Cybersecurity
What tier in a SOC involves further investigating security incidents?
2
What algorithm use different keys to encrypt and decrypt data?
asymmetric encryption
What algorithim is used when network admins connect to Cisco routers with SSH?
asymmetric key
Because of implemented security controls, a user can only acvess a server with FTP, which relates to what component of AAA?
authorisation
What access attack write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code?
buffer overflow
What technology might increase the security challenge to the implementation of IOT in an enterprise environment?
cloud computing
What database ensures that data is in a format that allows for manipulation and that the data is open and free to the public?
community veris
What NIST incident response life cycle phase does preparation?
conduct csirt
What is the IP addresses or the logical location of essential systems or data called?
critical asset address space
What model is action on objectives a phase of?
cyber kill chain
What can be achieved by disabling the root account over SSH?
device hardening
What algorithm is not used for encrypting data due to the large numbers used that slow down bulk transfers?
diffie hellman
What provides assurance that code downloaded from the internet is authentic, actually sourced by the publisher and has not been modified?
digital signing
When handling a security incident, HR is responsible for applying what measures if the incident is caused by an employee?
disciplinary
What can threat actors use to collect personal information and encode the data in outgoing dns queries?
dns
What is used by attackers to exfiltrate data in traffic disguised as normal client queries?
dns
What translates a website name into a network address?
dns
What NIST incident response life cycle phase does post-incident activities?
document incident handling
What is necessary to ensure a private transfer of dats using a VPN?
encryption
What type of algorithms are AES and 3DES?
encryption
Malicious traffic not identified as a threat will give what security alert?
false negative
Normal traffic incorrectly identified as a threat will give what security alert?
false positive
What commonly motivates cybercriminals to attack networks?
financial gain
What technology in a layered defense-in-depth approach denies connections initiated from untrusted networks to internal networks, but allows internal users within an organisation to connect to untrusted networks?
firewall
Why might pings between computers in the same room fail?
firewall
Using security devices that include what results in the devices introducing processing delays and privacy issues?
https decryption and inspection
According to the SANS Institute, what attack surface indicates the use of social engineering?
human
What is used by attackers to identify hosts on a network and the structure of the network?
icmp
What NIST incident response life cycle phase does detection and analysis?
identify analyse and validate an incident
What metric class in the CVSS Basic Metric Group identifies the impacts on CIA?
impact
What NIST incident response life cycle phase does containment, eradication and recovery?
implement procedures
What OS should network admins choose if they don't want to pay?
linux
What do cybercriminals use to allow the browser to load a webpage from another source?
malicious iframe
What is an example of volatile data?
memory register
What tool provides usage-based network billing and network monitoring?
netflow
What are net use and net share associated with?
network resource sharing
What is a passive device that forwards all traffic and physical layer errors to an analysis device?
network tap
What provides more security features than FAT32 and supports larger partitions?
ntfs
What protocol uses a hierarchy of authoritative time sources to send time information between devices on the network?
ntp
What access attack can be implemented by the use of brute force attack methods, trojan horses or packet sniffers?
password attack
What are two evasion techniques are used by hackers?
pivot and rootkit
What intrusion detection approach compares the operations of a host against well-defined security rules?
policy based
What is the list of TCP or UDP processes that are available to accept data called?
ports used
If a network admin issues the tcpdump command, what would the number 6337 indicate?
process id
What Linux command can be used to find the process ID for a specific process before using the kill command?
ps
According to NIST, what step in the digital forensics process involves preparing and presenting information that resulted from scrutinising data?
reporting
What technology should be included in a security information and event management system in a SOC? (2)
security monitoring
What is the time between the establishment of a data flow and its termination called?
session duration
What provides a message format for communication between network device managers and agents?
snmp
Technologies, people and processes are major categories of elements in what?
soc
In a standard ACL, what criterion is used to filter traffic?
source ip address
What algorithms use pre-shared keys?
symmetric encryption
What uses UDP port 514 for logging event messages from network devices and endpoints?
syslog
What logs in Windows Event Viewer includes events regarding the operation of drivers, processes and hardware?
system
Compared to RADIUS, what allows for separation of authentication from authorisation?
tacacs
What technology should be included in a security information and event management system in a SOC? (1)
threat intelligence
What does the following describe? The amount of data passing from a given source to a given destination in a given period of time.
total throughput
What layer identifies the applications and services on the client and server that should handle transmitted data?
transport
What layer meets the reliability requirements of applications?
transport
What layer multiplexes multiple communication streams from many users or applications on the same network?
transport
If host A sends an IP packet to host B, the destination address in the frame when it leaves host A will be BB:BB:BB:BB:BB:BB. True or false?
true
Normal traffic not identified as a threat will give what security alert?
true negative
What security alert indicates that normal traffic is correctly ignored and erroneous alerts are not being issued?
true negative
Malicious traffic correctly identified as a threat will give what security alert?
true positive
In terms of NetFlow collector output, the output of the traffic flow is what kind of response to a client machine?
udp dns
What typically requires end-user activation and can be dormant and then activate at a specific time?
virus
What technology should be included in a security information and event management system in a SOC? (3)
vulnerability
In a home or small business, what acts as an ethernet switch and an access point?
wireless router
What travels to new computers without any intervention and is self-replicating?
worm
A cybersecurity analyst is viewing captured packets forwarded on switch S1. Does PC-A have the MAC address d8:cb:8a:5c:d5:8a?
yes
What attack do threat actors prefer in the Cyber Kill Chain weaponisation phase to avoid detection by the target?
zero day
