IST 1144 - Module 2
Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?
A vulnerability scan is usually automated.
What are the primary features of a security information event management (SIEM) tool?
Aggregation, correlation, event deduplication, time synchronization, and alerting
What is the primary goal of penetration testing?
Attempt to uncover deep vulnerabilities and then manually exploit them
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary?
Blue Team
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network?
Footprinting Collecting data over time to
Which of the following is considered an industry-specific cybersecurity regulation?
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?
Look at the priority and the accuracy of the vulnerability
Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase?
Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
What is the fastest-running vulnerability scan, and why does this type of scan run so fast?
Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests.
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS PCI Security Standards Council Site
Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats?
Purple Team
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next?
Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.
A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take?
Scan all devices, each for a very short time
Which of the following is a primary difference between a red team and a white team?
The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing.
A vulnerability assessment engineer performed vulnerability scanning on active directory servers and discovered that the active directory server is using a lower version of Kerberos. To alert management to the risk behind using a lower version of Kerberos, he needs to explain what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can the attacker perform after exploiting vulnerabilities in Kerberos?
Use privilege Escalation
What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation?
Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
What is the primary difference between credentialed and non-credentialed scans?
What is the primary difference between credentialed and non-credentialed scans?