Module 4
Which of the following is FALSE about a quarantine process? A. It holds a suspicious application until the user gives approval B. It can send a sanitized version of the attachment C. It can send a URL to the document that is on a restricted computer D. It is most often used with email attachments
A. It holds a suspicious application until the user gives approval
What are the two limitations of private information sharing centers?
Access to data and participation
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into the team's technology security. What technology will Oskar recommend?
Automated Indicator Sharing (AIS)
Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports that he was unable to find anything because looking for information on the dark web is different from using the regular web. Which of the following is FALSE about looking for information on the dark web? A. It is necessary to use Tor or IP2 B. Dark web search engines are identical to regular search engines C. Dark web merchants open and close their sites without warning D. The naming structure is different on the dark web
B. Dark web search engines are identical to regular search engines
Which of the following tries to detect and stop an attack? A. HIDS B. HIPS C. RDE D. SOMA
B. HIPS
Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS? A. STIX B. AIP-TAR C. TAXII D. TCP-Over-Secure (ToP)
C. TAXII
Which of the following is NOT a limitation of a threat map? A. Many maps claim that they show data in real time, but most are simply a playback of previous attacks B. Because threat maps show anonymized data, it is impossible to know the identity of the attackers or the victims C. They can be difficult to visualize D. Threat actors usually mask their real locations, so what is displayed on a threat map is incorrect
C. They can be difficult to visualize
Which of the following is NOT an advantage of an automated patch update service? A. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server B. Administrators can approve updates for "detection" only; this allows them to see which computers require the update without installing it C. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service D. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs
C. Users can disable or circumvent updates just as they can if their computer is confused to use the vendor's online update service
Which of the following is NOT an important OS security configuration? A. Employing least functionality B. Disabling default accounts C. Disabling unnecessary services D. Restricting patch management
D. Restricting patch management
Which of the following is NOT an improvement of UEFI over BIOS? A. Stronger boot security B. Networking functionality in UEFI C. Access larger hard drives D. Support of USB 3.0
D. Support of USB 3.0
Which of these is a list of preapproved applications? A. Greenlist B. Redlist C. Blacklist D. Whitelist
D. whitelist
What type of analysis is heuristic monitoring based on?
Dynamic analysis
What is the advantage of a secure cookie?
It is sent to the server over HTTPS.
An IOC occurs when what metric exceeds its normal bounds?
KRI
What does Windows 10 Tamper Protection do?
Limits access to the registry.
Which boot security mode sends information on the boot process to a remote server?
Measured boot
Which stage conducts a test that will verify the code functions as intended?
Staging stage
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information?
Traffic Light Protocol (TPL)
What are two concerns about using public information sharing centers?
privacy and speed
Which model uses a sequential design process?
waterfall model
