CIT review

Ace your homework & exams now with Quizwiz!

What are a common IoT attacks?

MiTM, DoS/DDoS, Replay (also known as playback)

What is playbook automation?

A Flow of actions designed to reduce the need for human intervention in repetitive tasks

Sandbox

Restricted environment used to run suspicious programs and files

What Is Firmware?

A semi-permanent software used to operate hardware components. It is written onto dedicated flash memory on the computer's hardware and provides instructions for hardware devices to enable communication with other hardware components.

What is may relay?

A server that routes emails to their correct destination. It provides a way to guarantee message authenticity.

Which of the following security measure is related to Endpoint Security?

Anitivirus

Examples of Endpoint Security Suite?

Antivirus, DLP, Application control/ Allow list, HIPS/HIDS, communication encryption, Email & phishing protection, logging & Monitoring, and Encrypted communication & hardware.

What are methods to reveal honeypots?

Banner grabbing, evasion in a sentence, exceptionally long or short uptime, vendor signature (well-known files) like kippo.cfg, enticing vulnerabilities

Why are IoT devices known to be vulnerable to many attacks?

Because of a lack of security awareness among developers

Internal Firewall

Blocks incoming/outgoing connections to/from the workstation

What are honeytoken types?

Bogus email address, false database data, forged executable files, phone home embedded links, web beacons, browser cookies

What is the definition of log aggregation?

Collecting logs with similar structures

Which of the following should be used to secure a website against abnormal traffic?

DMZ

**An example of Endpoint Security Suite?

Data loss prevention (DLP)

What are SIEM general components

Database, Correlation Engine, Collectors, Management Center & Dashboards, API

What does DNP3 stand for?

Distributed Network Protocol

What is a security solution that can protect against sophisticated threats? APT

EDR (Endpoint detection & response)

What is the primary benefit of SOAR?

Eliminates tier 1 analysts, reducing incident response time. Which saves time & money, but can lead to false positives

.fp

Exclusion: MD5 signature

.sfp

Exclusion: SHA1 or SHA256 signature

.ign2

Exclusion: specific signature

What are examples of deterrent access controls?

Fences, cameras, motion detectors

What is the difference between firmware and software?

Firmware is fixed data that is part of a hardware device; software is what the user interacts with

What is a honey token?

Honeypot that is not a computer system

An attacker launches a mail spoofing attack. Which of the following commands will probably be used in the attack?

Help server, MAIL FROM: [email protected], RCPT TO:[email protected],data

What is the main purpose of the SIEM solution?

Helps detect security incidents

A security company wants to learn a new attack method. Which of the following would be a good way to do that?

Honeypot

YARA is a tool used to:

Identify & classify malware samples

What is a SIEM alert?

Indicates possible anomaly, threat, or attack

What is IIOT?

Industrial Internet of Things

A NOC manager wants to collect logs from the windows OS in Splunk. What needs to be installed & configured?

Install universal forward serve

What are endpoint security components?

Internal firewall, HIDS/HIPS, Sandbox

What is true about Modbus?

It communicates raw messages without authentication or any overhead. It is a request-response protocol and operates at the application layer of the OSI model.

What is the fault tolerance?

It ensures that remaining components can maintain a system when one or more component fails

What is a canary trap & what is it's benefits?

It is an almost identical copy of a document where leaked data is traced to the receiving person. It is used to identify internal data leakers

What is true about CIP?

It is designed for automating industrial applications. It encompasses a set of messages and services for security, control, control and synchronization. It is widely used in industry, since it can be easily integrated into other networks.

What is CIP designed for and what is it vulnerable to?

It is specifically for intercommunication and integration with other networks. It is vulnerable to remote attacks and may result in a denial-of-service (DoS) condition, controller fault, or enable a Man-in-the-Middle (MitM) attack, or Replay attack.

What is true about DNP3?

It was developed in 1993 and is widely used in the USA and Canada. It operates at the application, data link and transport layers; thus, it is a three-layer protocol.

What is ICS (Industrial Control Systems)

It's units that monitor and manage industrial machinery used in critical infrastructure. It integrates hardware, software, and network connectivity to achieve remote support and management of critical infrastructure devices.

Why is defense in layers important?

Multiple layers of defense have a better chance of thwarting potential intruders.

What is NOT one of the IoT components?

Network segregation

**what is an example of an AV bypass technique?

Packing and encryption

What is not a common IoT attack?

Phishing

What is one characteristic of low interaction Honeypots?

Provides a limited access and covers specific ports

EDR

Provides high visibility of endpoints, focuses on detecting and responding to malicious activity on the host. Best use case, search manually for threats.

Which of the following is not information that requires DLP protection?

Public facing webpages

What are examples of ICS protocols?

RS-232 and RS-485, Modbus, DNP3, HART, TASE 2.0 and ICCP, CIP, PROFIBUS and PROFINET, FOUNDATION

What are research honeypots used for?

Research possible future threats

**A type of malware designed to stay undetected on your computer

Rootkits

A new company stores sensitive information and wants to secure that information using a system that reports and forensically analyzes security incidents. Which system should it use?

SIEM

What is SOAR?

Security Orchestrated Automation & Response

What are some IoT components?

Smart gateway, connectors, data processinng

Someone attempted to hack your company's network. Which system received the warning?

Splunk

Antivirus consists of

String/byte signatures, hash signatures, heuristic detection

Which of the following artifacts does AV search for?

Strings, hashes, heuristics

Why should alerts be generated?

To monitor & handle suspicious events in the organization

What is considered the weakest link in cyber security?

Unaware or untrained people

If the following query was sent to a SIEM : 'source="/var/log:auth.log" what would be the outcome?

Unix authentication logs

What's a way to secure IoT devices?

Use VLAN and ACL

The method to mark files as safe is:

Whitelisting

What is the term of a newly discovered flaw in a program?

Zero-Day

.gdb

phishsig: URL hashes

What is the definition of an alert ?

A type of query that checks rules for each active log in the system , whereby if a match is found an email will be sent, SNMP or Syslog will be activated, or an automatic script will be executed.

SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]:Accepted password for root from 10.10.1.1 port 5581 ssh2. What does that mean?

An SSH connection was established on 5/21 with a root user

What is the main purpose of PFSense?

An open-source firewall

What does BYOD stand for?

Bring your own device

What does CIP stand for?

Common Industrial Protocol

What is a honeypot?

Decoy device that tries to lure attackers

What is a cyber anomaly exploration?

Detects suspicious behavior

HIDS/HIPS

Detects, protects, and alerts upon malicious activity

What is DomainKeys Identified Mail (DKIM)?

Email validation technique

Microsoft Security Essentials was tagged in 2011 google chrome as. Malicious. What is the professional term related to this case?

False positive

What does the antivirus search for?

Hash signatures

Which of the following is a security mechanism that is configured to detect, deceive, and counteract attempts at unauthorized access?

Honeypot

What is a fail safe implementation?

It means that all components work together to prevent or minimize damage in case of a disaster

What is the main purpose of the Honeypots?

Lure attackers

ClamAV

Open source and cross platform AV software. Mainly a CLI tool, although a GUI is available. Most features require initial configuration.

What is the PPT triad?

People, process, technology

What are the 5 layers of IoT?

Perception , Transmission, Middleware, Application, and Business

What is an area where companies can safely test potentially malicious files?

Sandbox

.pdb

phishsig: URLs of potential phishing sites

.wdb

phishsig: Whitelisted URL


Related study sets

Distinguish between what is true and what is not true about the aging process

View Set

Unit 4, pg.45, CB Key word transformation

View Set

FINAL COMPI, Assessment 4, AIS Exam #3 (CH. 13-15), AIS Final Exam questions

View Set

AP Micro Unit 6 - Other lectures

View Set