Module 2 - Midterm Review
What is another name for footprinting?
Active reconnaissance
What are the primary features of a security information event management (SIEM) tool?
Aggregation, correlation, event deduplication, time synchronization, and alerting
What is the primary goal of penetration testing?
Attempt to uncover deep vulnerabilities and then manually exploit them
Which of the following is NOT a characteristic of a penetration test?
Automated
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black box
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary?
Blue team
Which group is responsible for the Cloud Controls Matrix?
CSA
what is the primary difference between credentialed and non-credentialed scans?
Credentialed scans are use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials.
Which ISO contains controls for managing and controlling risk?
ISO 31000
Which of the following is not something that a SIEM can perform?
Incident response
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
Which of the following is NOT an advantage of crowdsourced penetration testing?
Less expensive
kelly is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase?
Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
which of the following tools can be used to scan 16 IP adresses for vulnerabilities?
Nessus Essentials
Which of the following is a standard for the handling of customer card information?
PCI DSS
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS
Which of the following is the advantage of penetration testing over vulnerability scanning?
Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities
An organization has decided to switch security responsibilities from a third party to internet security personnel due to the recent hike in demand for a provided service. As a result, you have been hired by the organization as a cybersecurity specialist. Which of the following will be your initial action for achieving enhanced security in the organization?
Perform an automated scan on the entire network.
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red Team
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
Regulations
Which is the final rule of engagement that would be conducted in a pen test?
Reporting
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity?
Risk management framework (RMF)
Which of the following can automate an incident response?
SOAR
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reas
They would have to stay overnight to perform the test.
Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network
Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected.
Threat hunting
Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
which of the following is the most efficient means of discovering wireless signals?
War flying
Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?
a vulnerability scan is usually automated
Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats?
purple team
