Security+ Chapter 2
TAXII
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?
Insider Hacktivists
Edwards Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which two of the following best describes Snowdens activates?
Supply Chain
Greg believe that an attacker may have installed malicious firmware in a network device before it was provided yo his organization by the supplier. What type of threat vector best describes this attacl?
Internet RFCs
Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocols technical specification. What resource would best be meet his needs?
White Hat
Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work.
Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?
Gray Hat
Person who may violate ethical standards or principles, but without the malicious intent ascribed to black hat hackers
Unavailability of future patches
Toms's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern Tom the most from a security perspective?
Shadow IT
Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term best describes this use of technology?
IoC
Vince recently received the hash values of malicious software that several industry found installed on their systems after a compromise. What term best describes this information?
API keys
Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, is discovered in a public repository?
XML
What language is STIX based on?
ISACs
What organization did the U.S. government help create to help share knowledge between organizations in specific verticals?
Behavioral
What type of assessment is particularly useful for identifying insider threats?
Detail
Which of the following is not commonly used to assess threat intelligence?
anonymous
Which of the following is the best example of a hacktivist group?
Nation-state actors
Which of the following threat actors typically has the greatest access to resources?
Threat map
Which of the following threat research tools is used to visually display information about the location of threat actors?
Nation-state actor
Which one of the following attackers is most likely to be associated with an APT?
Port scans
Which one of the following information sources would not be considered an OSINT source?