Cyberops Chapters 21-23

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which algorithm can ensure data confidentiality?

AES

A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)

AES 3DES

What are two symmetric encryption algorithms? (Choose two.)

AES,3DES

What is an example of a symmetric encryption algorithm?

Advanced Encryption Standard

Which of the following uses a learned baseline model?

Anomaly-based strategy

Which device management activity addresses the inventory and control of hardware and software configurations?

Configuration Management

Which algorithm provides asymmetric encryption?

Diffie-Hellman

What technology supports asymmetric key encryption used in IPsec VPNs?

IKE

During which stage would you develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities?

Identify

Which term is a list of TCP or UDP processes that are available to accept data?

Port used

What is a list of TCP or UDP processes that are available to accept data

Ports used

What is a difference between symmetric and asymmetric encryption algorithms?

Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.

Which two statements correctly describe certificate classes used in the PKI? (Choose two.)

A class 4 certificate is for online business transactions between companies. A class 0 certificate is for testing purposes.

Which statement describes the use of certificate classes in the PKI?

A class 5 certificate is more trustworthy than a class 4 certificate.

True or False? In asymmetric encryption, encryption and decryption use the same key.

False

Which type of endpoint protection includes iptables and TCP Wrapper?

Host-based firewall

Which statement describes the threat-vulnerability (T-V) pairing?

It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities

Which statement describes the term attack surface?

It is the total sum of vulnerabilites in a system that is accessible to an attacker

Which HIDS is an open-source based product?

OSSEC

What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?

PKI Certificates

Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?

Threat intelligence

Which CVSS metric expresses whether human action is required for the exploit to succeed?

User interaction

Which device management activity is designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization?

Vulnerability Management

In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?

Vulnerability assessment

Which of the following uses a profile-based approach to configuring firewall functionality?

Windows firewall

Which protocol is an IETF standard that defines the PKI digital certificate format?

X.509

In Windows Firewall, when is the Domain profile applied?

when the host is connected to a trusted network such as an internal business network

What is the difference between an HIDS and a firewall?

An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.

Which statement describes agentless antivirus protection?

Antivirus scans are performed on hosts from a centralized system

Which device management activity involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise?

Asset Management

Which security management function is concerned with the implementation of systems that track the location and configuration of networked devices and software across an enterprise?

Asset management

Which CVSS metric expresses the number of components, software, hardware, or networks, that are beyond the attacker's control and that must be present for a vulnerability to be successfully exploited?

Attack Complexity

Which CVSS metric reflects the proximity of the threat actor to the vulnerable component?

Attack vector

Which term is the logical location of essential systems or data?

Critical asset address space

During which stage would you develop and implement the appropriate activities to identify the occurrence of a cybersecurity event?

Detect

What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?

Digital signature

What are the steps in the vulnerability management life cycle?

Discover Prioritize assets Assess Report Remediate Verify

Which management activity is the most effective way to mitigate software vulnerabilities and is required by some security compliance regulations?

Enterprise patch management

Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?

Exploitability

Which two classes of metrics are included in the CVSS Base Metric Group?

Exploitability, Impact metrics

On a Windows host, which tool can be used to create and maintain blacklists and whitelists?

Group Policy Editor

What is a feature of HMAC?

HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.

In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

HTTPS traffic enables end-to-end encryption

As described by the SANS Institute, which attack surface includes the use of social engineering?

Human attack surface

What are the core functions of the NIST Cybersecurity Framework?

Identify Protect Detect Respond recover

Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability?

Impact

What is the purpose of a digital certificate?

It authenticates a website and establishes a secure connection to exchange confidential data.

What is a host-based intrusion detection system (HIDS)?

It combines the functionalities of antimalware applications with firewall protection.

Which statement describes the policy-based intrusion detection approach?

It compares the operations of a host against well-defined security rules.

What does the telemetry function provide in host-based security software?

It enables host-based security programs to have comprehensive logging functions.

Which statement describes the Cisco Threat Grid Glovebox?

It is a sandbox product for analyzing malware behaviors.

Which type of attack does the use of HMACs protect against?

Man-in-the-middle

Which device management activity has measures that can disable a lost device, encrypt the data on the device, and enhance device access with more robust authentication measures?

Mobile device management

Which CVSS metric captures the level of access that is required for a successful exploit of the vulnerability?

Privileges required

During which stage would you develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services?

Protect

During which stage would you develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event?

Recover

During which stage would you develop and implement the appropriate activities to take action regarding a detected cybersecurity event?

Respond

Which risk response involves stopping performing the risky activities?

Risk Avoidance

Which risk response accepts the risk and its consequences?

Risk Retention

Which risk response outsources some of the risk to other parties, such as Security as a Service?

Risk Sharing

Which risk response takes measures to reduce vulnerability?

Risk reduction

Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?

SEAL is a stream cipher

Which has function is the most secure?

SHA-3

Which technique could be used by security personnel to analyze a suspicious file in a safe environment?

Sandboxing

Which CVSS metric expresses whether multiple authorities must be involved in an exploit?

Scope

When establishing a server profile for an organization, which element describes the type of service that an application is allowed to run on the server?

Service account

What is the term for the time between the establishment of a data flow and its termination?

Session duration

When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?

Session duration

What role does an RA play in PKI?

Subordinate CA

Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks?

Switch

Which of the following is a rule-based control and logging system for Linux?

TCP Wrappers

In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location?

Telementry

What is a feature of distributed firewalls?

They combine the feature of host-based firewalls with centralized management.

What refers to the amount of data passing from a given source to a given destination in a given period of time?

Total throughput

True or False? Endpoints are hosts on the network that can access or be accessed by other hosts on the network.

True

Which security endpoint setting would be used by a security analyst to determine if a computer has been configured to prevent a particular application from running?

blacklisting

Which technology might increase the security challenge to the implementation of IoT in an enterprise environment?

cloud computing

Which security management function is concerned with the inventory and control of hardware and software configurations of systems?

configuration management

The ip addresses or the logical location of essential systems or data

critical asset address space

develop and implement the appropriate activities to identify the occurrence of a cybersecurity event

detect

What is an action that should be taken in the discovery step of the vulnerability management life cycle?

developing a network line baseline

Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?

discover

What are the three outcomes of the NIST Cybersecurity Framework identify core function?

governance, asset management, risk assessment

develop an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities

identify

Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​

integrity

What is the purpose of code signing?

integrity of source .EXE files

What allows Linux system administrators to configure network access rules that are part of the Linux kernel Netfilter modules?

iptables

When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server?

listening ports

Which type of endpoint protection permits only authorized and compliant devices to connect to the network?

network admission control

As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices?

network attack surface

develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services

protect

In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?

risk reduction

In profiling a server, what defines what an application is allowed to do or run on a server?

service accounts

the time between the establishment of a data flow and its termination

session duration

Which antimalware software approach can recognize various characteristics of known malware files to detect a threat?

signature-based

Which type of antimalware software recognizes various characteristics of known malware files?

signature-based

What is the purpose of the DH algorithm?

to generate a shared secret between two hosts that have not communicated before

the amount of data from given source to a given destination in a given period of time

total throughput

A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur?

user interaction

What provides filtering of websites and blacklisting to prevent endpoints from accessing malicious web pages?

web security appliance


Kaugnay na mga set ng pag-aaral

Chapter 22: Pneumothorax, Hemothorax, and Flail Chest

View Set

Module 2: Connecting and Communicating Online

View Set

Pharmacology Chapter 57 Diabetes

View Set

TestOut Security Pro Section 8.1-8.14 Quiz Questions

View Set

US AP Government -- Chapter 4 to 6

View Set