Chapter 4 Questions
What are the two limitations of private information sharing centers? 1. Access to data and participation 2. Government approval and cost 3. Timing of reports and remote access 4. Bandwidth and CPU
Answer: 1. Access to data and participation
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend? 1. Automated Indicator Sharing (AIS) 2. Bidirectional Security Protocol (BSP) 3. Linefeed Access 4. Lightwire JSON Control
Answer: 1. Automated Indicator Sharing (AIS)
What type of analysis is heuristic monitoring based on? 1. Dynamic analysis 2. Static analysis 3. Code analysis 4. Input analysis
Answer: 1. Dynamic analysis
What does Windows 10 Tamper Protection do? 1. Limits access to the registry 2. Prevents any updates to the registry until the user approves the update. 3. Compresses and locks the registry 4. Creates a secure backup copy of the registry
Answer: 1. Limits access to the registry
Which of the following is NOT an important OS security configuration? 1. Employing least functionality 2. Disabling default accounts 3. Disabling unnecessary services 4. Restricting patch management
Answer: 4. Restricting patch management
Which of the following is not an improvement of UEFI over BIOS? 1. Stronger boot security 2. Networking functionality in UEFI 3. Access larger hard drives 4. Support of USB 3.0
Answer: 4. Support of USB 3.0
Which model uses a sequential design process? 1. Secure model 2. Agile model 3. Rigid model 4. Waterfall model
Answer: 4. Waterfall model
Which of the following is FALSE about a quarantine process? 1. It holds a suspicious application until the user gives approval. 2. It can send a sanitized version of the attachment. 3. It can send a URL to the document that is on a restricted computer. 4. It is most often used with email attachments.
Answer: 1. It holds a suspicious application until the user gives approval.
Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web. Which of the following is not different about looking for information on the dark web? 1. It is necessary to use Tor or IP2. 2. Dark web search engines are identical to regular search engines. 3. Dark web merchants open and close their sites without warning. 4. The naming structure is different on the dark web.
Answer: 2. Dark web search engines are identical to regular search engines.
Which of the following tries to detect and stop an attack? 1. HIDS 2. HIPS 3. RDE 4. SOMA
Answer: 2. HIPS
Which boot security mode sends information on the boot process to a remote server? 1. UEFI Native Mode 2. Secure Boot 3. Trusted Boot 4. Measured Boot
Answer: 4. Measured Boot
Which of these is a list of preapproved applications? 1. Greenlist 2. Redlist 3. Blacklist 4. Whitelist
Answer: 4. Whitelist
What is the advantage of a secure cookie? 1. It cannot be stored on the local computer without the user's express permission. 2. It is sent to the server over HTTPS. 3. It is analyzed by AV before it is transmitted. 4. It only exists in RAM and is deleted once the web browser is closed.
Answer: 2. It is sent to the server over HTTPS.
What are the two concerns about using public information sharing centers? 1. Cost and availability 2. Privacy and speed 3. Security and privacy 4. Regulatory approval and sharing
Answer: 2. Privacy and speed
An IOC occurs when what metric exceeds its normal bounds? 1. IRR 2. LRG 3. EXR 4. KRI
Answer: 4. KRI
Which stage conducts a test that will verify the code functions as intended? 1. Production stage 2. Testing stage 3. Staging stage 4. Development stage
Answer: 3. Staging stage
Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS? 1. STIX 2. AIP-TAR 3. TAXII 4. TCP-Over-Secure (ToP)
Answer: 3. TAXII
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information? 1. CISA 2. FOIA 3. TLP 4. PCII
Answer: 3. TLP
Which of the following is NOT a limitation of a threat map? 1. Many maps claim that they show data in real time, but most are simply a playback of previous attacks. 2. Because threat maps show anonymized data it is impossible to know the identity of the attackers or the victims. 3. They can be difficult to visualize. 4. Threat actors usually mask their real locations so what is displayed on a threat map is incorrect.
Answer: 3. They can be difficult to visualize.
Which of the following is NOT an advantage to an automated patch update service? 1. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. 2. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available. 3. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. 4. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs.
Answer: 3. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
