Endpoint and Application Development Security

What type of analysis is heuristic monitoring based on ? a . Dynamic analysis b . Input analysis c . Static analysis d . Code analysis

a . Dynamic analysis

Which of the following tries to detect and stop an attack ? a . HIPS b . HIDS c . RDE d . SOMA

a . HIPS

Which boot security mode sends information on the boot process to a remote server ? a . Measured Boot b . UEFI Native Mode c . Trusted Boot d . Secure Boot

a . Measured Boot

Which of the following is NOT a limitation of a threat map ? a . They can be difficult to visualize . b . Many maps claim that they show data in real time , but most are simply a playback of previous attacks . c . Because threat maps show anonymized data it is impossible know the identity of the attackers or the victims . d . Threat actors usually mask their real locations so what is displayed on a threat map is incorrect .

a . They can be difficult to visualize

Which of the following is FALSE about a quarantine process ? a . It is most often used with email attachments . b . It holds a suspicious application until the user gives approval . c . It can send a URL to the document that is on a restricted computer . d . It can send a sanitized version of the attachment .

b . It holds a suspicious application until the user gives approval .

What does Windows 10 Tamper Protection do ? a . Compresses and locks the registry b . Limits access to the registry c . Prevents any updates to the registry until the user approves the update . d . Creates a secure backup copy of the registry

b . Limits access to the registry

What are the two concerns about using public information sharing centers ? a . Security and privacy b . Privacy and speed c . Regulatory approval and sharing d . Cost and availability

b . Privacy and speed

Which model uses a sequential design process ? a . Secure model b . Waterfall model c . Rigid model d . Agile model

b . Waterfall model receiving information

What is the advantage of a secure cookie ? a . It only exists in RAM and is deleted once the web browser is closed . b . It cannot be stored on the local computer without the user's express permission . c . It is sent to the server over HTTPS . d . It is analyzed by AV before it is transmitted .

c . It is sent to the server over HTTPS .

What are the two limitations of private information sharing centers ? a . Bandwidth and CPU b . Government approval and cost c . Timing of reports and remote access d . Access to data and participation

d . Access to data and participation

Oskar has been receiving emails about critical threat intelligence information from a public information sharing center . His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security . What technology will Oskar recommend ? a . Lightwire JSON Control b . Linefeed Access c . Bidirectional Security Protocol ( BSP ) d . Automated Indicator Sharing ( AIS )

d . Automated Indicator Sharing ( AIS )

An IOC occurs when what metric exceeds its normal bounds ? a . IRR b . EXR c . LRG d . KRI

d . KRI

Which stage conducts a test that will verify the code functions as intended ? a . Testing stage b . Development stage c . Staging stage d . Production stage

d . Production stage

Which of the following is not an improvement of UEFI over BIOS ? a . Networking functionality in UEFI b . Access larger hard drives c . Stronger boot security d . Support of USB 3.0 Which

d . Support of USB 3.0

Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information ? a . CISA b . FOIA c . PCII d . TLP

d . TLP

Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization . The next week , Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web . Which of the following is not different about looking for information on the dark web ? a . The naming structure is different on the dark web . b . Dark web merchants open and close their sites without warning . c . Dark web search engines are identical to regular search engines . d . It is necessary to use Tor or IP2 .

c . Dark web search engines are identical to regular search engines .

Which of the following is NOT an important OS security configuration ? a . Disabling unnecessary services b . Disabling default accounts c . Restricting patch management d . Employing least functionality

c . Restricting patch management

Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS ? a . STIX b . TCP - Over - Secure ( TOP ) c . TAXII d . AIP - TAR

c . TAXII

Which of these is a list of preapproved applications ? a . Blacklist . b . Redlist . c . Whitelist d . Greenlist

c . Whitelist

Which of the following is NOT an advantage to an automated patch update service ? a . Specific types of updates that the organization does not test , such as hotfixes , can be automatically installed whenever they become available . b . Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server . c . Administrators can approve or decline updates for client systems , force updates to install by a specific date , and obtain reports on what updates each computer needs . d . Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service .

d . Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service .