3 AND 6
One component of the ALE calculation is ARO. What does ARO represent?
Annualized rate of occurrence
John the Ripper is a popular tool that helps attackers. Which of the following is its main function?
Crack passwords
Fred runs a small manufacturing shop. He produces consumer goods on his equipment. Suppose Fred has six stamp presses each valued at $35,000. At any given time, two of his presses might be out of service due to mechanical breakdowns or required upgrades. What is Fred's single loss expectancy?
$70,000
Which file on a Linux system can be enumerated to display all known users?
/etc/passwd
Natural disasters can happen at any time and have unknown or incalculable effects. Based on information from subject matter experts, the probability of a natural disaster is once every 75 years. Using this information, what is the annualized rate of occurrence (ARO) for a natural disaster affecting an organization?
0.013
An organization's user data server is backed up daily. Referencing the CIA triad, this is an example of which of the following?
Availability
What do each of the letters represent in the CIA triad?
Availability, Integrity, Confidentiality
Which of the following are true about threats and vulnerabilities? (Select two.)
A threat is a potential source of harm., A vulnerability is an opening for an attacker to exploit.
An attacker has made their way into an organization's network and run an LDAP enumeration tool. What is the attacker MOST likely accessing and extracting information from?
Active Directory
Which of the following would the red team MOST likely use?
An ethical hacker
How is probability determined using qualitative analysis?
By a team of subject matter experts
Which team is responsible for defending the network against attacks in a risk training scenario?
Blue
Access to a database is protected by multi-factor authentication. In the CIA triad, this is an example of which of the following?
Confidentiality
A new piece of equipment is placed into production. It is connected and powered on. Which of the following is the known threat vulnerability introduced in this scenario?
Default credentials
A security analyst must identify risks and figure out how best to mitigate them. Which of the following are risk mitigation techniques? (Select three.)
Ensure systems are patched and updated., Close unused ports on a firewall, Train users to identify email attacks
While investigating a potential security breach on a Windows machine, you list the commands that have recently been executed from the command line and find the following: arp -a, set username, set computername, net localgroup administrators, and tasklist. There are other commands as well. While then checking the running processes, you see the output below in Task Manager. It's clear that someone has compromised the Windows machine. What would you call the phase of the attack that you have found?
Enumeration
Which of the following is a device used by the blue team to lure an unsuspecting attacker to aimlessly explore?
Honeypot
How is magnitude measured by a team of subject matter experts when using qualitative analysis?
Impact
A tabletop exercise is a theoretical exercise where each team is given a set of criteria and then left to evaluate and strategize. They evaluate the what, when, where, why, and how. What is the purpose of this exercise?
It gives each team the opportunity to hone their skills and evaluate different techniques for attack and defense.
While performing a SoftPerfect scan as part of a regular machine audit, you notice that one of the machines is sharing the Users directory. When you double-click the share, you are taken directly to the Explorer pop-up displayed below. What does that probably tell you about the Student-PC host?
It is allowing NULL sessions.
Which tool is used as a framework for exploiting vulnerabilities and conducting discovery using predefined scripts?
Metasploit
PII, if exposed or captured by attackers, can be used to exploit and blackmail. What is PII?
Personally identifiable information
The annual loss expectancy (ALE) calculation provides an organization's stakeholders with what information?
Potential financial loss of an event based on how often a threat could occur.
When determining a risk's severity, which of the following are best to consider? (Select two.)
Probability, Magnitude
What is the primary difference between reconnaissance and enumeration?
Reconnaissance is passive discovery; enumeration is active discovery.
Which team is responsible for trying to infiltrate and attack a network?
Red
Attackers often target data and intangible assets. Identify what hackers may do with the information they collect. (Select two.)
Sell the data to the competition, Harm a company's reputation
An attacker may poison the DNS by making changes to an organization's DNS table. Why might an attacker take this action?
The attacker can redirect users to a malicious website.
Which of the following roles is often outsourced in risk training scenarios?
The offensive team
Which of the following BEST describes an SNMP trap?
The public community provides read-only access to device configuration.
A new desktop was put into production. The system administrator created a new user and disabled the local administrator and guest accounts. Which vulnerability was introduced when the system was powered on?
The system was not updated or patched.
During a tabletop exercise, someone from the red team has a question about a procedure's validity and whether or not it would violate the terms of engagement. How should this be determined?
The white team must answer the question before moving forward.
An organization's cybersecurity staff needs to be competent at their jobs or serious consequences can occur. Which of the following is an important component to staying up to date and honing a team's cybersecurity skills?
Training
How is probability determined using quantitative analysis?
Using the ARO calculation
A member of which team is often used to oversee a tabletop exercise?
White
A(n) ______ threat comes from a disgruntled employee or contractor.
internal
A(n) ______ assessment measures valuation and intangibles.
qualitative
A(n) ______ assessment measures the direct value of tangible assets.
quantitative
You are tasked with enumerating an exploited machine using Metasploit. The target system is already connected to the Metasploit console, and you have executed the help command to see which options are available. Which of the listed commands will give you the computer name, operating system, and hardware architecture?
sysinfo
What is the name for a mock attack exercise that simulates an actual network attack?
tabletop