Palo Alto all module
Some important characteristics and capabilities of advanced malware include.
-Multi-functionality. -Distributed, fault-tolerant architecture. -Hiding techniques, such as obfuscation. -Hiding techniques such as polymorphism and metamorphism.
Which of the following are examples of an endpoint?
-Point of Sale (POS) Terminal -Desktop -Smartphone
Which of the following values is the true % increase for the number of Coin Miner threats from Q4 2017 to Q1 2018?
1,189%
What is not a Zero Trust design principle?
Allow internal users to access network services through remote access
Platform as a Service - PaaS - is best described as
An online space where customers can develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.
Match the following security concepts: Anti-malware, Reconnaissance, IPSec, Proxy
Anti-malware → Heuristics / Signatures, Reconnaissance → Vulnerability Detection, IPSec → L2TP VPN, Proxy → Firewall
What type of malware allows an attacker to bypass authentication to gain access to a compromised system?
Backdoor
What is an easy way to make your WiFi security stronger and make it more difficult for hackers to discover your wireless network?
Change the Service Set Identifier (SSID).
What is the primary function of coin miner malware?
Coin miner malware hijacks systems to create or mine cybercurrency without victims consent or awareness.
Which kind of server is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands?
Command and control
The first phase of implementing security in virtualized data centers consists of:
Consolidating servers within trust levels
Which of the following are examples of an 'endpoint'? a. Website b. Desktop c. Point of Sale (Terminal) d. Chat Application e. Mainframe Server f. Mobile Phone
Desktop , Point of Sale (Terminal), Mobile Phone
What type of attack is intended to rapidly cause damage to the victim's network and system infrastructure, as well as their business and reputation?
Distributed Denial of Service (DDoS)
Intra-VM traffic is also known as:
East-West
A 'rootkit' is usually associated with which of the following:
Escalation of Privilege
T/F: An attacker only needs to successfully execute one step of the Cyber Kill Chain® to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack.
False
T/F: Attacks that result in a Data Breach are most likely performed by internal threat actors (employees).
False
True or False. An effective security strategy is to deploy Perimeter-Based Network defenses, where countermeasures are defined at a handful of well-defined ingress/egress points to the network. You can then assume that everything on the internal network can be trusted.
False
True or False. Most cyberattacks today are perpetrated by internal threat actors, such as malicious employees engaging in corporate espionage.
False
True or False. A decline in the number of Faceliker malware instances was the primary reason why the number of ransomware attacks declined by 81% from Q4 2017 to Q1 2018.
False.
True or False. An attack only needs to successfully execute one step of the Cyber Kill Chain to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack.
False.
True or False. Someone with limited hacking and/or programming skills that uses malicious programs (malware) written by others to attack a computer or network is known as a newbie.
False.
True or False. Wired Equivalent Privacy (WEP) is the most effective protocol for securing wireless networks.
False.
True or False. A vulnerability is a small piece of software code, part of a malformed data file, or a sequence (string) of commands created by an attacker to cause unintended or unanticipated behavior in a system or software.
False. A vulnerability is a bug or flaw that exists in a system or software, and creates a security risk.
True or False. The Lockheed Martin Cyber Kill Chain framework is a five-step process that an attacker goes through in order to attack a network.
False. There are 7 steps. Recon, Weaponize, Delivery, Exploit, Installation, Command and Control, Action
The ability to withstand a catastrophic series of events is commonly known as:
Fault Tolerance
What would be the best description of 'polymorphism and metamorphism' ?
Hiding techniques
Which of the following is not a phase of implementing security in virtualized data centers:
Implementing a static and flat computing fabric
The terms 'ingress/egress' best match the following descriptions:
Incoming/outgoing
What is the name of the international cybercrime group that delivered the 2014 Sony hack and the 2017 HaoBao campaign?
Lazarus
Match the following security concepts: Least Privilege, Authentication, WEP, Cloud
Least Privilege → Zero Trust, Authentication → Biometrics, WEP → Weak IV, Cloud → Virtual Environment
A Zero Trust network security model is based on which of the following security principles?
Least privilege
What type of malware is triggered by a specific condition, such as a specific date or a particular user account being disabled?
Logic Bomb
Malicious software or code that typically damages, takes control of, or collects information from an infected endpoint is known as:
Malware
Data that moves in and out of the virtualized environment from the host network or a corresponding traditional data center is also known as:
North-South
PCI DSS is mandated and administered by the:
PCI Security Standards Council (SSC)
Match the following security concepts: Phishing, Monitoring, Trojan, Confidentiality
Phishing → Social Engineering, Monitoring → Intrusion Detection System, Trojan → Masquerade, Confidentiality → Advanced Encryption Standard (AES)
Which of the following techniques and tools are used by an attacker to hide attack communications traffic?
Secure Socket Layer (SSL) Encryption, Process and Remote Access Tools (RATs), Port Hopping and Dynamic DNS
The cloud computing service model in which a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure is known as:
Software as a Service (SAAS). The provider is delivering and supporting the application, or software, for the consumer.
Mobile devices are easy targets for attacks for which 2 reasons?
They stay in an always-on, always-present state, they roam in unsecured areas
Which path or tool is used by attackers?
Threat vectors
T/F: An organization can be fully compliant with the various cybersecurity laws and regulation that are applicable for that organization, yet still not be secure.
True
T/F: Botnets are commonly designed to be managed by a CnC - Command and Control - server.
True
True or False. Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks including data mining, event processing, and predictive analytics.
True
True or False. It is possible for an organization to be compliant with all applicable security and privacy regulations for its industry, yet still not be secure.
True
True or False. The benefit of moving toward a cloud computing model is that it improves operational efficiencies and lowers capital expenditures.
True
True or False. The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use, than enterprise IT solutions is known as consumerization.
True
True or False. Most Botnets are designed to withstand the loss of a Command and Control server, meaning that the entire Botnet infrastructure must be disabled almost simultaneously.
True.
Which of the following techniques is NOT use to break the command and control (CnC) phase of the Cyber Kill Chain?
Vulnerability and Patch Management.
Which of the following WLAN standards is the LEAST secure? Pick two. a. Wireless Protected Access (WPA) b. Wired Equivalent Privacy (WEP) c. Wireless Protected Access 2 (WPA2) d. WiFi Protected Setup ( WPS)
WEP, WPS
What type of malware typically targets a computer network by replicating itself in order to spread rapidly?
Worm
Which three options describe the relationship and interaction between a customer and a SaaS? a. complex deployment b. convenient and economical c. subscription service d. internet or application-based e. extensive manpower required
convenient and economical, subscription service, internet or application-based
