ist292 test 2
Jason gathers threat intelligence that tells him that an adversary his organization considers a threat likes to use USB key drops to compromise their targets. What is this an example of?
A possible attack vector
After a breach that resulted in attackers successfully exfiltrating a sensitive database, Jason has been asked to deploy a technology that will prevent similar issues in the future. What technology is best suited to this requirement?
DLP
Which of the following measures is not commonly used to assess threat intelligence?
Detail
Which step occurs first during the attack phase of a penetration test?
Gaining access
Organizations like Anonymous, which target governments and businesses for political reasons, are examples of what type of threat actors?
Hacktivists
Forensic data is most often used for what type of threat assessment data?
IOCs
When performing 802.1x authentication, what protocol does the authenticator use to communicate with the authentication server?
RADIUS
Which one of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures?
Sandboxing
Example Corporation has split their network into network zones that include sales, HR, research and development, and guest networks, each separated from the others using network security devices. What concept is Example Corporation using for their network security?
Segmentation
During a penetration test of Anna's company, the penetration testers were able to compromise the company's web servers and deleted their log files, preventing analysis of their attacks. What compensating control is best suited to prevent this issue in the future?
Sending logs to a syslog server
Tony configures his network to provide false DNS responses for known malware domains. What technique is he using?
Sinkholing
Juan is configuring a new device that will join his organization's wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?
Supplicant
Cyn wants to send threat information via a standardized protocol specifically designed to exchange cyberthreat information. What should she choose?
TAXII
Cameron builds a malware signature using a hash of the binary that he found on an infected system. What problem is he likely to encounter with modern malware when he tries to match hashes with other infected systems?
The malware may be polymorphic
Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which port should definitely not be open on the jump box?
23
Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?
443
Megan has recently discovered that the Linux server she is responsible for maintaining is affected by a zero-day exploit for a vulnerability in the web application software that is needed by her organization. Which of the following compensating controls should she implement to best protect the server?
A WAF
Gabby wants to select a threat framework for her organization, and identifying threat actor tactics in a standardized way is an important part of her selection process. Which threat model would be her best choice?
ATT&CK
Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and targeting of the threat source?
Adversarial
Port security refers to what type of security control?
Allowing only specific MAC addresses to access a network port
Ric is reviewing his organization's network design and is concerned that a known flaw in the border router could let an attacker disable their Internet connectivity. Which of the following is an appropriate compensatory control?
An alternate Internet connectivity method using a different router type
Vincent is responding to a security incident that compromised one of his organization's web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization's website. What cybersecurity objective did this attack violate?
Availability
What type of assessment is particularly useful for identifying insider threats?
Behavioral
Which of the following controls is best suited to prevent vulnerabilities related to software updates?
Centralized patch management software
What term describes an analysis of threat information that might include details such as whether it is confirmed by multiple independent sources or has been directly confirmed?
Confidence level
Ben's organization uses data loss prevention software that relies on metadata tagging to ensure that sensitive files do not leave the organization. What compensating control is best suited to ensuring that data that does leave is not exposed?
Encryption of all files sent outside the organization
Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city's power grid might have on the organization. What type of threat is she considering?
Environmental
Angela needs to implement a control to ensure that she is notified of changes to important configuration files on her server. What type of tools should she use for this control?
File integrity checking
Which of the following layered security controls is commonly used at the WAN, LAN, and host layer in a security design?
Firewalls
Tom would like to deploy consistent security settings to all of his Windows settings simultaneously. What technology can he use to achieve this goal?
GPO (group policy object)
Ben sets up a system that acts like a vulnerable host in order to observe attacker behavior. What type of system has he set up?
Honeypot
What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?
ISACs
Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which one of the following steps would come first?
Identify threats
What phase of the Cyber Kill Chain includes creation of persistent backdoor access for attackers?
Installation
What common criticism is leveled at the Cyber Kill Chain?
It includes actions outside the defended network
Susan needs to explain what a jump box is to a member of her team. What should she tell them?
It is a system used to access and manage systems or devices in another security zone
OpenIOC uses a base set of indicators of compromise originally created and provided by which security company?
Mandiant
A member of Susan's team recently fell for a phishing scam and provided his password and personal information to a scammer. What layered security approach is not an appropriate layer for Susan to implement to protect her organization from future issues?
Multitiered firewalls
What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making protocol?
NGFW (next-gen firewall)
Advanced persistent threats are mostly commonly associated with which type of threat actor?
Nation-state actors
Which of the following threat actors typically has the greatest access to resources?
Nation-state actors
Robert's Organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?
Network access control (NAC)
Which one of the following objects is NOT one of the three main objectives that inform security professionals must achieve to protect their organizations against cybersecurity threats?
Nonrepudiation
Which of the following is not a common technique used to defend against command and control (C2) capabilities deployed by attackers?
Patching against zero-day attacks
Which one of the following is an example of an operational security control?
Penetration tests
During what phase of a penetration test should the testers obtain written authorization to conduct the test?
Planning
Barry is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. What team is he on?
Red team
Mike installs a firewall in front of a previously open network to prevent the systems behind the firewall from being targeted by external systems. What did Mike do?
Reduced the organization's attack surface
Chris is in charge of his organization's Windows security standard, including their Windows XP security standard, and has recently decommissioned the organization's last Windows XP system. What is the next step in his security standard's life cycle?
Retiring the Windows 7 standard
Susan wants to start performing intelligence gathering. Which of the following options is frequently conducted in the requirements-gathering stage?
Review of security breaches or compromises your organization has faced
Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?
Risk mitigation
STRIDE, PASTA, and LINDDUN are all examples of what?
Threat classification tools
What drove the creation of ISACs in the United States?
Threat information sharing for infrastructure owners
Which of the following activities follows threat data analysis in the threat intelligence cycle?
Threat intelligence dissemination
James is concerned that network traffic from his datacenter has increased and that it may be caused by a compromise that his security tools have not identified. What SIEM analysis capability could he use to look at the traffic over time sent by his datacenter systems?
Trend analysis
Tommy is assessing the security of several database servers in his datacenters and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?
Vulnerability
Kevin would like to implement a specialized firewall that can protect against SQL injection, cross-site scripting, and similar attacks. What technology should he choose?
WAF (web application firewall)
Fred wants to ensure that only software that has been preapproved runs on workstations he manages. What solution will best fit this need?
Whitelisting
What language is STIX based on?
XML