CIT review
What are examples of deterrent access controls?
Fences, cameras, motion detectors
What does the antivirus search for?
Hash signatures
Which of the following should be used to secure a website against abnormal traffic?
DMZ
HIDS/HIPS
Detects, protects, and alerts upon malicious activity
EDR
Provides high visibility of endpoints, focuses on detecting and responding to malicious activity on the host. Best use case, search manually for threats.
What is a canary trap & what is it's benefits?
It is an almost identical copy of a document where leaked data is traced to the receiving person. It is used to identify internal data leakers
Why is defense in layers important?
Multiple layers of defense have a better chance of thwarting potential intruders.
What is SOAR?
Security Orchestrated Automation & Response
What are methods to reveal honeypots?
Banner grabbing, evasion in a sentence, exceptionally long or short uptime, vendor signature (well-known files) like kippo.cfg, enticing vulnerabilities
.sfp
Exclusion: SHA1 or SHA256 signature
Microsoft Security Essentials was tagged in 2011 google chrome as. Malicious. What is the professional term related to this case?
False positive
What is the difference between firmware and software?
Firmware is fixed data that is part of a hardware device; software is what the user interacts with
What is the definition of an alert ?
A type of query that checks rules for each active log in the system , whereby if a match is found an email will be sent, SNMP or Syslog will be activated, or an automatic script will be executed.
What is a honey token?
Honeypot that is not a computer system
Which of the following security measure is related to Endpoint Security?
Anitivirus
What Is Firmware?
A semi-permanent software used to operate hardware components. It is written onto dedicated flash memory on the computer's hardware and provides instructions for hardware devices to enable communication with other hardware components.
Examples of Endpoint Security Suite?
Antivirus, DLP, Application control/ Allow list, HIPS/HIDS, communication encryption, Email & phishing protection, logging & Monitoring, and Encrypted communication & hardware.
What are honeytoken types?
Bogus email address, false database data, forged executable files, phone home embedded links, web beacons, browser cookies
.ign2
Exclusion: specific signature
An attacker launches a mail spoofing attack. Which of the following commands will probably be used in the attack?
Help server, MAIL FROM: [email protected], RCPT TO:[email protected],data
A security company wants to learn a new attack method. Which of the following would be a good way to do that?
Honeypot
Which of the following is a security mechanism that is configured to detect, deceive, and counteract attempts at unauthorized access?
Honeypot
A NOC manager wants to collect logs from the windows OS in Splunk. What needs to be installed & configured?
Install universal forward serve
What is the main purpose of the Honeypots?
Lure attackers
What is playbook automation?
A Flow of actions designed to reduce the need for human intervention in repetitive tasks
SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]:Accepted password for root from 10.10.1.1 port 5581 ssh2. What does that mean?
An SSH connection was established on 5/21 with a root user
Why are IoT devices known to be vulnerable to many attacks?
Because of a lack of security awareness among developers
What does CIP stand for?
Common Industrial Protocol
Sandbox
Restricted environment used to run suspicious programs and files
.gdb
phishsig: URL hashes
.pdb
phishsig: URLs of potential phishing sites
.wdb
phishsig: Whitelisted URL
What is the definition of log aggregation?
Collecting logs with similar structures
.fp
Exclusion: MD5 signature
What is not a common IoT attack?
Phishing
**An example of Endpoint Security Suite?
Data loss prevention (DLP)
What are a common IoT attacks?
MiTM, DoS/DDoS, Replay (also known as playback)
YARA is a tool used to:
Identify & classify malware samples
What is a honeypot?
Decoy device that tries to lure attackers
What is the main purpose of PFSense?
An open-source firewall
Internal Firewall
Blocks incoming/outgoing connections to/from the workstation
What is NOT one of the IoT components?
Network segregation
What's a way to secure IoT devices?
Use VLAN and ACL
What does BYOD stand for?
Bring your own device
What are SIEM general components
Database, Correlation Engine, Collectors, Management Center & Dashboards, API
What is a SIEM alert?
Indicates possible anomaly, threat, or attack
What is the term of a newly discovered flaw in a program?
Zero-Day
What is the PPT triad?
People, process, technology
Which of the following is not information that requires DLP protection?
Public facing webpages
What are research honeypots used for?
Research possible future threats
What is an area where companies can safely test potentially malicious files?
Sandbox
What are some IoT components?
Smart gateway, connectors, data processinng
What is considered the weakest link in cyber security?
Unaware or untrained people
The method to mark files as safe is:
Whitelisting
What is true about CIP?
It is designed for automating industrial applications. It encompasses a set of messages and services for security, control, control and synchronization. It is widely used in industry, since it can be easily integrated into other networks.
What is CIP designed for and what is it vulnerable to?
It is specifically for intercommunication and integration with other networks. It is vulnerable to remote attacks and may result in a denial-of-service (DoS) condition, controller fault, or enable a Man-in-the-Middle (MitM) attack, or Replay attack.
What is a fail safe implementation?
It means that all components work together to prevent or minimize damage in case of a disaster
What is true about DNP3?
It was developed in 1993 and is widely used in the USA and Canada. It operates at the application, data link and transport layers; thus, it is a three-layer protocol.
What is ICS (Industrial Control Systems)
It's units that monitor and manage industrial machinery used in critical infrastructure. It integrates hardware, software, and network connectivity to achieve remote support and management of critical infrastructure devices.
ClamAV
Open source and cross platform AV software. Mainly a CLI tool, although a GUI is available. Most features require initial configuration.
**what is an example of an AV bypass technique?
Packing and encryption
What are the 5 layers of IoT?
Perception , Transmission, Middleware, Application, and Business
What is one characteristic of low interaction Honeypots?
Provides a limited access and covers specific ports
What are examples of ICS protocols?
RS-232 and RS-485, Modbus, DNP3, HART, TASE 2.0 and ICCP, CIP, PROFIBUS and PROFINET, FOUNDATION
**A type of malware designed to stay undetected on your computer
Rootkits
A new company stores sensitive information and wants to secure that information using a system that reports and forensically analyzes security incidents. Which system should it use?
SIEM
Someone attempted to hack your company's network. Which system received the warning?
Splunk
Antivirus consists of
String/byte signatures, hash signatures, heuristic detection
Which of the following artifacts does AV search for?
Strings, hashes, heuristics
If the following query was sent to a SIEM : 'source="/var/log:auth.log" what would be the outcome?
Unix authentication logs
What does DNP3 stand for?
Distributed Network Protocol
What is IIOT?
Industrial Internet of Things
What is the main purpose of the SIEM solution?
Helps detect security incidents
What is may relay?
A server that routes emails to their correct destination. It provides a way to guarantee message authenticity.
What is a cyber anomaly exploration?
Detects suspicious behavior
What is a security solution that can protect against sophisticated threats? APT
EDR (Endpoint detection & response)
What is the primary benefit of SOAR?
Eliminates tier 1 analysts, reducing incident response time. Which saves time & money, but can lead to false positives
What is DomainKeys Identified Mail (DKIM)?
Email validation technique
What are endpoint security components?
Internal firewall, HIDS/HIPS, Sandbox
What is true about Modbus?
It communicates raw messages without authentication or any overhead. It is a request-response protocol and operates at the application layer of the OSI model.
What is the fault tolerance?
It ensures that remaining components can maintain a system when one or more component fails
Why should alerts be generated?
To monitor & handle suspicious events in the organization