Cybersecurity

Ace your homework & exams now with Quizwiz!

a Windows tool useful for troubleshooting

Sysinternals

defines how cyber threat information can be shared via services and message exchanges

Trusted Automated exchange of Intelligent Information (TAXII)

Which of the following can help organizations exercise care in ensuring the authenticity and integrity of the components of hardware purchased from a vendor? a. Hardware Source Authenticity b. Vendor Due Diligence c. Supply Chain Risk Assessment d. Trusted Foundry

Trusted Foundry

Which of the following is not considered an application-related indicator of compromise? a. Introduction of New Accounts b. Unauthorized Scheduled Task c. Unexpected Output d. Anomalous Activity

Unauthorized Scheduled Task

Common Vulnerability Scoring System (CVSS)

0-3.9 = Low 4-6.9 = Medium 7-10 = High

How many stages does PASTA threat model have?

7

uses dynamic and static analysis

Veracode

Which of the following enables an encrypted connection over the internet from a device to a network? a. A Software-Defined Network (SDN) b. A Virtual LAN (VLAN) c. A Virtual Private Network (VPN) d. A Virtual Private Cloud (VPC)

Virtual Private Network (VPN)

What are Race conditions?

A race condition is when a device or system attempts to execute two or more operations at the same time

Which of the following correctly describes what a secure enclave is? a. The secure enclave is a secure coprocessor which includes a hardware-based key manager and is isolated from the main processor to provide an extra layer of security b. The secure enclave is a type of hard drive which continuously and automatically encrypts data on the drive without any user interaction c. The secure enclave provides security extensions which allow for the protection of trusted and system resources from untrusted handlers and applications d. The secure enclave is a piece of software which makes it more difficult for attackers to modify the system

A secure coprocessor which includes a hardware-based key manager and is isolated from the main processor to provide an extra layer of security

Which of the following describes an email signature block? a. A signature which provides sender verification, message integrity and nonrepudiation b. An attack designed to trick victims into performing certain actions such as wiring money to an attacker's account c. A set of information such as name, email address, company title, and credentials d. An embedded link in an email

A set of information such as name, email address, company title, and credentials

Which of the following is a social engineering attack that targets wealthy, powerful or prominent individuals? a. Smishing b. Phishing c. Whaling d. Spear phishing

Whaling

set of tactics and techniques used to better classify attacks and assess an organization's risk

ATT&CK Matrix

network suite to analyze wireless LANs

Aircrack-ng

Which option is not considered when creating a Business Impact Analysis (BIA)? a. Assets and asset values b. Financial considerations c. Regulatory responsibilities d. Operational disruption and productivity

Assets and asset values

Which are known as exploitability metrics: a. Confidentiality Impact, Integrity Impact, Availability Impact b. Modified Attack Vector, Modified Attack Complexity, Modified Privileges Required,Modified User Interaction, Modified Scope c. Explicit Code Maturity, Remediation Level, Report Confidence d. Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope

Attack Vector, attack complexity, privileges required, user interaction, scope

Which type of attack involves an attacker manipulating a program so that it places more data into a section of memory than is allocated for that programs use?

Buffer Overflow Attack

Which of the following is a technique that helps to organize digital assets so that security controls can be applied more cleanly with fewer possible human errors? a. Asset Prioritization b. Executable Process Analysis c. Reducing the Attack Surface Area d. Bundling Critical Assets

Bundling Critical Assets

robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer

CAN bus

Extracting files out of raw data based on file format specific characteristics present in that data refers to ______. a. Data Acquisition b. Carving c. Hashing d. Virtualization

Carving

______ is not considered a password cracker. a. Cellebrite b. John the Ripper c. Cain & Abel d. Hashcat and oclHashcat

Cellebrite

Which describes a set of rules or configurations for a particular system which all future system configurations can be compared to?

Configuration baseline

Which of the following is the practice of merging the various changes in code made by contributors back to the main branch, or effort, of a code base as early and often as possible? a. Continuous Delivery b. Continuous Integration c. Security Content Automation Protocol (SCAP) d. Continuous Deployment

Continuous Integration

Which of the following Maximum Tolerable Downtime (MTD) categories should be restored first before anything else? a. Urgent b. Normal c. Important d. Critical

Critical

Which is not a stage of an incident management lifecycle? a. Preparation b. Containment, Eradication and Recovery c. Detection and Analysis d. Data Correlation

Data Correlation

Which of the following is a technique that allows one process to gather information from another process or source, then customize a response to a third source using the data from the second process of source? a. Data Enrichment b. Automated Malware Signature Creation c. Threat Feed Combination d. Workflow Orchestration

Data Enrichment

Which option describes the process of covering or replacing parts of sensitive data with data that is not sensitive? a. Deidentification b. Technical Controls c. Tokenization d. Data Masking

Data Masking

______ is a data retention techniques that involves using a magnetic field to completely wipe out the information and data stored on a hard drive. a. Formatting b. Degaussing c. Wiping d. Destruction

Degaussing

perimeter network separated from rest of network

Demilitarized Zone (DMZ)

Which characteristic contributes to the severity level classification? a. Impact b. Downtime c. Asset Location d. Server Capability

Downtime

forensic investigation tool

EnCase

__________ refers to a deliberate balancing of system security and performance aimed at ensuring that, while neither solution option is optimal, both are acceptable to the organization a. Security Controls b. Engineering Tradeoffs c. Compensating Controls d. Systems Assessment

Engineering Tradeoffs

examine purpose of executable file

Executable Process Analysis

scans hard drive, can find deleted emails

FTK

integrated circuit designed to be configured by a customer or a designer after manufacturing

Field programmable Gate Array

Which of the following refers to creating a new partition table after partitioning has been accomplished? a. Degaussing b. Partitioning c. Formatting d. Wiping out a Hard Drive

Formatting

Which legal requirement provides guidelines for securing all financial information and prohibits sharing financial information with third parties? a. GLBA b. PCI DSS c. HIPPA d. GDPR

Gramm-Leach-Bliley Act (GLBA) of 1999

Which of the following is a special trusted computer which is dedicated solely to cryptographic processing? a. Trusted Foundry b. Trusted Platform Module (TPM) c. Hardware Security Module (HSM) d. Hardware Root of Trust

Hardware Security Module (HSM)

Which comes as a live CD that can be mounted on a host without affecting the data on the host and provides the ability to acquire evidence and make drive images? a. Sysinternals b. EnCase c. FTK d. Helix3

Helix3

Which of the following refers to information critical to the function of an organization? a. Sensitive Personal Information (SPI) b. High Value Assets (HVA) c. Intellectual Property (IP) d. Corporate Confidential

High Value Assets (HVA)

Which of the following tools is used to test/audit firewalls? a. Reaver b. Hping c. Aircrack-ng d. Responder

Hping

Which of the following cloud models offer a simple method of accessing computing capabilities on demand over the web? a. Infrastructure as a Service (IaaS) b. Function as a Service (FaaS) c. Platform as a Service (PaaS) d. Software as a Service (SaaS)

Infrastructure as a Service (IaaS)

Which of the following vulnerabilities allow attackers to achieve their malicious goals undetected?

Insufficient logging and monitoring

Which of the following is not a category used in the ATT&CK matrix when profiling threat actors and activities? a. Discovery b. Location c. Initial Access d. Defense Evasion

Location

security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. Each user and device on the system is assigned a similar classification and clearance level

Mandatory Access Controls (MAC)

Which of the following checks each start up component, including everything from boot drivers to firmware, to better protect PCs from rootkits and other malware? a. Trusted Firmware Updates b. Device Attestation c. Measured Boot d. Atomic Execution

Measured Boot

small, containerized application services that perform a single task or a small group of related tasks

Microservices

Which of the following is a communication protocol primarily used for transmitting information over serial lines between electronic devices? a. Controller Area Network (CAN) bus b. Supervisory Control and Data Acquisition Systems (SCADA) c. Modbus d. Workflow and Process Automation Systems

Modbus

Which of the following device tracking technologies has the smallest range? a. NFC b. Wi-Fi c. Bluetooth d. GPS

NFC

Which of the following tools is used for Dynamic Analysis of code? a. Qualys b. Veracode c. SonarQube d. Netsparker

Netsparker

Which of the following can be either hardware or software, can examine data packets moving in or out of a network and is used to immediately detect unauthorized activity? a. IDS b. IPS c. HIDS d. NIDS

Network Intrusion Detection Systems (NIDS)

What is not considered a method of mitigating a security incident? a. Avoidance b. Acceptance c. Patching d. Deterrence

Patching

Which data type is concerned with information regarding pathological and other medical tests, medial history and medical insurance? a. Intellectual Property b. Personal Health Information (PHI) c. Personal Identifiable Information (PII) d. Payment Card Information

Personal Health Information (PHI)

Which of the following cloud deployment models is typically used by a single organization? a. Community b. Private c. Public d. Hybrid

Private

Which risk calculation method does not involve quantifying the data in the risk analysis process and instead uses categories that describe the qualities of risk elements? a. Regulatory Risk Analysis b. Monetary Risk Analysis c. Qualitative Risk Analysis d. Quantitative Risk Analysis

Qualitative Risk Analysis

Tool to brute force the WPS of a WiFi Router

Reaver

using least amount of devices/networks

Reducing the Attack Surface Area

set of constraints to guide how Web should behave

Representational State Transfer (REST)

When conducting a risk identification process, which option is not taken into consideration? a. Calculate threat probability and business impact b. Reputation c. Identify vulnerabilities and threats d. Identify assets and asset values

Reputation

Which of the following is not considered a containment method? a. Reverse Engineering b. Removal c. Segmentation d. Isolation

Reverse engineering

Which of the following describes a device present on a network which you do not control or manage?

Rogue devices

Which of the following hashing algorithms generates a Message Digest between 256 bits and 512 bits?

SHA-2 Hashing Algorithm

protocol for operating securely over unsecured network

Secure Shell (SSH)

open standard for exchanging authentication and authorization data between parties

Security Assertions Markup Language (SAML)

using specific standards to enable automated vulnerability management

Security Content Automation Protocol (SCAP)

Which of the following is a messaging protocol based on XML which is used for exchanging information among computers? a. Microservices b. Security Assertions Markup Language (SAML) c. Representational State Transfer (REST) d. Simple Object Access Protocol (SOAP)

Simple Object Access Protocol (SOAP)

Which of the following methods of internet-based machine-to-machine communications uses Extensible Markup Language (XML) as the message format transmits through HTTP or SMTP? a. Trusted Automated eXchange of Intelligent Information (TAXII) b. Secure Shell (SSH) c. Simple Object Access Protocol (SOAP) d. Representational State Transfer (REST)

Simple Object Access Protocol (SOAP)

uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network, easy to collect network usage information

Software-Defined Network (SDN)

Uses static code analysis to debug

SonarQube

What does STRIDE stand for?

Spoofing Identity, Tampering with data, Repudiation, Information disclosure, Denial of service and elevation of privilege

Which of the following are a type of Industry Control System? a. Supervisory Control and Data Acquisition Systems (SCADA) b. Field-Programmable Gate Arrays (FPGAs) c. Embedded Systems d. System-on-Chip Systems (SoC)

Supervisory Control and Data Acquisition Systems (SCADA)

computer that spans large geographic area, public connection through the Internet

Wide Area Network (WAN)

Virtual Machine Sprawl refers to which of the following? a. An attacker targeting a VM with requests resulting in disruption of the target's online services b. With many virtual machines, there is a greater likelihood of lapses in security making it difficult for an administrator to manage. c. A guest OS is able to connect with the hypervisor, enabling the guest OS to interact directly with other VMs as well as the host d. Migrating a virtual machine to a different host without updating the configuration and security controls which leave it vulnerable to an attack

With many virtual machines, there is a greater likelihood of lapses in security making it difficult for an administrator to manage

What is a Service Level Agreement (SLA)?

a document that defines the level of service you expect from a vendor

identifying known malware

automated malware signature creation

Which of the following are used to identify and control who can access and operate corporate networks and services? a. Monitoring and Logging b. Digital Signatures c. Certificate management d. Mandatory Access Control (MAC)

certificate management

code changes are automatically prepared for production release

continuous delivery

changes are prepared periodically

continuous deployment

the sampling of continuous world information to get data which will be manipulated by a computer

data acquisition

removing association between data and subject

deidentification

software verifies the authenticity and integrity of the hardware and software of a device.

device attestation

mathematical technique which validates the authenticity and integrity of a message, software or digital documents. It allows us to verify the author name, date and time of signatures, and authenticate the message contents

digital signature

has a dedicated function within a larger mechanical or electronic system

embedded system

Which of the following is a controlled network which allows third-parties to connect, allowing them to gain information without connecting to the corporate internal network? a. A WAN b. A DMZ c. An Extranet d. An Intranet

extranet

the foundation on which all secure operations of a computing system depend

hardware root of trust

used to verify data has not been altered

hashing

public and private mix

hybrid cloud

private network within a business

intranet

which of the following are threat actors: a. Nation-state, Zero-days, Hacktivist, Organised Crime b. Nation-state, Intentional insider threat, Ransomware, Organised crime c. Nation-state, Advanced Persistent Threat (APT), Insider threat, Organised crime d. Nation-state, Insider threat, hacktivist, Organised crime

nation state, insider threat, hacktivist, organized crime

each guest can access its' own stuff but not any other guests' stuff

partitioning

Anybody can access, less secure

public cloud

process of taking a piece of software or hardware and analyzing its functions and information flow so that its functionality and behavior can be understood

reverse engineering

divides network into multiple parts

segmentation

sending emails from a known or trusted sender to make targeted individuals reveal confidential information

spear phishing

integrated circuit that integrates all or most components of a computer or other electronic system

system-on-chip

the process of substituting a sensitive data element with a non-sensitive equivalent

tokenization

international standard for a secure cryptoprocessor/chip

trusted platform module (TPM)

threat feed combination

using public database of known threats

group of computers and devices that share a communications line or wireless link to a server within the same geographical area

virtual LAN

process of running multiple virtual instances of a device on a single physical hardware resource

virtualization


Related study sets

IBM (Chapter 5 Connect Assignment)

View Set

Superficial extensor muscles of the right forearm posterior view

View Set

Einstein Bros Bagels. Breakfast(1-12), Lunch (14-22)

View Set