Cybersecurity Midterm

What flag does nmap use to enable operating system identification?

-o

Which Cisco log level is the most critical?

0

Jason gathers threat intelligence that tells him that an adversary his organization considers a threat likes to use USB key drops to compromise their targets. What is this an example of?

A possible attack vector

Which type of organization is the most likely to face a regulatory requirement to conduct vulnerability scans?

Government Agency

Organizations like Anonymous, which target governments and businesses for political reasons, are examples of what type of threat actor?

Hacktivists

What type of analysis is best suited to identify a previously unknown malware package operating on a compromised system?

Heuristic Analysis

Forensic data is most often used for what type of threat assessment data?

IOCs

Advanced persistent threats are most commonly associated with which type of threat actor?

Nation-state actors

Which of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures?

Sandboxing

Which type of Windows log is most likely to contain information about a file being deleted?

Security Logs

Which one of the following is not an example of a vulnerability scanning tool?

Snort

During an information gathering exercise, Chris is asked to find out detailed personal information about his target's employees. What is frequently the best place to find this information?

Social Media

Which one of the following factors is least likely to impact vulnerability scanning schedules?

Staff Availability

Juan is configuring a new device that will join his organization's wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?

Supplicant

Barry placed all of his organization's credit card processing systems on an isolated network dedicated to card processing. He has implemented appropriate segmentation controls to limit the scope of PCI DSS to those systems through the use of VLANs and firewalls. When Barry goes to conduct vulnerability scans for PCI DSS compliance purposes, what systems must he scan?

Systems on the Isolated Network

Cyn wants to send threat information via a standardized protocol specifically designed to exchange cyberthreat information. What should she choose?

TAXII

Selah believes that an organization she is penetration testing may have exposed information about their systems on their website in the past. What site might help her find an older copy of their website?

The Internet Archive

Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which of the following ports should definitely not be open on the jump box?

23

Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?

443

Ben sets up a system that acts like a vulnerable host in order to observe attacker behavior. What type of system has he set up?

A honeypot

Gabby wants to select a threat framework for her organization, and identifying threat actor tactics in a standardized way is an important part of her selection process. Which threat model would be her best choice?

ATT&CK

During passive intelligence gathering, you are able to run netstat on a workstation located at your target's headquarters. What information would you not be able to find using netstat on a Windows system?

Active IPX Connections

Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and targeting of the threat source?

Adversarial

Sarah would like to run an external vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?

An Approved Scanning Vendor

Ric is reviewing his organization's network design and is concerned that a known flaw in the border router could let an attacker disable their Internet connectivity. Which of the following is an appropriate compensatory control?

An alternate Internet connectivity method using a different router type

Bill would like to run an internal vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?

Any Qualified Individual

What tool can administrators use to help identify the systems present on a network prior too conducting vulnerability scans?

Asset Inventory

Vincent is responding to a security incident that compromised one of his organization's web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization's website. What cybersecurity objective did this attack violate?

Availability

What type of assessment is particularly useful for identifying insider threats?

Behavior

Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?

CPE

Jessica is reading reports from vulnerability scans run by different parts of her organization using different products. She is responsible for assigning remediation resources and is having difficulty prioritizing issues from different sources. What SCAP component can help Jessica with this task?

CVSS

What term describes an analysis of threat information that might include details such as whether it is confirmed by multiple independent sources or has been directly confirmed?

Confidence Level

What approach to vulnerability scanning incorporates information from agents running on the target servers?

Continuous Monitoring

Which of the following measures is not commonly used to assess threat intelligence?

Detail

Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city's power grid might have on the organization. What type of threat is she considering?

Environmental

What type of data can frequently be gathered from images taken on smartphones?

Exif

What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies?

FISMA

Tom would like to deploy consistent security settings to all of his Windows systems simultaneously. What technology can he use to achieve this goal?

GPO

What step occurs first during the attack phase of the penetration test?

Gaining Access

What minimum level of impact must a system have under FISMA before the organization is required to determine what information about the system is discoverable by adversaries?

High

Gary is the system administrator for a federal agency and is responsible for a variety of information systems. Which systems must be covered by vulnerability scanning programs?

High-, Moderate-, or Low-Impact Systems

What organization manages the global IP address space?

IANA

What organization did the US government help create to help share knowledge between organizations in specific verticals?

ISACs

Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which of the following steps would come first?

Identity Threats

Bethany is the vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded their point-of-sale system, and Bethany is preparing to conduct new scans. When must she complete the new scan?

Immediately

What phase of the cyber kill chain includes creation of persistent backdoor access for attackers?

Installation

What common criticism is leveled at the cyber kill chain?

It includes actions outside the defended network

Susan needs to explain what a jump box is to a member of her team. What should she tell them?

It is a system used to access and manage systems or devices in another security zone.

OpenIOC uses a base set of indicators of compromise originally created and provided by which security company?

Mandiant

Before Ben send a Word document, he uses the built-in Document Inspector to verify that the file does not contain hidden content. What is this process called?

Metadata Scrubbing

Which of the following options is the most likely used for the host listed int he dhcpd.conf entry? host db1 {option host-name "sqldb1.example.com";hardware ethernet 8a:00:83:aa:21:9ffixed address 10.1.240.10

Microsoft SQL Server

Brian is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized?

Moderate Impact

A member of Susan's team recently fell for a phishing scam and provided his password and personal information to a scammer. What layered security approach is not an appropriate layer for Susan to implement to protect her organization from future issues?

Multitiered firewalls

What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?

NGFW

Which of the following threat actors typically has the greatest access to resources?

Nation-state actors

What tool would you use to capture IP traffic information to provide flow and volume information about a network?

Netflow

Robert's Organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?

Network Access Control

Which of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?

Nonrepudiation

What process uses information such as the way that a system's TCP stack responds to queries, what TCP options it supports, and the initial window size it uses?

OS Detection

Which of the following is not a common technique used to defend against command and control (C2) capabilities deployed by attackers?

Patching against zero-day attacks

Which one of the following is an example of an operational security control?

Penetration Tests

During what phase of penetration test should the testers obtain written authorization to conduct the test?

Planning

Which of the following is not a reason that penetration testers often perform packet capture while conducting port and vulnerability scanning?

Plausible Deniability

Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?

Quarterly

When performing 802.1x authentication, what protocol does thee authenticator use to communicate with the authentication server?

RADIUS

Renee is configuring her vulnerabilty management solution to perform credentialed scans of her network. What type of account should she provide to the scanner?

Read-Only

Barry is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. What team is he on?

Red Team

Which of the following is not a common DNS anti-harvesting technique?

Registering Manually.

Which of the following activities is not part of the vulnerability management life cycle?

Reporting

Chris is in charge of his organization's Windows security standard, including their Windows 7 security standard, and has recently decommissioned the organization's last Windows 7 system. What is the next step in his security standard's life cycle?

Retiring the Windows 7 standard

Susan wants to start performing intelligence gathering. Which of the following options is frequently conducted in the requirements gathering stage?

Review of security breaches or compromises your organization has faced

What term describes an organization's willingness to tolerate risk in their comping environment?

Risk Appetite

Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?

Risk Mitigation

Ryan is planning to conduct a vulnerability scan of a business critical system using dangerous plug-ins. What would be the best approach for the initial scan?

Run the Scan in a Test Environment

Cameron builds a malware signature using a hash of the binary that he found on an infected system. What problem is he likely to encounter with modern malware when he tries to match hashes with other infected systems?

The malware may be polymorphic

STRIDE, PASTA, and LINDDUN are all examples of what?

Threat classification tools

What drove the creation of ISACs in the United States?

Threat information sharing for infrastructure owners

Which of the following activities follows threat data analysis in the threat intelligence cycle?

Threat intelligence dissemination

What command-line tool can be used to determine the path that traffic takes to a remote system?

Traceroute

Tommy is assessing the security of several database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?

Vulnerability

Kevin would like to implement a specialized firewall that can protect against SQL ijection, cross-site scripting, and similar attacks. What technology should he choose?

WAF

Fred wants to ensure that only software that has been preapproved runs on workstations he manages. What solution will best fit this need?

Whitelisting

Which lookup tool provides information about a domain's registrar and physical location?

Whois

What language is STIX based on?

XML

What method used to replicate DNS information between DNS servers can also be used to gather large amounts of information about an organization's systems?

Zone Transfer

What technique is being used in this command? dig axfr @dns-server example.com

Zone Transfer

What method is used to replicate DNS information for DNS servers but is also a tempting exploit target for attackers?

Zone Transfers