ITSS 4360 - EXAM 1 (UTD) Study Sheet
15. Which group is responsible for the Cloud Controls Matrix?
CSA (The Cloud Security Alliance)
2. Which of the following is NOT a characteristic of malware?
Diffusion
15. What type of analysis is heuristic monitoring based on?
Dynamic analysis
17. Which of the following attacks targets the external software component that is a repository of both code and data?
Dynamic-link library (DLL) injection attack
20. Which of the following is not something that a SIEM can perform?
Incident response
10. When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
3. Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red Team
9. Which of the following is not an improvement of UEFI over BIOS?
Support of USB 3.0
16. What is the term used to describe the connectivity between an organization and a third party?
System integration
5. Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS?
TAXII (Trusted Automated Exchange of Intelligence Information)
7. Which of the following is NOT a limitation of a threat map?
They can be difficult to visualize.
4. Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
They would have to stay overnight to perform the test.
18. Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network.
16. What race condition can result in a NULL pointer/object dereference?
Time of check/time of use race condition
14. Which of the following is NOT an advantage to an automated patch update service?
Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
12. Which of the following attacks is based on a website accepting user input without sanitizing it?
XSS (cross-site scripting)
9. What is another name for footprinting?
Active reconnaissance
8. Which of the following is NOT a means by which a bot communicates with a C&C device?
1. What word is used today to refer to network-connected hardware devices?
Endpoint
7. Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose?
Fame
9. Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this?
PUP (potentially unwanted programs)
18. Which of the following is not an issue with patching?
Patches address zero-day vulnerabilities
18. What term refers to changing the design of existing code?
Refactoring
14. Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
Regulations
8. Which is the final rule of engagement that would be conducted in a pen test?
Reporting
11. What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
17. What is an objective of state-sponsored attackers?
To spy on citizens
9. Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hackers
10. Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.
through products, people, and procedures on the devices that store, manipulate, and transmit the information
10. What is the difference between a Trojan and a RAT?
A RAT gives the attacker unauthorized remote access to the victim's computer.
19. Which of the following is technology that imitates human abilities?
AI (Artificial intelligence)
6. What are the two limitations of private information sharing centers?
Access to data and participation
15. Which tool is most commonly associated with state actors?
Advanced Persistent Threat (APT)
2. Which of the following is NOT a characteristic of a penetration test?
Automated
4. Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend?
Automated Indicator Sharing (AIS)
5. What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black box
3. Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
Blocking ransomware
20. What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
Brokers
15. Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
13. Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
CSRF (cross-site request forgery)
8. Which of the following ensures that only authorized parties can view protected information?
Confidentiality
5. Which type of malware relies on LOLBins?
Fileless virus
18. Which of the following tries to detect and stop an attack?
HIPS (host intrusion prevention system)
17. Which ISO contains controls for managing and controlling risk?
ISO 31000
4. Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it?
Integrity
20. Which of the following is FALSE about a quarantine process?
It holds a suspicious application until the user gives approval.
17. What is the advantage of a secure cookie?
It is sent to the server over HTTPS.
1. An IOC occurs when what metric exceeds its normal bounds?
KRI - a metric of the upper and lower bounds of specific indicators of normal network activity
7. Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet?
LOLBins
6. Which of the following is NOT an advantage of crowdsourced penetration testing?
Less expensive
19. What does Windows 10 Tamper Protection do?
Limits access to the registry
5. Which of the following is not used to describe those who attack computer systems?
Malicious agent
10. Which boot security mode sends information on the boot process to a remote server?
Measured Boot
13. Which of the following is not a reason why a legacy platform has not been updated?
No compelling reason for any updates
19. Which of the following is not a recognized attack vector?
On-prem
13. Which of the following is a standard for the handling of customer card information?
PCI DSS (Payment Card Industry Data Security Standard)
1. Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
2. What are the two concerns about using public information sharing centers?
Privacy and speed
2. Which of the following is false about the CompTIA Security+ certification?
Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
11. Which of the following is NOT an important OS security configuration?
Restricting patch management
19. Which of the following can automate an incident response?
SOAR
16. Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II
14. Which of the following manipulates the trusting relationship between web servers?
SSRF (server-side request forgery)
7. Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
11. Which of the following groups have the lowest level of technical knowledge?
Script kiddies
SECTION 1
Section 1
SECTION 2
Section 2
SECTION 3
Section 3
SECTION 4
Section 4
3. Which of the following is true regarding the relationship between security and convenience?
Security and convenience are inversely proportional.
6. Which of the following is not true regarding security?
Security is a war that must be won at all costs.
1. After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?
Security manager
11. Which of these would NOT be considered the result of a logic bomb?
Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
20. Which statement regarding a keylogger is NOT true?
Software keyloggers are generally easy to detect.
12. Which stage conducts a test that will verify the code functions as intended?
Staging stage
12. Which of the following groups use Advanced Persistent Threats?
State actors
14. How do vendors decide which should be the default settings on a system?
Those settings that provide the means by which the user can immediately begin to use the product.
16. Which of these is a list of preapproved applications?
Whitelist
6. Which of the following is known as a network virus?
Worm
4. Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation?
Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
8. Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web. Which of the following is not different about looking for information on the dark web?
Dark web search engines are identical to regular search engines.
3. Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information?
TLP - uses four colors (red, amber, green, and white) to indicate the expected sharing limitations that applied by the recipients.
12. Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
13. Which model uses a sequential design process?
Waterfall model
