Cybersecurity

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What tier in a SOC involves further investigating security incidents?

2

What algorithm use different keys to encrypt and decrypt data?

asymmetric encryption

What algorithim is used when network admins connect to Cisco routers with SSH?

asymmetric key

Because of implemented security controls, a user can only acvess a server with FTP, which relates to what component of AAA?

authorisation

What access attack write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code?

buffer overflow

What technology might increase the security challenge to the implementation of IOT in an enterprise environment?

cloud computing

What database ensures that data is in a format that allows for manipulation and that the data is open and free to the public?

community veris

What NIST incident response life cycle phase does preparation?

conduct csirt

What is the IP addresses or the logical location of essential systems or data called?

critical asset address space

What model is action on objectives a phase of?

cyber kill chain

What can be achieved by disabling the root account over SSH?

device hardening

What algorithm is not used for encrypting data due to the large numbers used that slow down bulk transfers?

diffie hellman

What provides assurance that code downloaded from the internet is authentic, actually sourced by the publisher and has not been modified?

digital signing

When handling a security incident, HR is responsible for applying what measures if the incident is caused by an employee?

disciplinary

What can threat actors use to collect personal information and encode the data in outgoing dns queries?

dns

What is used by attackers to exfiltrate data in traffic disguised as normal client queries?

dns

What translates a website name into a network address?

dns

What NIST incident response life cycle phase does post-incident activities?

document incident handling

What is necessary to ensure a private transfer of dats using a VPN?

encryption

What type of algorithms are AES and 3DES?

encryption

Malicious traffic not identified as a threat will give what security alert?

false negative

Normal traffic incorrectly identified as a threat will give what security alert?

false positive

What commonly motivates cybercriminals to attack networks?

financial gain

What technology in a layered defense-in-depth approach denies connections initiated from untrusted networks to internal networks, but allows internal users within an organisation to connect to untrusted networks?

firewall

Why might pings between computers in the same room fail?

firewall

Using security devices that include what results in the devices introducing processing delays and privacy issues?

https decryption and inspection

According to the SANS Institute, what attack surface indicates the use of social engineering?

human

What is used by attackers to identify hosts on a network and the structure of the network?

icmp

What NIST incident response life cycle phase does detection and analysis?

identify analyse and validate an incident

What metric class in the CVSS Basic Metric Group identifies the impacts on CIA?

impact

What NIST incident response life cycle phase does containment, eradication and recovery?

implement procedures

What OS should network admins choose if they don't want to pay?

linux

What do cybercriminals use to allow the browser to load a webpage from another source?

malicious iframe

What is an example of volatile data?

memory register

What tool provides usage-based network billing and network monitoring?

netflow

What are net use and net share associated with?

network resource sharing

What is a passive device that forwards all traffic and physical layer errors to an analysis device?

network tap

What provides more security features than FAT32 and supports larger partitions?

ntfs

What protocol uses a hierarchy of authoritative time sources to send time information between devices on the network?

ntp

What access attack can be implemented by the use of brute force attack methods, trojan horses or packet sniffers?

password attack

What are two evasion techniques are used by hackers?

pivot and rootkit

What intrusion detection approach compares the operations of a host against well-defined security rules?

policy based

What is the list of TCP or UDP processes that are available to accept data called?

ports used

If a network admin issues the tcpdump command, what would the number 6337 indicate?

process id

What Linux command can be used to find the process ID for a specific process before using the kill command?

ps

According to NIST, what step in the digital forensics process involves preparing and presenting information that resulted from scrutinising data?

reporting

What technology should be included in a security information and event management system in a SOC? (2)

security monitoring

What is the time between the establishment of a data flow and its termination called?

session duration

What provides a message format for communication between network device managers and agents?

snmp

Technologies, people and processes are major categories of elements in what?

soc

In a standard ACL, what criterion is used to filter traffic?

source ip address

What algorithms use pre-shared keys?

symmetric encryption

What uses UDP port 514 for logging event messages from network devices and endpoints?

syslog

What logs in Windows Event Viewer includes events regarding the operation of drivers, processes and hardware?

system

Compared to RADIUS, what allows for separation of authentication from authorisation?

tacacs

What technology should be included in a security information and event management system in a SOC? (1)

threat intelligence

What does the following describe? The amount of data passing from a given source to a given destination in a given period of time.

total throughput

What layer identifies the applications and services on the client and server that should handle transmitted data?

transport

What layer meets the reliability requirements of applications?

transport

What layer multiplexes multiple communication streams from many users or applications on the same network?

transport

If host A sends an IP packet to host B, the destination address in the frame when it leaves host A will be BB:BB:BB:BB:BB:BB. True or false?

true

Normal traffic not identified as a threat will give what security alert?

true negative

What security alert indicates that normal traffic is correctly ignored and erroneous alerts are not being issued?

true negative

Malicious traffic correctly identified as a threat will give what security alert?

true positive

In terms of NetFlow collector output, the output of the traffic flow is what kind of response to a client machine?

udp dns

What typically requires end-user activation and can be dormant and then activate at a specific time?

virus

What technology should be included in a security information and event management system in a SOC? (3)

vulnerability

In a home or small business, what acts as an ethernet switch and an access point?

wireless router

What travels to new computers without any intervention and is self-replicating?

worm

A cybersecurity analyst is viewing captured packets forwarded on switch S1. Does PC-A have the MAC address d8:cb:8a:5c:d5:8a?

yes

What attack do threat actors prefer in the Cyber Kill Chain weaponisation phase to avoid detection by the target?

zero day


Ensembles d'études connexes

Thermo Final Exam - Conceptual Problems

View Set

CH7: Power, Politics, and Leadership Intro into Bus

View Set

Insurance Terms and Related Concepts

View Set

Bible 700 - Unit 3: The Attributes of God QUIZ 3: ATTRIBUTE OF GRACE

View Set

Mod 1 - Med Term - Directional & Movement Terms

View Set