study cyber

Each service defined by TAXII is required to be implemented

False

FS-ISAC stands for?

Financial Services Information Sharing and Analysis Center

Which is not a valid SQL injection logical expression commonly used by an adversary

'AND '1' = '1

What XML language best describes a measurable event or stateful property in the cyber domain, such as registry key creation, file deletion or HTTP GET operation received?

CybOX

What is the Wireshark Analyze feature that allows content to be decoded using a specific protocol, event if that protocol is not directly map to the specific port reserved for it use?

Decode As

which are the two problems with log files and determining temporal order?

Different system clocks Resolution too course

A DMZ is generally used for which services

Email Server Web Server

A honeypot has valuable production value

False

What are the two types of Intrusion Detection Systems that are used to protect data-at-rest and data-in-motion?

Host, Network

Which is not a module used in Volatility, the

Idrhooks

The name of the TAXII library used to support TAXII client development is?

Libaxii

The Kippo SSH honeypot performs what level of interaction?

Medium interaction

The name of the python tool (source module) used to convert OpenIOC formatted reports to STIX is what?

OpenIOC-to-STIX

Which is not a semi-legitimate tool for remote access

PC Anywhere

we can split the kill chain up into two different types of actions, what are they?

Proactive, Reactive actions

A computer infected with the Zeus virus using a specific IP address for C2 can be represented as what type of STIX object?

TTP

Assertions of an identity as Unit 61398 within the Chinese PLA could be used to represented what type of STIX object

Threat Actor

Computer forensics corresponds to which of the following?

all of the above

What type of data enrichment can be done on information collected from a honeypot?

all of the above

which are services defined by TAXII?

all of the above Discovery Collection Management Inbox Poll

A documented vulnerability such as CVE-201400160 could be represented as what type of STIX object

exploit target

The program Trudy used to hide her malicious software attack was named?

hfnetchk

What security devices is the following used to cirumvent? %00 Union Select password FROM tblUsers WHERE username='admin'--

intrusion detection and WA firewalls

what is the ncat command on Windows to allow a system at 192.168.70.1 connect to a server at 192.168.70.32 using port 6666 use only a single space between parameters

ncat 192.168.70.32 6666

when a security scanning device fails to detect malicious activity, this is known as a false

negative

Which is the first action taken to preserve the media integrity from data corruption during computer frensics?

use a write blocker