CS 450 Final Exam Study Set

A(n) ________ is an attack that always maintains a primary focus on remaining in the network, operating undetected, and having multiple ways in and out.

APT

With the growth of cloud services, applications, storage, and processing, the scale provided by cloud vendors has opened up new offerings that are collectively called ________.

Anything as a Service

Which term is used for an integrated suite of tools or services offered as Security as a Service, or a third-party managed security service provider (MSSP), focused on cloud security?

Cloud Access Security Brokers

The ________ is a list of known vulnerabilities in software systems.

Common Vulnerabilities and Exposures enumeration (CVE)

Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE?

Cyber Observable Expression (CybOX)

Which phase of the secure development lifecycle model is concerned with minimizing the attack surface area?

Design phase

Cryptography is the universal solution to all security problems.

False

Least privilege refers to removing all controls from a system.

False

Secure coding refers to adding security functionality into a piece of software.

False

The generation of a real random number is a trivial task.

False

The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.

False

When the nmap tool is used, the sending of packets cannot be detected.

False

_______________ is a distributed form of cloud computing, where the workload is performed on a distributed, decentralized architecture.

Fog computing

The name of a capability that must be enabled on firewalls, secure web gateways, and cloud access security brokers (CASBs) to determine if the next system in a communication chain is legitimate or not is called _______________.

Instance awareness

A(n) ________ is a company that remotely manages security services for customers based on a contractual arrangement.

Managed Security Service Provider

How do most advanced persistent threats (APTs) begin?

Most APTs begin through a phishing or spear phishing attack.

What tool is the protocol/standard for the collection of network metadata on the flows of network traffic?

NetFlow

Which indicator of compromise (IOC) standard is an open-source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?

OpenIOC

Which marketing term is used to describe the offering of a computing platform combining multiple sets of software in the cloud?

Platform as a Service

_______________ is the term used to describe the offering of a computing platform in the cloud.

Platform as a Service PaaS

________ is a structured language for cyberthreat intelligence information.

STIX

_______________ is the term used to denote the policies and procedures employed to connect the IAM systems of the enterprise and the cloud to enable communication with the data.

Secrets management

What should an incident response team do when they are notified of a potential incident?

The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.

A common technical mistake during the initial response to an incident is "killing" rogue processes.

True

Baselining is the process of determining a standard set of functionality and performance.

True

Encryption is a failsafe—even if security configurations fail and the data falls into the hands of an unauthorized party, the data can't be read or used without the keys.

True

Nearly half of all exploits of computer programs stem historically from some form of buffer overflow.

True

Testing for security requires a much broader series of tests than functional testing does.

True

The logger command works from the command line, from scripts, or from other files, thus providing a versatile means of making log entries.

True

Vulnerabilities are known entities; otherwise, the scanners would not have the ability to scan for them.

True

When an infrastructure is established "on premises," the unit of computing power is a server.

True

When software, either malware or an attacker, escapes from one VM to the underlying OS, this is referred to as _______________.

VM escape

_______________ is the infrastructure needed to enable the hosting of a desktop environment on a central server.

Virtual desktop infrastructure

What does the term waterfall reference?

a software engineering process model

Persistence is one of the key elements of a whole class of attacks referred to as ________; they place two elements at the forefront of all activity: invisibility from defenders and persistence.

advanced persistent threats

Which statistical term is a representation of the frequency of the event, measured in a standard year?

annualized rate of occurrence (ARO)

What is the first step in the general risk management model?

asset identification

Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure?

change management

The ________ command is the Linux command used to change access permissions of a file.

chmod

Which term refers to the process of controlling changes to items that have been baselined?

configuration control

Which process involves implementing security tools and policies to ensure your container is running as intended?

container security

Developing and maintaining a series of ________ and prohibiting their use in new code, while removing them from old code when possible, is a proven path toward more secure code.

deprecated functions

Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence?

direct evidence

What is the first rule of incident response investigation?

do no harm

Which proven method of testing software involves comparing program responses to known inputs and the resulting program output to the desired output?

employing use cases

A(n) _______________ structure is one where elements are combined from private, public, and community cloud structures.

hybrid cloud

A(n) ________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer.

hypervisor

What is the primary factor to assess in determining the level of incident response?

information criticality

Which command in Linux is used to show and manipulate routing, devices, policy routing, and tunnels?

ip

To ________ means to take action to reduce the likelihood of a threat occurring and/or to reduce the impact if a threat does occur.

mitigate

To examine a DNS query for a specific address, you can use the ________ command.

nslookup

Physical memory storage devices can be divided into a series of containers; each of these containers is called a(n) ________.

partition

Tools that do not interact with the system in a manner that would permit detection through sending packets or altering traffic are called ________ tools.

passive

Which action is an example of transferring risk?

purchasing insurance for the occurrence of an attack

Which term refers to the process of subjectively determining the impact of an event that affects a project, program, or business?

qualitative risk assessment

The ________ process involves isolating an object from its surroundings, preventing normal access methods.

quarantine

Evidence that is material to the case or has bearing on the matter at hand is known as ________.

relevant evidence

Which term refers to a risk that remains after implementing controls?

residual risk

What is a software bomb?

software that can destroy or modify files when commands are executed on the computer

Evidence that is convincing or measures up without question is known as ________.

sufficient evidence

________ is the chance of loss that is predictable under relatively stable circumstances.

systematic risk

The Python-based program designed to assist penetration testers in the gathering of information during the reconnaissance portion of a penetration test is called ________.

theHarvester

A physical hard disk drive will persist data longer than a solid state drive.

true

Major legal awards have been decided based on failure to retain information.

true

Recovery is the returning of the asset into the business function.

true

The presence of risks in a system is an absolute—they cannot be removed or eliminated.

true

There is no recovery from data that has been changed.

true

________ are a form of operating system virtualization; they are a packaged-up combination of code and dependencies that help applications run quickly in different computing environments.

Containers

Clouds can be created by many entities, but must be internal to an organization.

False

One of the characteristics of cloud computing is transparency to the end user.

True

Using the ________ analysis information, penetration testers can emulate adversaries and attempt a wide range of known attack vectors in order to verify that the known methods of attack are all mitigated.

attack surface

________ consists of the documents, verbal statements, and material objects that are admissible in a court of law.

evidence

The ________ model is an iterative model designed to enable the construction of increasingly complex versions of a project.

evolutionary

Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution?

exclusionary rule

Which term refers to a measure of the magnitude of loss of an asset?

exposure factor (EF)

All data is equally important, and thus equally damaging in the event of loss.

false

All risks need to be mitigated or controlled.

false

It is possible to conduct risk management that is purely quantitative.

false

When analyzing computer storage components, the original system should be analyzed.

false

When performing forensics on a computer system, you should use the utilities provided by that system.

false

The determination of the boundaries of a target space is called ________.

footprinting

The term "________" describes a series of digits near the beginning of the file that provides information about the file format.

magic number

The ________ is the element that connects all the computing systems together, carrying data between the systems and users.

network

After a penetration test is planned, ________ is the first step in performing that test; the objective is to obtain an understanding of the system and its components that someone wants to attack.

reconnaissance

A(n) ________ is calculated by measuring system time with an external clock such as a Network Time Protocol (NTP) server.

record time offset

The network process of separating network elements into segments and regulating traffic between the segments is called ________.

segmentation

Specifying compute requirements in terms of resources needed (for example, processing power and storage) is an example of _______________.

serverless architecture

________ is the name for both a tool and a suite of tools: as a suite, it is a group of free, open-source utilities for editing and replaying previously captured network traffic; as a tool, it specifically replays a PCAP file on a network.

tcpreplay

The design of use cases to test specific functional requirements occurs based on the requirements determined in which phase of the secure development lifecycle?

testing phase

________ is an iterative process of proactively searching out threats inside the network.

threat hunting

The ________ command provides a list of the hosts, switches, and routers in the order in which a packet passes through them, providing a trace of the network route from source to target.

tracert

A(n) _______________ is a network connection that is used to interconnect virtual private clouds (VPCs) and on-premises networks.

transit gateway

The ________ network in a cloud environment can be used and manipulated by users, whereas the actual network underneath cannot.

virtual network

A(n) _______________ allows connections to and from a virtual private cloud instance.

virtual private cloud endpoint

Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on?

white box testing

When analyzing computer storage components, a system specially designed for forensic examination, known as a forensic ________, can be used.

workstation