CIT review

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

What are examples of deterrent access controls?

Fences, cameras, motion detectors

What does the antivirus search for?

Hash signatures

Which of the following should be used to secure a website against abnormal traffic?

DMZ

HIDS/HIPS

Detects, protects, and alerts upon malicious activity

EDR

Provides high visibility of endpoints, focuses on detecting and responding to malicious activity on the host. Best use case, search manually for threats.

What is a canary trap & what is it's benefits?

It is an almost identical copy of a document where leaked data is traced to the receiving person. It is used to identify internal data leakers

Why is defense in layers important?

Multiple layers of defense have a better chance of thwarting potential intruders.

What is SOAR?

Security Orchestrated Automation & Response

What are methods to reveal honeypots?

Banner grabbing, evasion in a sentence, exceptionally long or short uptime, vendor signature (well-known files) like kippo.cfg, enticing vulnerabilities

.sfp

Exclusion: SHA1 or SHA256 signature

Microsoft Security Essentials was tagged in 2011 google chrome as. Malicious. What is the professional term related to this case?

False positive

What is the difference between firmware and software?

Firmware is fixed data that is part of a hardware device; software is what the user interacts with

What is the definition of an alert ?

A type of query that checks rules for each active log in the system , whereby if a match is found an email will be sent, SNMP or Syslog will be activated, or an automatic script will be executed.

What is a honey token?

Honeypot that is not a computer system

Which of the following security measure is related to Endpoint Security?

Anitivirus

What Is Firmware?

A semi-permanent software used to operate hardware components. It is written onto dedicated flash memory on the computer's hardware and provides instructions for hardware devices to enable communication with other hardware components.

Examples of Endpoint Security Suite?

Antivirus, DLP, Application control/ Allow list, HIPS/HIDS, communication encryption, Email & phishing protection, logging & Monitoring, and Encrypted communication & hardware.

What are honeytoken types?

Bogus email address, false database data, forged executable files, phone home embedded links, web beacons, browser cookies

.ign2

Exclusion: specific signature

An attacker launches a mail spoofing attack. Which of the following commands will probably be used in the attack?

Help server, MAIL FROM: [email protected], RCPT TO:[email protected],data

A security company wants to learn a new attack method. Which of the following would be a good way to do that?

Honeypot

Which of the following is a security mechanism that is configured to detect, deceive, and counteract attempts at unauthorized access?

Honeypot

A NOC manager wants to collect logs from the windows OS in Splunk. What needs to be installed & configured?

Install universal forward serve

What is the main purpose of the Honeypots?

Lure attackers

What is playbook automation?

A Flow of actions designed to reduce the need for human intervention in repetitive tasks

SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]:Accepted password for root from 10.10.1.1 port 5581 ssh2. What does that mean?

An SSH connection was established on 5/21 with a root user

Why are IoT devices known to be vulnerable to many attacks?

Because of a lack of security awareness among developers

What does CIP stand for?

Common Industrial Protocol

Sandbox

Restricted environment used to run suspicious programs and files

.gdb

phishsig: URL hashes

.pdb

phishsig: URLs of potential phishing sites

.wdb

phishsig: Whitelisted URL

What is the definition of log aggregation?

Collecting logs with similar structures

.fp

Exclusion: MD5 signature

What is not a common IoT attack?

Phishing

**An example of Endpoint Security Suite?

Data loss prevention (DLP)

What are a common IoT attacks?

MiTM, DoS/DDoS, Replay (also known as playback)

YARA is a tool used to:

Identify & classify malware samples

What is a honeypot?

Decoy device that tries to lure attackers

What is the main purpose of PFSense?

An open-source firewall

Internal Firewall

Blocks incoming/outgoing connections to/from the workstation

What is NOT one of the IoT components?

Network segregation

What's a way to secure IoT devices?

Use VLAN and ACL

What does BYOD stand for?

Bring your own device

What are SIEM general components

Database, Correlation Engine, Collectors, Management Center & Dashboards, API

What is a SIEM alert?

Indicates possible anomaly, threat, or attack

What is the term of a newly discovered flaw in a program?

Zero-Day

What is the PPT triad?

People, process, technology

Which of the following is not information that requires DLP protection?

Public facing webpages

What are research honeypots used for?

Research possible future threats

What is an area where companies can safely test potentially malicious files?

Sandbox

What are some IoT components?

Smart gateway, connectors, data processinng

What is considered the weakest link in cyber security?

Unaware or untrained people

The method to mark files as safe is:

Whitelisting

What is true about CIP?

It is designed for automating industrial applications. It encompasses a set of messages and services for security, control, control and synchronization. It is widely used in industry, since it can be easily integrated into other networks.

What is CIP designed for and what is it vulnerable to?

It is specifically for intercommunication and integration with other networks. It is vulnerable to remote attacks and may result in a denial-of-service (DoS) condition, controller fault, or enable a Man-in-the-Middle (MitM) attack, or Replay attack.

What is a fail safe implementation?

It means that all components work together to prevent or minimize damage in case of a disaster

What is true about DNP3?

It was developed in 1993 and is widely used in the USA and Canada. It operates at the application, data link and transport layers; thus, it is a three-layer protocol.

What is ICS (Industrial Control Systems)

It's units that monitor and manage industrial machinery used in critical infrastructure. It integrates hardware, software, and network connectivity to achieve remote support and management of critical infrastructure devices.

ClamAV

Open source and cross platform AV software. Mainly a CLI tool, although a GUI is available. Most features require initial configuration.

**what is an example of an AV bypass technique?

Packing and encryption

What are the 5 layers of IoT?

Perception , Transmission, Middleware, Application, and Business

What is one characteristic of low interaction Honeypots?

Provides a limited access and covers specific ports

What are examples of ICS protocols?

RS-232 and RS-485, Modbus, DNP3, HART, TASE 2.0 and ICCP, CIP, PROFIBUS and PROFINET, FOUNDATION

**A type of malware designed to stay undetected on your computer

Rootkits

A new company stores sensitive information and wants to secure that information using a system that reports and forensically analyzes security incidents. Which system should it use?

SIEM

Someone attempted to hack your company's network. Which system received the warning?

Splunk

Antivirus consists of

String/byte signatures, hash signatures, heuristic detection

Which of the following artifacts does AV search for?

Strings, hashes, heuristics

If the following query was sent to a SIEM : 'source="/var/log:auth.log" what would be the outcome?

Unix authentication logs

What does DNP3 stand for?

Distributed Network Protocol

What is IIOT?

Industrial Internet of Things

What is the main purpose of the SIEM solution?

Helps detect security incidents

What is may relay?

A server that routes emails to their correct destination. It provides a way to guarantee message authenticity.

What is a cyber anomaly exploration?

Detects suspicious behavior

What is a security solution that can protect against sophisticated threats? APT

EDR (Endpoint detection & response)

What is the primary benefit of SOAR?

Eliminates tier 1 analysts, reducing incident response time. Which saves time & money, but can lead to false positives

What is DomainKeys Identified Mail (DKIM)?

Email validation technique

What are endpoint security components?

Internal firewall, HIDS/HIPS, Sandbox

What is true about Modbus?

It communicates raw messages without authentication or any overhead. It is a request-response protocol and operates at the application layer of the OSI model.

What is the fault tolerance?

It ensures that remaining components can maintain a system when one or more component fails

Why should alerts be generated?

To monitor & handle suspicious events in the organization


संबंधित स्टडी सेट्स

UNIT 3 Glucose Regulation Exemplar: Cushing's

View Set

PY 307 Physiological Psych Test 4

View Set

Ch. 2 Tabular and Graphical Methods

View Set

Classical and Operant Conditioning Khan Review

View Set

Anatomy Chapter 1: The Human Body: An Orientatyion

View Set

Chapter 3 Exam (Earthquake Geology and Seismology)

View Set

CH 26: Wellness and Health Promotion

View Set