Quiz 2
Which is the correct order of the five steps involved in Behavioral Analysis?
1) Extract behavioral patterns, 2) Compare behaviors across multiple users, 3) Generate clusters based on behavioral similarity , 4) Build profiles of each group, and 5) Discover outliers in each group
Incident handlers can use tools such as Wireshark to analyze and detect suspicious activities across the organizational network. This is an example of what type of network analysis?
Detecting Malicious Telnet Connections
Which of the following guidelines should be followed to reduce the likelihood of spammers obtaining an email address (email ID) from a website?
Avoid giving email ID's to unnecessary or unsecured websites such as discussion forums or newsgroups.
The following are recommended items for a/an ___________________: (a) Provide recovery email address for mail recovery, (b) Check the last account activity, and (c) Disable keep me signed in/stay signed in
Email security checklist
Which of the following is mostly likely to lead to an email security incident?
Clicking on a link in an email from an external source.
The head of Sifers-Grayson's accounting department received an email asking him to update his network password by clicking on a link in the email. He remembered this was not the appropriate way to update network passwords, so he contacted the IT support team. The IT team identified this as a phishing incident. What is the first step the IH&R team should complete to respond to this email attack?
Collect details of an email security incident, such as URL, hostname, subject link, sender, and IP address, from email header analysis and block them across servers, security tools, and network devices.
Outsiders compromise insiders having access to critical assets or computing devices of an organization are examples of what type of insider?
Compromised Insider
Identity theft and Cyberstalking are examples of what?
Crimes Supported by Emails
Sifers-Grayson employees with unlimited permissions to the systems, such as user end points, organization data, cloud services, customer data can change the configuration settings, grant access to other employees, as well as read and modify sensitive data. These users can misuse their rights unintentionally or maliciously or attackers can trick them to perform malicious activities. To eradicate these malicious users, the IT team disables the default administrative accounts to provide accountability. This is an example of which type of eradication method for insider threats?
Eradicating Insider Threats: Privileged Users
Which of the following is a valid way to trace email back to the originating server and, ultimately, to the email account used to send
Examine the message header to obtain the IP address for the originating server.
Privileged Users, Disgruntled Employees, and Terminated Employees are examples of what?
Examples of Insider Threats
Which of the following email security tools enables users to securely transport (transmit) emails and files with the help of encryption and digital signatures?
Gpg4win
Which of the following is a mechinism in which the employees attack the organization to make political statements or embarrass a company by publicizing sensitive information describes which driving force behind an insider attack?
Hacktivism
A system showing signs of malware attack after opening a link or attachment from an email is an indication of what?
Indication of Email Attack
Charges for medical treatment or services which you never received are an indicator of which type of attack?
Indications of Identity Theft
Disgruntled or terminated employees who steal data or destroy the company's networks intentionally by injecting malware into corporate network are examples of what type of insider?
Malicious Insider
Insiders who are uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency are what category of insider threat?
Negligent Insider
Using footage form surveillance cameras installed across the organization, especially at entry points of crucial areas to synchronize the footage with the time of attack is an example of what form of detecting and analyzing insider threats?
Physical Security Analysis
Which of the following best describes what type of insider attack: A technique used to record or monitor the keystroke of a specific computer user?
Planting Keyloggers/Backdoors/Malware
Changing passwords for email accounts and restoring compromised email systems from backups are examples of what?
Recovery Steps to Follow after Email Incident
A competitor may inflict damage to the target organization, steal critical information, or put them out of business, by just finding a job opening, preparing someone to get through the interview, and having that person hired by the target organization describes which driving force behind an insider attack?
Steal Confidential Data
This statement describes what type of insider attack? "Insiders gain access to confidential and restricted areas of the organization by resorting to tailgating. They might pretend to have forgotten their ID cards or enter after the authorized personnel without their notice. This poses a threat to sensitive zones of organization such as data centers, meeting rooms, printer and fax zones, and admin areas."
Tailgating
Recovery of deleted email messages depends upon _________________ used in the process of sending the mail
the email client
Sifers-Grayson employees have been sent a spam email which contained a malware payload. Some employees opened the email while others just deleted it. The Incident Handling & Response team eradicated the spam emails from the server and from all company inboxes. The team has also updated the spam filter on the email system. What is the next step the Incident Handling & Response team should take to ensure that the attack is contained?
Use an anti-malware tool to scan all workstations and servers which could have been affected by the malware payload.
Microsoft Outlook stores emails, contacts, calendar entries, and so on in the form of Personal Storage Table (PST). In MS Outlook, data deletion occurs in two categories. Which of the following defines hard deletion?
When a user deletes emails using Shift+Delete, Outlook deletes those permanently from the mailbox.
A Sifers-Grayson employee reported a suspicious email to the help desk. During the process of detecting and containing malicious emails, the incident handler initiates SMTP sessions to check address acceptance, but it never actually sends email. What activity did the incident handler perform?
Checking the Email Validity
The COO of Sifers-Grayson received an email from an unknown source, revealing certain sensitive information about an upcoming drone test. The incident response team started analyzing the email fields such as sender's email address, body of email, and email headers to obtain sender's details. They found that the attacker used an internal system to download the data. Based on the correlation of time of download, they confirmed that the attacker downloaded the data directly to USB to avoid detection. What additional step can the incident response team take to find the insider?
Check the security cameras to detect the person using the system during the time of data download
