Review Questions
What are the three(3) states in which data must be protected?
At rest; In transit; In use;
What are the seven(7) key principles that can be leveraged in social engineering?
Authority Intimidation Consensus Scarcity Familiarity Trust Urgency
Which element of the SCAP framework can be used to consistently describe vulnerabilities? A) CPE B) CVE C) CVSS D) CCE
B) CVE
Which of the following measures is not commonly used to assess threat intelligence? A) Timeliness B) Detail C)Accuracy D) Relevance
B) Detail
Ben searches through an org's trash looking for sensitive documents, internal notes, & other useful info. What term describes this type of activity? A) Waste engineering B) Dumpster Diving C) Vishing D) Cloning
B) Dumpster Diving
What two(2) control models can botnets operate under?
Client-Server Model, Peer-to-Peer Model
What are the three(3) techniques for data minimization?
Data deletion/disposal; Data de-identification; Data obfuscation;
What language is STIX based on? A) PHP B) HTML C) XML D) Python
C) XML
What type of malware connects to a command-&-control system, allowing attackers to manage, control, & update it remotely? A) A Bot B) A Drone C) A vampire D) A worm
A) A Bot
What term best describes an org's desired security state? 1) Control objectives 2) Security priorities 3) Strategic goals 4) Best practices
1) Control objectives
Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used? A) A watering hole attack B) Vishing C) Whaling D) Typosquatting
A) A watering hole attack
What type of assessment is particularly useful for identifying insider threats? A) Behavioral B) Instinctual C) Habitual D) IOCs
A) Behavioral
Tara recently analyzed the results of a vulnerability scan report & found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred? A) False positive B) False negative C) True positive D) True negative
A) False positive
During a penetration test, Patrick deploys a toolkit on a compromised system & uses it to gain access to other systems on the same network. What term best describes this activity? A) Lateral movement B) Privilege escalation C) Footprinting D) OSINT
A) Lateral movement
What type of malware is VBA code most likely to show up in? A) Macro Viruses B) RATs C) Worms D) Logic Bombs
A) Macro Viruses
Kevin is participating in a security exercise for his org. His role in the exercise is to use hacking techniques to attempt to gain access to the org's systems. What role is Kevin playing in this exercise? A) Red team B) Blue team C) White team D) Purple team
A) Red team
Scott notices that one of the systems on his network contacted a number of systems via encrypted web traffic, downloaded a handful of files, & then uploaded a large amount of data to a remote system. What type of infection should he look for? A) A Keylogger B) A Backdoor C) A Bot D) A Logic Bomb
C) A Bot
Which one of the following assessment techniques is designed to solicit participation from external security experts & reward them for discovering vulnerabilities? A) Threat hunting B) Penetration testing C) Bug bounty D) Vulnerability scanning
C) Bug bounty
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit? A) High B) Medium C) Low D) Severe
C) Low
Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test? A) Nmap B) Nessus C) Metasploit D) Nslookup
C) Metasploit
Lila is working on a penetration testing team & she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information? A) Contract B) Statement of work C) Rules of engagement D) Lessons learned report
C) Rules of engagement
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plugins. What would be the best approach for the initial scan? A) Run the scan against production systems to achieve the most realistic results possible B) Run the scan during business hours C) Run the scan in a test environment D) Do not run the scan to avoid disrupting the business
C) Run the scan in a test environment
Which of the following security assessment techniques assumes that an org has already been compromised & searches for evidence of that compromise? A) Vulnerability Scanning B) Penetration Testing C) Threat Hunting D) War Driving
C) Threat Hunting
Which of the following techniques would be considered passive reconnaissance? A) Port scans B) Vulnerability scans C) WHOIS lookups D) Footprinting
C) WHOIS lookups
Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting? A) Gray-box test B) Blue-box test C) White-box test D) Black-box test
C) White-box test
Kyle is conducting a penetration test. After gaining access to an org's database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action? A) Privilege escalation B) Lateral movement C) Maneuver D) Persistence
D) Persistence
What are three(3) techniques for data obfuscation?
Hashing; Tokenization; Masking;
Amanda notices traffic between her systems & a known malicious host on TCP port 6667. What type of traffic is she most likely detecting? A) Command & Control B) A Hijacked Web Browser C) A RAT D) A Worm
A) Command & Control
Charles wants to find out about security procedures inside his target company, but he doesn't want the people he is talking to to realize that he is gathering info about the org. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process of social engineering efforts? A) Elicitation B) Suggestion C) Pharming D) Prepending
A) Elicitation
What are the three(3) possible meanings of prepending?
Adding an expression or phrase Adding info as part of another attack Suggesting topics via social engineering conversation to lead a target toward related info
Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information? A) Port scanning B) Footprinting C) Vulnerability scanning D) Packet capture
B) Footprinting
Brian ran a penetration test against a school's grading system & discovered a flaw that would allow students to alter their grads by exploiting an SQL injection vulnerability. What type of control should he recommend to the school's cybersecurity team to prevent students from engaging in this type of activity? A) Confidentiality B) Integrity C) Alteration D) Availability
B) Integrity
Ken is consulting threat research on Transport Layer Security(TLS) & would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs? A) Academic Journal B) Internet RFCs C) Subject Matter Experts D) Textbooks
B) Internet RFCs
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords? A) MD5sum B) John the Ripper C) GPG D) Netcat
B) John the Ripper
Kevin recently identified a new security vulnerability & computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into? A) Low B) Medium C) High D) Critical
B) Medium
What type of phishing targets specific groups of employees, such as managers in the financial department of a company? A) Smishing B) Spear Phishing C) Whaling D) Vishing
B) Spear Phishing
Naomi receives a report of smishing. What type of attack should she be looking for? A) Compressed files in phishing B) Text message-based phishing C) Voicemail-based phishing D) Server-based phishing
B) Text message-based phishing
Which one of the following tools is most likely to detect XSS vulnerability? A) Static application test B) Web application vulnerability scanner C) Intrusion detection system D) Network vulnerability scanner
B) Web application vulnerability scanner
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack? A) AV B) C C) PR D) AC
C) PR
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? A) Domain Administrator B) Penetration Testing C) Threat Hunting D) Read-only
D) Read-only
A caller reached a member of the IT support person at Carlos' company & told them that the chairman of the company's board was traveling & needed immediate access to his account but he had somehow been locked out. They told the IT support person that if the board member did not have their password reset, the company could lose a major deal. If Carlos receives a report about this, which of the principles of social engineering should he categorize the attacker's efforts under? A) Scarcity B) Familiarity C) Consensus D) Urgency
D) Urgency
When you combine phishing with VoIP, it is known as? A) Spoofing B) Spooning C) Whaling D) Vishing
D) Vishing
What are the five(5) risk types associated with security incidents/data loss? Hint: "Farts Really Smell On Cabbage"
Financial Risk; Reputational Risk; Strategic Risk; Operational Risk; Compliance Risk;
What are two(2) of the most important defenses against spyware?
Up to date antimalware tools & user awareness education
Which one of the following statements is not true about compensating controls under PCI DSS? 1) Controls used to fulfill one(1) PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement 2) Controls must meet the intent of the original requirement 3) Controls must meet the rigor of the original requirement 4) Compensating controls must provide similar level of defense as the original requirement
1) Controls used to fulfill one(1) PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement
What compliance regulation most directly affects the operation of a healthcare provider? 1) HIPPA 2) PCI DSS 3) GLBA 4) SOX
1) HIPPA
Tony is reviewing the status of his org's defenses against a breach of their file server. He believes that a compromise of the file server could reveal info that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering? 1) Strategic 2) Reputational 3) Financial 4) Operational
1) Strategic
Tina is tuning her org's intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing? 1) Technical control 2) Physical control 3) Managerial control 4) Operational control
1) Technical control
Which one(1) of the following data protection techniques is reversible when conducted properly? 1) Tokenization 2) Masking 3) Hashing 4) Shredding
1) Tokenization
Jade's organization recently suffered a security breach that affected stored credit card data. Jade's primary concern is the fact that the org is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade? 1) Strategic 2) Compliance 3) Operational 4) Financial
2) Compliance
What term best describes data that is being sent between two(2) systems over a network connection? 1) Data at rest 2) Data in motion 3) Data in processing 4) Data in use
2) Data in motion
Gwen is exploring a customer transaction reporting system & discovers a credit card number that has been changed into '*** *** *** 1858'. What type of data minimization has likely been used on this entry? 1) Destruction 2) Masking 3) Tokenization 4) Hashing
2) Masking
Which one(1) of the following objectives is not one of the three(3) main objectives that info security pros must achieve to protect their orgs against cybersecurity threats? 1) Integrity 2) Nonrepudation 3) Availability 4) Confidentiality
2) Nonrepudation
Nolan is writing an after action report on a security breach that took place in his org. The attackers stole thousands of customer records from the org's database. What cybersecurity principle was most impacted by this breach? 1) Availability 2) Nonrepudiation 3) Confidentiality 4) Integrity
3) Confidentiality
Which one(1) of the following data elements is not commonly associated with identity theft? 1) Social Security number 2) Driver's license number 3) Frequent Flyer number 4) Passport number
3) Frequent Flyer number
Chris is responding to a security incident that compromised one(1) of his org's web servers. He believes that the attackers defaced one(1) or more pages on the website. What cybersecurity objective did this attack violate? 1) Confidentiality 2) Nonrepudiation 3) Integrity 4) Availability
3) Integrity
Which one(1) of the following is not a common goal of a cyber security attacker? 1) Disclosure 2) Denial 3) Alteration 4) Allocation
4) Allocation
What technology uses mathematical algorithms to render info unreadable to those lacking the required key? 1) Data loss prevention 2) Data obfuscation 3) Data minimization 4) Data encryption
4) Data encryption
Lou mounted a "Beware of Dog" sign on the fence surrounding his org's datacenter. What control type best describes this control? 1) Compensating 2) Detective 3) Physical 4) Deterrent
4) Deterrent
Tonya is concerned about the risk that an attacker will attempt to gain access to her org's database server. She is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement? 1) Preventative 2) Detective 3) Corrective 4) Deterrent
4) Deterrent
Matt is updating the org's threat assessment process. What category of control is Matt implementing? 1) Operational 2) Technical 3) Corrective 4) Managerial
4) Managerial
Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive info by guests on his wireless network. What DLP technology would best meet his goal? 1) Watermarking 2) Patter recognition 3) Host-based 4) Network-based
4) Network-based
Greg recently conducted an assessment of his org's security controls & discovered a potential gap: the org does not use full-disk encryption on laptops. What type of control gap exists in this case? 1) Detective 2) Corrective 3) Deterrent 4) Preventative
4) Preventative
When a caller was recently directed to Amanda, who is a junior IT employee at her company, the caller informed her that they were the head of IT for her org & that she needed to immediately disable the org's firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, & was actually a pentester hired by her company. Which social engineering principle best matches this type of attack? A) Authority B) Consensus C) Scarcity D) Trust
A) Authority
Of the threat indicators listed here, which one is the most commonly exploited by attackers who are at a distant location? A) Email B) Direct Access C) Wireless D) Removable Media
A) Email
Which of the following is the best description for tailgating? A) Following someone through a door they just unlocked B) Figuring out how to unlock a secure area C) Sitting close to someone in a meeting D) Stealing info from someone's desk
A) Following someone through a door they just unlocked
Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed to be unethical activities. Which two(2) of the following terms best describe Snowden's activities? (Choose two.) A) Insider B) State Actor C) Hacktivist D) APT E) Organized Crime
A) Insider C) Hacktivist
Which one of the following attackers is most likely to be associated with an APT? A) Nation-state Actor B) Hackavist C) Script Kiddie D) Insider
A) Nation-state Actor
Which of the following threat actors typically has the greatest access to resources? A) Nation-state Actors B) Organized Crime C) Hacktavists D) Insider Threats
A) Nation-state Actors
Ursula recently discovered that a group of developers are sharing info over messaging tools provided by a cloud vendor but not sanctioned by her org. What term best describes this use of technology? A) Shadow IT B) System Integration C) Vendor Management D) Data Exfiltration
A) Shadow IT
Aliana suspects that her org may be targeted by a SPIM attack. What technology is she concerned about? A) Spam over instant messaging B) Social Persuasion & Intimidation by Managers C) Social Persuasion by Internet Media D) Spam over Internal Media
A) Spam over Instant Messaging
Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his org by the supplier. What type of threat vector best describes this attack? A) Supply Chain B) Removable Media C) Cloud D) Direct Access
A) Supply Chain
Which one of the following threat research tools is used to visually display info about the location of threat actors? A) Threat Map B) Predictive Analysis C) Vulnerability Feed D) STIX
A) Threat Map
Tom's org recently learned that the vendor is discontinuing support for their customer relationship management(CRM) systems. What should concern Tom the most from a security perspective? A) Unavailability of Future Patches B) Lack of Technical Support C) Theft of Customer Info D) Increased Costs
A) Unavailability of Future Patches
Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, & Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work? A) White Hat B) Gray Hat C) Green Hat D) Black Hat
A) White Hat
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this info? A) Vulnerability Feed B) IoC C) TTP D) RFC
B) IoC
Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain & retain access to the system. When he runs a virus scan, the system doesn't show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system? A) Rerun the anti-malware scan B) Mount the drive on another system & scan it that way C) Disable the system's antivirus because it may be causing a false negative D) The system is not infected & he should move on
B) Mount the drive on another system & scan it that way
Ben wants to analyze Python code that he believes may be malicious code written by an employee of his org. What can he do to determine if the code is malicious? A) Run a de-compiler against it to allow him to read the code B) Open the file using a text editor to view the code C) Test the code using an antivirus tool D) Submit the Python code to an anti-malware testing website
B) Open the file using a text editor to view the code
Tracy is concerned about attacks against the machine learning algorithm that her organization is using to assess their network. What step should she take to ensure that her baseline data is not tainted? A) She should scan all systems on the network for vulnerabilities & remediate them before using the algorithm B) She should run the ML algorithm on the network only if she believes it is secure C) She should disable all outbound & inbound network access so that only normal internal traffic is validated D) She should disable all firewall rules so that all potential traffic can be validated
B) She should run the ML algorithm on the network only if she believes it is secure
Alan reads Susan's password from across the room as she logs in. What type of technique has he used? A) A man-in-the-room attack B) Shoulder surfing C)A man-in-the-middle attack D) Pretexting
B) Shoulder surfing
Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this? A) Run multiple antimalware tools & use them to remove all detections B) Wipe the drive & reinstall from known good media C) Use the delete setting in her antimalware software rather than the quarantine setting D) There is no way to ensure that the system is safe & it should be destroyed
B) Wipe the drive & reinstall from known good media
Alaina discovers that someone has set up a website that looks exactly like her org's banking website. Which of the following terms best describes this sort of attack? A) Phishing B) Pharming C) Typosquatting D) Tailgating
B)Pharming
What type of malware is frequently called stalkerware because of its use by those in intimate relationships to spy on partners? A) Worms B) RATs C) Crypto Malware D) PUPs
B)RATs
What is one(1) of the most important defenses against ransomware?
Backup system that stores files in a separate location unaffected if the system gets infected.
What is one(1) technique that fileless viruses use to reinfect a system after reboot?
By editing a system registry entry
Gurvinder has been asked to assist a company that recently fired one(1) of their developers. After the developer was terminated, the critical app that they had written for the org stopped working & now displays a message reading, "You shouldn't have fired me!" If the developer's access was terminated & the org does not believe that they would have had access to any systems or code after they left the org, what type of malware should Gurvinder look for? A) A RAT B) A PUP C) A Logic Bomb D) A Keylogger
C) A Logic Bomb
What type of malware is adware typically classified as? A) A DOG B) A backdoor C) A PUP D) A rootkit
C) A PUP
Alex discovers that the network routers that his org has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as? A) An influence campaign B) A hoax C) A supply chain attack D) A pharming attack
C) A supply chain attack
James notices that a macro virus has been detected on a workstation in his org. What was the most likely path for infection? A)A drive-by download via a web browser B) A worm spread the macro virus C) A user intentionally enabled macros for an infected file D) A remote access Trojan was used to install the macro virus
C) A user intentionally enabled macros for an infected file
Wendy is scanning cloud-bsased repositories for sensitive info. Which one(1) of the following should concern her most, if discovered in a public repository? A) Product Manuals B) Source Code C) API Keys D) Open Source Data
C) API Keys
What technique is most commonly associated with the use of malicious flash drives by pentesters? A) Mailing them to targets B) Sneaking them into offices & leaving them in desk drawers C) Distributing them in parking lots as though they were dropped D) Packing them to look like a delivery & dropping them off with a target's name on the package
C) Distributing them in parking lots as though they were dropped
Renee is a cybersecurity hobbyist. She receives an email about a new web-based grading system being used by her son's school & she visits the site. She notices that the URL for the site looks like: https://www.myschool.edu.grades.php&student=1023425 She realizes that her son's studentID number is 1023425 she attempts to access similar URLs with different numbers close to her son's studentID number. When she does so, she accesses the records of other students. She closes the records & immediately informs the school principal fof the vulnerability. What term best describes Renee's work? A) White-Hat Hacking B) Green-Hat Hacking C) Grey-Hat Hacking D) Black-Hat Hacking
C) Grey-Hat Hacking
Which one(1) of the following info sources would not be considered an OSINT source? A) DNS Lookup B) Search Engine Research C) Port Scans D) WHOIS Queries
C) Port Scans
Crypto malware is what type of malware? A) Worms B) PUP C) Ransomware D) Rootkit
C) Ransomware
Fred receives a call to respond to a malware-infected system. When he arrives, he discovers a message on the screen that reads, "Send .5 Bitcoin to the following address to recover your files." What is the most effective way for Fred to return the system to normal operation? A) Pay the Bitcoin ransom B) Wipe the system & reinstall C) Restore from a backup if available D) Run anti-malware software to remove the malware
C) Restore from a backup if available
Nicole accidentally types www.smazon.com into her browser & discovers that she is directed to a different site loaded with ads & popups. Which of the following is the most accurate description of the attack she has experienced? A) DNS hijacking B) Pharming C) Typosquatting D) Host file compromise
C) Typosquatting
Naomi wants to provide guidance on how to keep her org's new machine learning tools secure. Which of the following is not a common means of securing machine learning algorithms? A) Understand the quality of source data B) Build a secure working environment for ML developers C)Require third-party review for bias in ML algorithms D) Ensure changes to ML algorithms are reviewed & tested
C)Require third-party review for bias in ML algorithms
Angela wants to limit the potential impact of malicious Bash scripts. Which of the following is the most effective technique she can use to do so without a significant usability impact for most users? A) Disable Bash B) Switch to another shell C)Use Bash's restricted mode D) Prevent execution of Bash scripts
C)Use Bash's restricted mode
What are the three(3) objectives of cybersecurity?
Confidentiality; Integrity; Availability;
Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware? A)A Worm B) Crypto Malware C) A Trojan D) A Backdoor
D) A Backdoor
What type of malicious actor is most likely to use hybrid warfare? A) A script kiddie B) A hackivist C) An internal threat D) A nation-state
D) A nation-state
Sharif receives a bill for services that he does not believe his company requested or had performed. What type of social engineering technique is this? A) Credential harvesting B) A hoax C) Reconnaissance D) An invoice scam
D) An invoice scam
Which of the following is the best example of a hacktivist group? A) Chinese Military B) U.S. Government C) Russian Mafia D) Anonymous
D) Anonymous
Skimming attacks are often associated with what next step by attackers? A) Phishing B) Dumpster Diving C) Vishing D) Cloning
D) Cloning
Matt uploads a malware sample to a third-party malware scanning site that uses multiple anti-malware & antivirus engines to scan the sample. He receives several different answers fro what the malware package is. What has occurred? A) The package contains more than one(1) piece of malware B) The service is misconfigured C) The malware is polymorphic & changed while being tested D) Different vendors use different names for malware packages
D) Different vendors use different names for malware packages
What orgs did the U.S. government help create to help share knowledge between orgs in specific verticals? A) DHS B) SANS C) CERTS D) ISACs
D) ISACs
Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen? A) All files on the system B) All keyboard input C) All files the user accessed while the keylogger was active D) Keyboard & other inputs from the user
D) Keyboard & other inputs from the user
Lucca's org runs a hybrid data center with systems in Microsoft's Azure cloud & in a local facility. Which of the following attacks is one that he can establish controls for in both locations? A) Shoulder surfing B) Tailgating C) Dumpster diving D) Phishing
D) Phishing
Naomi believes that an attacker has compromised a Windows workstation using a file-less malware package. What Windows scripting tool was most likely used to download & execute the malware? A) VBScript B) Python C) Bash D) PowerShell
D) PowerShell
Cindy wants to send threat info via a standardized protocol specifically designed to exchange cyber threat info. What should she choose? A) STIX 1.0 B) OpenIOC C) STIX 2.0 D) TAXII
D) TAXII
What are the six(6) types that security controls are grouped into based on their intended purpose? Hint: "Previous Decisions Can Dictate Present Considerations"
Preventative controls; Detective controls; Corrective controls; Deterrent controls; Physical controls; Compensating controls;
What are the seven(7) listed types of threat vectors?
Direct Access, Wireless, Email, Supply Chain, Social Media, Removable Media, Cloud
What is one(1) of the most commonly exploited threat vectors?
What two(2) levels may DLP technologies operate at?
Host-based DLP; Network DLP;
What are the four(4) characteristics that differentiate the types of cybersecurity threat actors?
Internal vs. External Level of Sophistication/Capability Resources/Funding Intent/Motivation
What are a few important defenses against fileless viruses?
Keeping browsers, plug-ins, & other exploitable software up to date. Use antimalware tools that can detect unexpected behaviors from scripting tools & network defenses to assure that users are not browsing to known malicious sites.
What are the three(3) types of potential security incident sources mentioned?
Malicious activity (attacker); Accidental activity (ignorance); Natural activity (disaster);
What are the three(3) categories that security control are grouped into based on how they achieve their objectives? Hint: "Master Of Time"
Managerial Controls; Operational Controls; Technical Controls;
What are three(3) of the most important defenses against Rootkits?
Patching, Using secure configurations, Ensuring that privilege management is used.
What two(2) types of techniques do DLP technologies use to recognize sensitive info?
Pattern-matching; Watermarking;
What are the seven(7) listed types of threat actors?
Script Kiddies Hacktivists Criminal Syndicates APTs Insider Threats Shadow IT Competitors
What does the presence of Shadow IT in an org indicate?
This indicates that business needs are not being met by the enterprise IT team
What are the three(3) common factors to consider when assessing threat intelligence sources/specific threat intelligence notifications?
Timeliness, Accuracy, Relevancy
What are three(3) of the most important defenses against potentially unwanted programs?
User awareness & best practices education, removal with appropriate tools, & return to known good state of machine
What are two(2) of the most important defenses against Trojans/RATs?
User education about not downloading untrusted software, Anti-malware tools that detect Trojans & RAT-like behaviors