Cybersecurity Midterm
What flag does nmap use to enable operating system identification?
-o
Which Cisco log level is the most critical?
0
Jason gathers threat intelligence that tells him that an adversary his organization considers a threat likes to use USB key drops to compromise their targets. What is this an example of?
A possible attack vector
Which type of organization is the most likely to face a regulatory requirement to conduct vulnerability scans?
Government Agency
Organizations like Anonymous, which target governments and businesses for political reasons, are examples of what type of threat actor?
Hacktivists
What type of analysis is best suited to identify a previously unknown malware package operating on a compromised system?
Heuristic Analysis
Forensic data is most often used for what type of threat assessment data?
IOCs
Advanced persistent threats are most commonly associated with which type of threat actor?
Nation-state actors
Which of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures?
Sandboxing
Which type of Windows log is most likely to contain information about a file being deleted?
Security Logs
Which one of the following is not an example of a vulnerability scanning tool?
Snort
During an information gathering exercise, Chris is asked to find out detailed personal information about his target's employees. What is frequently the best place to find this information?
Social Media
Which one of the following factors is least likely to impact vulnerability scanning schedules?
Staff Availability
Juan is configuring a new device that will join his organization's wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?
Supplicant
Barry placed all of his organization's credit card processing systems on an isolated network dedicated to card processing. He has implemented appropriate segmentation controls to limit the scope of PCI DSS to those systems through the use of VLANs and firewalls. When Barry goes to conduct vulnerability scans for PCI DSS compliance purposes, what systems must he scan?
Systems on the Isolated Network
Cyn wants to send threat information via a standardized protocol specifically designed to exchange cyberthreat information. What should she choose?
TAXII
Selah believes that an organization she is penetration testing may have exposed information about their systems on their website in the past. What site might help her find an older copy of their website?
The Internet Archive
Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which of the following ports should definitely not be open on the jump box?
23
Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?
443
Ben sets up a system that acts like a vulnerable host in order to observe attacker behavior. What type of system has he set up?
A honeypot
Gabby wants to select a threat framework for her organization, and identifying threat actor tactics in a standardized way is an important part of her selection process. Which threat model would be her best choice?
ATT&CK
During passive intelligence gathering, you are able to run netstat on a workstation located at your target's headquarters. What information would you not be able to find using netstat on a Windows system?
Active IPX Connections
Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and targeting of the threat source?
Adversarial
Sarah would like to run an external vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?
An Approved Scanning Vendor
Ric is reviewing his organization's network design and is concerned that a known flaw in the border router could let an attacker disable their Internet connectivity. Which of the following is an appropriate compensatory control?
An alternate Internet connectivity method using a different router type
Bill would like to run an internal vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?
Any Qualified Individual
What tool can administrators use to help identify the systems present on a network prior too conducting vulnerability scans?
Asset Inventory
Vincent is responding to a security incident that compromised one of his organization's web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization's website. What cybersecurity objective did this attack violate?
Availability
What type of assessment is particularly useful for identifying insider threats?
Behavior
Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?
CPE
Jessica is reading reports from vulnerability scans run by different parts of her organization using different products. She is responsible for assigning remediation resources and is having difficulty prioritizing issues from different sources. What SCAP component can help Jessica with this task?
CVSS
What term describes an analysis of threat information that might include details such as whether it is confirmed by multiple independent sources or has been directly confirmed?
Confidence Level
What approach to vulnerability scanning incorporates information from agents running on the target servers?
Continuous Monitoring
Which of the following measures is not commonly used to assess threat intelligence?
Detail
Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city's power grid might have on the organization. What type of threat is she considering?
Environmental
What type of data can frequently be gathered from images taken on smartphones?
Exif
What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies?
FISMA
Tom would like to deploy consistent security settings to all of his Windows systems simultaneously. What technology can he use to achieve this goal?
GPO
What step occurs first during the attack phase of the penetration test?
Gaining Access
What minimum level of impact must a system have under FISMA before the organization is required to determine what information about the system is discoverable by adversaries?
High
Gary is the system administrator for a federal agency and is responsible for a variety of information systems. Which systems must be covered by vulnerability scanning programs?
High-, Moderate-, or Low-Impact Systems
What organization manages the global IP address space?
IANA
What organization did the US government help create to help share knowledge between organizations in specific verticals?
ISACs
Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which of the following steps would come first?
Identity Threats
Bethany is the vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded their point-of-sale system, and Bethany is preparing to conduct new scans. When must she complete the new scan?
Immediately
What phase of the cyber kill chain includes creation of persistent backdoor access for attackers?
Installation
What common criticism is leveled at the cyber kill chain?
It includes actions outside the defended network
Susan needs to explain what a jump box is to a member of her team. What should she tell them?
It is a system used to access and manage systems or devices in another security zone.
OpenIOC uses a base set of indicators of compromise originally created and provided by which security company?
Mandiant
Before Ben send a Word document, he uses the built-in Document Inspector to verify that the file does not contain hidden content. What is this process called?
Metadata Scrubbing
Which of the following options is the most likely used for the host listed int he dhcpd.conf entry? host db1 {option host-name "sqldb1.example.com";hardware ethernet 8a:00:83:aa:21:9ffixed address 10.1.240.10
Microsoft SQL Server
Brian is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized?
Moderate Impact
A member of Susan's team recently fell for a phishing scam and provided his password and personal information to a scammer. What layered security approach is not an appropriate layer for Susan to implement to protect her organization from future issues?
Multitiered firewalls
What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?
NGFW
Which of the following threat actors typically has the greatest access to resources?
Nation-state actors
What tool would you use to capture IP traffic information to provide flow and volume information about a network?
Netflow
Robert's Organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?
Network Access Control
Which of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
Nonrepudiation
What process uses information such as the way that a system's TCP stack responds to queries, what TCP options it supports, and the initial window size it uses?
OS Detection
Which of the following is not a common technique used to defend against command and control (C2) capabilities deployed by attackers?
Patching against zero-day attacks
Which one of the following is an example of an operational security control?
Penetration Tests
During what phase of penetration test should the testers obtain written authorization to conduct the test?
Planning
Which of the following is not a reason that penetration testers often perform packet capture while conducting port and vulnerability scanning?
Plausible Deniability
Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?
Quarterly
When performing 802.1x authentication, what protocol does thee authenticator use to communicate with the authentication server?
RADIUS
Renee is configuring her vulnerabilty management solution to perform credentialed scans of her network. What type of account should she provide to the scanner?
Read-Only
Barry is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. What team is he on?
Red Team
Which of the following is not a common DNS anti-harvesting technique?
Registering Manually.
Which of the following activities is not part of the vulnerability management life cycle?
Reporting
Chris is in charge of his organization's Windows security standard, including their Windows 7 security standard, and has recently decommissioned the organization's last Windows 7 system. What is the next step in his security standard's life cycle?
Retiring the Windows 7 standard
Susan wants to start performing intelligence gathering. Which of the following options is frequently conducted in the requirements gathering stage?
Review of security breaches or compromises your organization has faced
What term describes an organization's willingness to tolerate risk in their comping environment?
Risk Appetite
Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?
Risk Mitigation
Ryan is planning to conduct a vulnerability scan of a business critical system using dangerous plug-ins. What would be the best approach for the initial scan?
Run the Scan in a Test Environment
Cameron builds a malware signature using a hash of the binary that he found on an infected system. What problem is he likely to encounter with modern malware when he tries to match hashes with other infected systems?
The malware may be polymorphic
STRIDE, PASTA, and LINDDUN are all examples of what?
Threat classification tools
What drove the creation of ISACs in the United States?
Threat information sharing for infrastructure owners
Which of the following activities follows threat data analysis in the threat intelligence cycle?
Threat intelligence dissemination
What command-line tool can be used to determine the path that traffic takes to a remote system?
Traceroute
Tommy is assessing the security of several database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?
Vulnerability
Kevin would like to implement a specialized firewall that can protect against SQL ijection, cross-site scripting, and similar attacks. What technology should he choose?
WAF
Fred wants to ensure that only software that has been preapproved runs on workstations he manages. What solution will best fit this need?
Whitelisting
Which lookup tool provides information about a domain's registrar and physical location?
Whois
What language is STIX based on?
XML
What method used to replicate DNS information between DNS servers can also be used to gather large amounts of information about an organization's systems?
Zone Transfer
What technique is being used in this command? dig axfr @dns-server example.com
Zone Transfer
What method is used to replicate DNS information for DNS servers but is also a tempting exploit target for attackers?
Zone Transfers