Cyberops Chapters 21-23
Which algorithm can ensure data confidentiality?
AES
A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)
AES 3DES
What are two symmetric encryption algorithms? (Choose two.)
AES,3DES
What is an example of a symmetric encryption algorithm?
Advanced Encryption Standard
Which of the following uses a learned baseline model?
Anomaly-based strategy
Which device management activity addresses the inventory and control of hardware and software configurations?
Configuration Management
Which algorithm provides asymmetric encryption?
Diffie-Hellman
What technology supports asymmetric key encryption used in IPsec VPNs?
IKE
During which stage would you develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities?
Identify
Which term is a list of TCP or UDP processes that are available to accept data?
Port used
What is a list of TCP or UDP processes that are available to accept data
Ports used
What is a difference between symmetric and asymmetric encryption algorithms?
Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.
Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A class 4 certificate is for online business transactions between companies. A class 0 certificate is for testing purposes.
Which statement describes the use of certificate classes in the PKI?
A class 5 certificate is more trustworthy than a class 4 certificate.
True or False? In asymmetric encryption, encryption and decryption use the same key.
False
Which type of endpoint protection includes iptables and TCP Wrapper?
Host-based firewall
Which statement describes the threat-vulnerability (T-V) pairing?
It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities
Which statement describes the term attack surface?
It is the total sum of vulnerabilites in a system that is accessible to an attacker
Which HIDS is an open-source based product?
OSSEC
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
PKI Certificates
Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?
Threat intelligence
Which CVSS metric expresses whether human action is required for the exploit to succeed?
User interaction
Which device management activity is designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization?
Vulnerability Management
In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?
Vulnerability assessment
Which of the following uses a profile-based approach to configuring firewall functionality?
Windows firewall
Which protocol is an IETF standard that defines the PKI digital certificate format?
X.509
In Windows Firewall, when is the Domain profile applied?
when the host is connected to a trusted network such as an internal business network
What is the difference between an HIDS and a firewall?
An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.
Which statement describes agentless antivirus protection?
Antivirus scans are performed on hosts from a centralized system
Which device management activity involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise?
Asset Management
Which security management function is concerned with the implementation of systems that track the location and configuration of networked devices and software across an enterprise?
Asset management
Which CVSS metric expresses the number of components, software, hardware, or networks, that are beyond the attacker's control and that must be present for a vulnerability to be successfully exploited?
Attack Complexity
Which CVSS metric reflects the proximity of the threat actor to the vulnerable component?
Attack vector
Which term is the logical location of essential systems or data?
Critical asset address space
During which stage would you develop and implement the appropriate activities to identify the occurrence of a cybersecurity event?
Detect
What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?
Digital signature
What are the steps in the vulnerability management life cycle?
Discover Prioritize assets Assess Report Remediate Verify
Which management activity is the most effective way to mitigate software vulnerabilities and is required by some security compliance regulations?
Enterprise patch management
Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?
Exploitability
Which two classes of metrics are included in the CVSS Base Metric Group?
Exploitability, Impact metrics
On a Windows host, which tool can be used to create and maintain blacklists and whitelists?
Group Policy Editor
What is a feature of HMAC?
HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?
HTTPS traffic enables end-to-end encryption
As described by the SANS Institute, which attack surface includes the use of social engineering?
Human attack surface
What are the core functions of the NIST Cybersecurity Framework?
Identify Protect Detect Respond recover
Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability?
Impact
What is the purpose of a digital certificate?
It authenticates a website and establishes a secure connection to exchange confidential data.
What is a host-based intrusion detection system (HIDS)?
It combines the functionalities of antimalware applications with firewall protection.
Which statement describes the policy-based intrusion detection approach?
It compares the operations of a host against well-defined security rules.
What does the telemetry function provide in host-based security software?
It enables host-based security programs to have comprehensive logging functions.
Which statement describes the Cisco Threat Grid Glovebox?
It is a sandbox product for analyzing malware behaviors.
Which type of attack does the use of HMACs protect against?
Man-in-the-middle
Which device management activity has measures that can disable a lost device, encrypt the data on the device, and enhance device access with more robust authentication measures?
Mobile device management
Which CVSS metric captures the level of access that is required for a successful exploit of the vulnerability?
Privileges required
During which stage would you develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services?
Protect
During which stage would you develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event?
Recover
During which stage would you develop and implement the appropriate activities to take action regarding a detected cybersecurity event?
Respond
Which risk response involves stopping performing the risky activities?
Risk Avoidance
Which risk response accepts the risk and its consequences?
Risk Retention
Which risk response outsources some of the risk to other parties, such as Security as a Service?
Risk Sharing
Which risk response takes measures to reduce vulnerability?
Risk reduction
Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?
SEAL is a stream cipher
Which has function is the most secure?
SHA-3
Which technique could be used by security personnel to analyze a suspicious file in a safe environment?
Sandboxing
Which CVSS metric expresses whether multiple authorities must be involved in an exploit?
Scope
When establishing a server profile for an organization, which element describes the type of service that an application is allowed to run on the server?
Service account
What is the term for the time between the establishment of a data flow and its termination?
Session duration
When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
Session duration
What role does an RA play in PKI?
Subordinate CA
Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks?
Switch
Which of the following is a rule-based control and logging system for Linux?
TCP Wrappers
In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location?
Telementry
What is a feature of distributed firewalls?
They combine the feature of host-based firewalls with centralized management.
What refers to the amount of data passing from a given source to a given destination in a given period of time?
Total throughput
True or False? Endpoints are hosts on the network that can access or be accessed by other hosts on the network.
True
Which security endpoint setting would be used by a security analyst to determine if a computer has been configured to prevent a particular application from running?
blacklisting
Which technology might increase the security challenge to the implementation of IoT in an enterprise environment?
cloud computing
Which security management function is concerned with the inventory and control of hardware and software configurations of systems?
configuration management
The ip addresses or the logical location of essential systems or data
critical asset address space
develop and implement the appropriate activities to identify the occurrence of a cybersecurity event
detect
What is an action that should be taken in the discovery step of the vulnerability management life cycle?
developing a network line baseline
Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
discover
What are the three outcomes of the NIST Cybersecurity Framework identify core function?
governance, asset management, risk assessment
develop an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities
identify
Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
integrity
What is the purpose of code signing?
integrity of source .EXE files
What allows Linux system administrators to configure network access rules that are part of the Linux kernel Netfilter modules?
iptables
When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server?
listening ports
Which type of endpoint protection permits only authorized and compliant devices to connect to the network?
network admission control
As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices?
network attack surface
develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
protect
In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?
risk reduction
In profiling a server, what defines what an application is allowed to do or run on a server?
service accounts
the time between the establishment of a data flow and its termination
session duration
Which antimalware software approach can recognize various characteristics of known malware files to detect a threat?
signature-based
Which type of antimalware software recognizes various characteristics of known malware files?
signature-based
What is the purpose of the DH algorithm?
to generate a shared secret between two hosts that have not communicated before
the amount of data from given source to a given destination in a given period of time
total throughput
A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur?
user interaction
What provides filtering of websites and blacklisting to prevent endpoints from accessing malicious web pages?
web security appliance