direct attacks but does not scan for malware.

Answer 35

It is an agentless system that scans files on a host for potential malware.

Answer 36

It combines the functionalities of antimalware applications with firewall protection.

Answer 37

behavior-based

Answer 38

agent-based

Answer 39

signature-based

Answer 40

heuristic-based

Answer 41

workstation

Answer 42

user interaction

Answer 43

attack vector

Answer 44

attack complexity

Answer 45

privileges required

Answer 46

risk reduction

Answer 47

risk avoidance

Answer 48

risk retention

Answer 49

risk sharing

Answer 50

It is a file used by a DHCP server to store current active IP addresses.

Answer 51

It is a DHCP application in Windows.

Answer 52

It is a DNS daemon in Linux.

Answer 53

It is a rule-based firewall application in Linux.

Answer 54

asset management

Answer 55

vulnerability management

Answer 56

risk management

Answer 57

configuration management

Answer 58

It compares the signatures of incoming traffic to a known intrusion database.

Answer 59

It compares the antivirus definition file to a cloud based repository for latest updates.

Answer 60

It compares the operations of a host against a well-defined security policy.

Answer 61

It compares the behavior of a host to an established baseline to identify potential intrusions.

Answer 62

Identify threats and vulnerabilities and the matching of threats with vulnerabilities.

Answer 63

Establish a baseline to indicate risk before security controls are implemented.

Answer 64

Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness.

Answer 65

Perform audits to verify threats are eliminated.

Answer 66

It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

Answer 67

It is the comparison between known malware and system risks.

Answer 68

It is the detection of malware against a central vulnerability research center.

Answer 69

It is the advisory notice from a vulnerability research center.

Answer 70

whitelisting

Answer 71

blacklisting

Answer 72

baselining

Answer 73

It provides network access to only authorized and compliant systems.

Answer 74

A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint.

Answer 75

It provides endpoint protection from viruses and malware.

Answer 76

It provides filtering and blacklisting of websites being accessed by end users.

Answer 77

heuristics-based

Answer 78

packet-based

Answer 79

behavior-based

Answer 80

signature-based

Answer 81

Gramm-Leach-Bliley Act (GLBA)

Answer 82

Health Insurance Portability and Accountability Act (HIPAA)

Answer 83

Federal Information Security Management Act of 2002 (FISMA)

Answer 84

Sarbanes-Oxley Act of 2002 (SOX)

Answer 85

It is the total sum of vulnerabilities in a system that is accessible to an attacker.

Answer 86

It is the group of hosts that experiences the same attack.

Answer 87

It is the network interface where attacks originate.

Answer 88

It is the total number of attacks toward an organization within a day.

Answer 89

prioritize assets

Answer 90

session duration

Answer 91

critical asset address space

Answer 92

ports used

Answer 93

total throughput

Answer 94

Modified Base

Answer 95

Confidentiality Requirement

Answer 96

Exploit Code Maturity

Answer 97

Exploitability

Answer 98

Impact metrics

Answer 99

risk analysis

Answer 100

penetration testing

Answer 101

vulnerability assessment

Answer 102

strength of network security testing

Answer 103

attack complexity

Answer 104

user interaction

Answer 105

attack vector

Answer 106

privileges required

Answer 107

It is a network-based IDS/IPS.

Answer 108

It is a firewall appliance.

Answer 109

It is a host-based intrusion detection system (HIDS) solution to fight against malware

Answer 110

It is a sandbox product for analyzing malware behaviors.

Answer 111

HTTPS cannot protect visitors to a company-provided web site.

Answer 112

HTTPS can be used to infiltrate DNS queries.

Answer 113

Web browser traffic is directed to infected servers.

Answer 114

HTTPS adds complexity to captured packets.

Answer 115

by collecting information about a network

Answer 116

by corrupting network IP data packets

Answer 117

by providing a conduit for DoS attacks

Answer 118

by corrupting data between email servers and email recipients

Answer 119

by the infiltration of web pages

Answer 120

It makes Snort-generated alerts readable and searchable.

Answer 121

It detects potential network intrusions.

Answer 122

It reports conversations between hosts on the network.

Answer 123

It prevents malware from attacking a host.

Answer 124

Apache access logs

Answer 125

Event Viewer

Answer 126

a background process that runs without the need for user interaction

Answer 127

a record to keep track of important events

Answer 128

a type of security attack

Answer 129

an application that monitors and analyzes suspicious activity

Answer 130

access based on security clearance held

Answer 131

principle of least privilege

Answer 132

role-based access control

Answer 133

user-based data access control

Answer 134

compatibility with CDFS

Answer 135

compatibility with NTFS

Answer 136

decreased load time

Answer 137

improved performance

Answer 138

an increase in the number of supported devices

Answer 139

increase in the size of supported files

Answer 140

It can be used to encode stolen data and send to a threat actor.

Answer 141

An email can be used to bring malware to a host.

Answer 142

Encrypted data is decrypted.

Answer 143

Someone inadvertently clicks on a hidden iFrame.

Answer 144

Open the Task Manager, right-click on the lsass process and choose End Task.

Answer 145

Uninstall the lsass application because it is a legacy application and no longer required by Windows.

Answer 146

Move it to Program Files (x86) because it is a 32bit application.

Answer 147

Delete the file because it is probably malware.

Answer 148

by checking the reputation of external web servers

Answer 149

by functioning as a firewall

Answer 150

by inspecting incoming traffic for potential exploits

Answer 151

by scanning and logging outgoing traffic

Answer 152

It is a record of a conversation between network hosts.

Answer 153

It can be used to describe or predict network behavior.

Answer 154

It reports detailed network activities between network hosts.

Answer 155

It shows the result of network sessions.

Answer 156

Management and Reporting

Answer 157

Metrics Collection

Answer 158

Application Recognition

Answer 159

IDS and IPS capabilities

Answer 160

security and user account restrictions

Answer 161

peak usage times and traffic routing

Answer 162

source and destination UDP port mapping

Answer 163

a type of Instant Messaging (IM) software used on the darknet

Answer 164

a way to share processors between network devices across the Internet

Answer 165

a rule created in order to match a signature of a known exploit

Answer 166

a software platform and network of P2P hosts that function as Internet routers

Answer 167

It shows the results of network activities between network hosts.

Answer 168

It contains conversations between network hosts.

Answer 169

It is created through an analysis of other forms of network data.

Answer 170

It lists each alert message along with statistical information.

Answer 171

The request was unsuccessful because of server errors.

Answer 172

The request was fulfilled successfully.

Answer 173

The request was redirected to another web server.

Answer 174

The request was unsuccessful because of client errors.

Answer 175

Monitor DNS proxy server logs and look for unusual DNS queries.

Answer 176

Use IPS/IDS devices to scan internal corporate traffic.

Answer 177

Limit the number of simultaneously opened browsers or browser tabs.

Answer 178

Limit the number of DNS queries permitted within the organization.

Answer 179

Apache Traffic Server

Answer 180

Traffic is sent in plain-text by the user machine and is encrypted by the TOR node in France and decrypted by the TOR node in Germany.

Answer 181

Traffic is encrypted by the user machine and sent directly to the cisco.com server to be decrypted.

Answer 182

Traffic is encrypted by the user machine, and the TOR network only routes the traffic through France, Canada, Germany, and delivers it to cisco.com.

Answer 183

Traffic is encrypted by the user machine, and the TOR network encrypts next-hop information on a hop-by-hop basis.

Answer 184

setup logs

Answer 185

application logs

Answer 186

system logs

Answer 187

security logs

Answer 188

setup logs

Answer 189

security logs

Answer 190

application logs

Answer 191

system logs

Answer 192

The timestamp represents the round trip duration value.

Answer 193

The syslog message indicates the time an email is received.

Answer 194

There is a problem associated with NTP.

Answer 195

The syslog message should be treated with high priority.

Answer 196

It helps identify malware signatures

Answer 197

It is used to decode files

Answer 198

It verifies confidentiality of files

Answer 199

It is used as a key for encryption

Answer 200

Direct evidence

Answer 201

Corroborating evidence

Answer 202

Best evidence

Answer 203

Indirect evidence

Answer 204

Standardization

Answer 205

Normalization

Answer 206

Classification

Answer 207

Systemization

Answer 208

Collection

Answer 209

Examination

Answer 210

IPTABLES –I FORWARD –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP

Answer 211

IPTABLES –I INPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP

Answer 212

IPTABLES –I PASS –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP

Answer 213

IPTABLES –I OUTPUT –P TCP –D 209.165.202.133 –DPORT 7777 –J DROP

Answer 214

Secure physical access to the computer under investigation

Answer 215

Reboot the affected system upon arrival

Answer 216

Make a copy of the hard drive

Answer 217

Recover deleted files

Answer 218

Human readable timestamps measure the number of seconds that have passed since January 1, 1970.

Answer 219

All devices generate human readable and unix epoch timestamps

Answer 220

It is easier to work with Unix epoch timestamps for addition and subtraction operations

Answer 221

Unix epoch timestamps are easier for humans to interpret

Answer 222

PulledPork

Answer 223

The SID was created by Sourcefire and distributed under a GPL agreement

Answer 224

This is a custom signature developed by the organization to address locally observed rules

Answer 225

The SID was created by members of emerging threats

Answer 226

The SID was created by the Snort community and is maintained in community rules

Answer 227

Accessing BIOS or UEFI

Answer 228

Making API calls

Answer 229

Sending files

Answer 230

Using processes

Answer 231

TRUE NEGATIVE

Answer 232

TRUE POSITIVE

Answer 233

FALSE POSITIVE

Answer 234

FALSE NEGATIVE

Answer 235

Hacktivist

Answer 236

State-sponsored

Answer 237

Classified

Answer 238

Corroborating

Answer 239

Social engineering

Answer 240

Evaluating the server alert data

Answer 241

Obtaining the most volatile evidence

Answer 242

Determining who is responsible for the attack

Answer 243

Reporting the incident to the proper authorities

Answer 244

Ping sweep

Answer 245

TCP SYN flood

Answer 246

Buffer overflow

Answer 247

IP, MAC and DHCP Spoofing

Answer 248

Smurf attack

Answer 249

Man-in-the-middle

Answer 250

It instructs the tcpdump to capture data that starts with the symbol.

Answer 251

It tells the Linux shell to execute the tcpdump process in the background.

Answer 252

It tells the Linux shell to display the captured data on the console.

Answer 253

It tells the Linux shell to execute the tcpdump process indefinitely.

Answer 254

By sensor number

Answer 255

By source IP

Answer 256

By frequency

Answer 257

By Date/Time

Answer 258

Expire false positives

Answer 259

Pivot to other information sources and tools

Answer 260

Construct queries using query builder

Answer 261

Escalate an uncertain alert

Answer 262

Correlate similar alerts into a single line

Answer 263

Categorize true positives

Answer 264

Sguil becomes enabled via the sudo Sguil –e terminal command

Answer 265

Awk becomes enabled via the sudo awk terminal command

Answer 266

Pullpork is used by ELSA as an open source search engine

Answer 267

Snort is enabled by default

Answer 268

Business continuity planning

Answer 269

Full packet capture

Answer 270

Alert analysis

Answer 271

Intrusion detection

Answer 272

Security device management

Answer 273

Threat containment

Answer 274

The transaction data is encoded with base64

Answer 275

The transaction data is a binary file

Answer 276

The data shown is line noise

Answer 277

The transaction data is corrupted

Answer 278

Routing updates traffic

Answer 279

STP traffic

Answer 280

SSL traffic

Answer 281

IPSec traffic

Answer 282

Broadcast traffic

Answer 283

Collect email and web logs for forensic reconstruction.

Answer 284

Analyze the infrastructure path used for delivery.

Answer 285

Audit endpoints to forensically determine origin of exploit.

Answer 286

Conduct full malware analysis.

Answer 287

Conduct employee awareness training and email testing.

Answer 288

Detail how incidents should be handled based on the mission and functions of an organization.

Answer 289

Develop metrics for measuring the incident response capability and its effectiveness.

Answer 290

Create an organizational structure and definition of roles, responsibilities, and levels of authority.

Answer 291

Prioritize severity ratings of security incidents.

Answer 292

to allow the threat actor to issue commands to the software that is installed on the target

Answer 293

to steal network bandwidth from the network where the target is located

Answer 294

to launch a buffer overflow attack

Answer 295

to send user data stored on the target to the threat actor

Answer 296

Hold meetings on lessons learned.

Answer 297

Change all passwords.

Answer 298

Patch all vulnerabilities.

Answer 299

Identify all hosts that need remediation.

Answer 300

the procedures that are followed during an incident response

Answer 301

the metrics for measuring incident response capabilities

Answer 302

the roadmap for increasing incident response capabilities

Answer 303

the details on how an incident is handled

Answer 304

actions on objectives

Answer 305

command and control

Answer 306

exploitation

Answer 307

installation

Answer 308

Event Viewer

Answer 309

net command

Answer 310

PowerShell

Answer 311

Task Manager

Answer 312

false negative

Answer 313

false positive

Answer 314

true negative

Answer 315

true positive

Answer 316

Create a back door in the target system to allow for future access.

Answer 317

Establish command and control (CnC) with the target system.

Answer 318

Use the information from the reconnaissance phase to develop a weapon against the target.

Answer 319

Break the vulnerability and gain control of the target.

Answer 320

methodology

Answer 321

It can be used to discover how other organizations dealt with a particular type of security incident.

Answer 322

Companies who pay to contribute and access the database are protected from security threats.

Answer 323

It can be used to discover the name of known threat actors.

Answer 324

The database can be easily compressed.

Answer 325

Build detections for the behavior of known malware.

Answer 326

Train web developers for securing code.

Answer 327

Detect data exfiltration, lateral movement, and unauthorized credential usage.

Answer 328

Perform forensic analysis of endpoints for rapid triage.

Answer 329

Collect malware files and metadata for future analysis.

Answer 330

Obtain an automated tool in order to deliver the malware payload through the vulnerability.

Answer 331

Install a webshell on the web server for persistent access.

Answer 332

Create a point of persistence by adding services.

Answer 333

Collect credentials of the web server developers and administrators.

Answer 334

Document the handling of the incident.

Answer 335

identify and validate incidents.

Answer 336

Conduct CSIRT response training.

Answer 337

Implement procedures to contain threats.

Answer 338

incident description

Answer 339

incident tracking

Answer 340

discovery and response

Answer 341

victim demographics

Answer 342

Coordinate incident handling across multiple CSIRTs.

Answer 343

Handle customer reports concerning security vulnerabilities.

Answer 344

Use data from many sources to determine incident activity trends.

Answer 345

Provide incident handling to other organizations as a fee-based service.

Answer 346

Analyze web log alerts and historical search data.

Answer 347

Audit endpoints to forensically determine origin of exploit.

Answer 348

Build playbooks for detecting browser behavior.

Answer 349

Conduct full malware analysis.

Answer 350

Understand targeted servers, people, and data available to attack.

Answer 351

measures used to prevent an incident

Answer 352

time and date the evidence was collected

Answer 353

extent of the damage to resources and assets

Answer 354

vulnerabilities that were exploited in an attack

Answer 355

serial numbers and hostnames of devices used as evidence

Answer 356

location of all evidence

Answer 357

Cyber Kill Chain

Answer 358

It provides a roadmap for maturing the incident response capability.

Answer 359

It provides metrics for measuring the incident response capability and effectiveness.

Answer 360

It defines how the incident response teams will communicate with the rest of the organization and with other organizations.

Answer 361

It details how incidents should be handled based on the organizational mission and functions.

Answer 362

the processes used to preserve evidence

Answer 363

the strategies and procedures used for incident containment

Answer 364

the networks, systems, and applications affected by an incident

Answer 365

the amount of time and resources needed to handle an incident

Answer 366

Launch a DoS attack

Answer 367

Send a message back to CnC controlled by the threat actor

Answer 368

Break the vulnerability and gain control of the target

Answer 369

Establish a back door into the system

Answer 370

infrastructure

Answer 371

capability

Answer 372

weaponization

Answer 373

Receive, review, and respond to security incidents in an organization.

Answer 374

Provide national standards as a fee-based service.

Answer 375

Coordinate security incident handling across multiple CSIRTs.

Answer 376

Provide security awareness, best practices, and security vulnerability information to a specific population.

Answer 377

Actions on objectives

Answer 378

Exploitation

Answer 379

Reconnaissance

Answer 380

Weaponization

Answer 381

Preparation

Answer 382

Containment, Eradication and Recovery

Answer 383

Postincident activities

Answer 384

Detection and analysis

Answer 385

Windows Table

Answer 386

802 is authentication

Answer 387

HTTPS web-service

Answer 388

FTP transfers

Answer 389

Local NTP server

Answer 390

File and directory permission

Answer 391

Authentication

Answer 392

Confidentiality

Answer 393

Availability

Answer 394

Windows Firewall

Answer 395

Stream ciphers operate on each bit (instead of block)

Answer 396

Random answer (do not click, dumbass)

Answer 397

Commit crimes and do unethical things but not for personal gain or to cause damage.

Answer 398

May compromise network and then disclose the problem so the organization can fix the problem.

Answer 399

Random answer1

Answer 400

Random answer2

Answer 401

Discover exploits and report them to vendors, sometimes for prizes or rewards.

Answer 402

Random answer 1 (click here to get free $500!)

Answer 403

an application or device that can read, monitor, and capture network data exchanges and read network packets

Answer 404

Random answer 1 (do not click)

Answer 405

proxy Trojan horse

Answer 406

Denial of Service Trojan horse

Answer 407

A worm can execute independently of the host system.

Answer 408

A worm must be triggered by an event on the host system.

Answer 409

Worm malware disguises itself as legitimate software.

Answer 410

Once installed on a host system, a worm does not replicate itself

Answer 411

Also known as information gathering, reconnaissance attacks perform unauthorized discovery and mapping of systems, services, or vulnerabilities.

Answer 412

Random answer 1

Answer 413

Social engineering attacks

Answer 414

Random answer 1

Answer 415

Random answer 1

Answer 416

Random answer 1 (do not click)

Answer 417

Scrum master

Answer 418

Handlermaster

Answer 419

Handlermaster

Answer 420

Scrum master

Answer 421

Zombie master

Answer 422

Scrum master

Answer 423

buffer overflow

Answer 424

Random answer 1 (do not click here)

Answer 425

Originates from multiple, coordinated sources

Answer 426

Compromises many hosts

Answer 427

Random answer 1

Answer 428

Can be used to identify hosts on a network, the structure of a network, and determine the operating systems at use on the network. Can also be used as a vehicle for various types of DoS attacks. ICMP can also be used for data exfiltration through ICMP traffic from inside the network.

Answer 429

To carry diagnostic messages and to report error conditions when routes, hosts, and ports are unavailable. ICMP messages are generated by devices when a network error or outage occurs.

Answer 430

Random answer 1 (do not click here)

Answer 431

Maliciously Formatted Packets

Answer 432

Overwhelming Quantity of Traffic

Answer 433

Random answer 1 (don't click)

Answer 434

Security Onion

Answer 435

remote access

Answer 436

Random answer 1

Answer 437

Intrusion prevention system that stops trigger packets

Answer 438

Random answer

Answer 439

Is a series of commands that control whether a device forwards or drops packets based on information found in the packet header

Answer 440

Random answer

Answer 441

Serivce that allows networking devices to send their system messages across the network to syslog servers.

Answer 442

Service that provides three primary functions: Gather logging information for monitoring and troubleshooting; Select the type of logging information that is captured; Specify the destination of captured syslog messages.

Answer 443

Random answer 1

Answer 444

Packet filtering (Stateless) firewalls

Answer 445

Random answer

Answer 446

Transparent firewall

Answer 447

Random answer

Answer 448

Security Information Event Management (SIEM)

Answer 449

Random answer

	Created by Good Guy Beket over 5 years ago

Next up

Fundamentals of Information Security [State Exam | Part 2 + 23 new questions]

Description

Resource summary

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

Question 27

Question 28

Question 29

Question 30

Question 31

Question 32

Question 33

Question 34

Question 35

Question 36

Question 37

Question 38

Question 39

Question 40

Question 41

Question 42

Question 43

Question 44

Question 45

Question 46

Question 47

Question 48

Question 49

Question 50

Question 51

Question 52

Question 53

Question 54

Question 55

Question 56

Question 57

Question 58

Question 59

Question 60

Question 61

Question 62

Question 63

Question 64

Question 65

Question 66

Question 67

Question 68

Question 69

Question 70

Question 71

Question 72

Question 73

Question 74

Question 75

Question 76