Cybersecurity
a Windows tool useful for troubleshooting
Sysinternals
defines how cyber threat information can be shared via services and message exchanges
Trusted Automated exchange of Intelligent Information (TAXII)
Which of the following can help organizations exercise care in ensuring the authenticity and integrity of the components of hardware purchased from a vendor? a. Hardware Source Authenticity b. Vendor Due Diligence c. Supply Chain Risk Assessment d. Trusted Foundry
Trusted Foundry
Which of the following is not considered an application-related indicator of compromise? a. Introduction of New Accounts b. Unauthorized Scheduled Task c. Unexpected Output d. Anomalous Activity
Unauthorized Scheduled Task
Common Vulnerability Scoring System (CVSS)
0-3.9 = Low 4-6.9 = Medium 7-10 = High
How many stages does PASTA threat model have?
7
uses dynamic and static analysis
Veracode
Which of the following enables an encrypted connection over the internet from a device to a network? a. A Software-Defined Network (SDN) b. A Virtual LAN (VLAN) c. A Virtual Private Network (VPN) d. A Virtual Private Cloud (VPC)
Virtual Private Network (VPN)
What are Race conditions?
A race condition is when a device or system attempts to execute two or more operations at the same time
Which of the following correctly describes what a secure enclave is? a. The secure enclave is a secure coprocessor which includes a hardware-based key manager and is isolated from the main processor to provide an extra layer of security b. The secure enclave is a type of hard drive which continuously and automatically encrypts data on the drive without any user interaction c. The secure enclave provides security extensions which allow for the protection of trusted and system resources from untrusted handlers and applications d. The secure enclave is a piece of software which makes it more difficult for attackers to modify the system
A secure coprocessor which includes a hardware-based key manager and is isolated from the main processor to provide an extra layer of security
Which of the following describes an email signature block? a. A signature which provides sender verification, message integrity and nonrepudiation b. An attack designed to trick victims into performing certain actions such as wiring money to an attacker's account c. A set of information such as name, email address, company title, and credentials d. An embedded link in an email
A set of information such as name, email address, company title, and credentials
Which of the following is a social engineering attack that targets wealthy, powerful or prominent individuals? a. Smishing b. Phishing c. Whaling d. Spear phishing
Whaling
set of tactics and techniques used to better classify attacks and assess an organization's risk
ATT&CK Matrix
network suite to analyze wireless LANs
Aircrack-ng
Which option is not considered when creating a Business Impact Analysis (BIA)? a. Assets and asset values b. Financial considerations c. Regulatory responsibilities d. Operational disruption and productivity
Assets and asset values
Which are known as exploitability metrics: a. Confidentiality Impact, Integrity Impact, Availability Impact b. Modified Attack Vector, Modified Attack Complexity, Modified Privileges Required,Modified User Interaction, Modified Scope c. Explicit Code Maturity, Remediation Level, Report Confidence d. Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope
Attack Vector, attack complexity, privileges required, user interaction, scope
Which type of attack involves an attacker manipulating a program so that it places more data into a section of memory than is allocated for that programs use?
Buffer Overflow Attack
Which of the following is a technique that helps to organize digital assets so that security controls can be applied more cleanly with fewer possible human errors? a. Asset Prioritization b. Executable Process Analysis c. Reducing the Attack Surface Area d. Bundling Critical Assets
Bundling Critical Assets
robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer
CAN bus
Extracting files out of raw data based on file format specific characteristics present in that data refers to ______. a. Data Acquisition b. Carving c. Hashing d. Virtualization
Carving
______ is not considered a password cracker. a. Cellebrite b. John the Ripper c. Cain & Abel d. Hashcat and oclHashcat
Cellebrite
Which describes a set of rules or configurations for a particular system which all future system configurations can be compared to?
Configuration baseline
Which of the following is the practice of merging the various changes in code made by contributors back to the main branch, or effort, of a code base as early and often as possible? a. Continuous Delivery b. Continuous Integration c. Security Content Automation Protocol (SCAP) d. Continuous Deployment
Continuous Integration
Which of the following Maximum Tolerable Downtime (MTD) categories should be restored first before anything else? a. Urgent b. Normal c. Important d. Critical
Critical
Which is not a stage of an incident management lifecycle? a. Preparation b. Containment, Eradication and Recovery c. Detection and Analysis d. Data Correlation
Data Correlation
Which of the following is a technique that allows one process to gather information from another process or source, then customize a response to a third source using the data from the second process of source? a. Data Enrichment b. Automated Malware Signature Creation c. Threat Feed Combination d. Workflow Orchestration
Data Enrichment
Which option describes the process of covering or replacing parts of sensitive data with data that is not sensitive? a. Deidentification b. Technical Controls c. Tokenization d. Data Masking
Data Masking
______ is a data retention techniques that involves using a magnetic field to completely wipe out the information and data stored on a hard drive. a. Formatting b. Degaussing c. Wiping d. Destruction
Degaussing
perimeter network separated from rest of network
Demilitarized Zone (DMZ)
Which characteristic contributes to the severity level classification? a. Impact b. Downtime c. Asset Location d. Server Capability
Downtime
forensic investigation tool
EnCase
__________ refers to a deliberate balancing of system security and performance aimed at ensuring that, while neither solution option is optimal, both are acceptable to the organization a. Security Controls b. Engineering Tradeoffs c. Compensating Controls d. Systems Assessment
Engineering Tradeoffs
examine purpose of executable file
Executable Process Analysis
scans hard drive, can find deleted emails
FTK
integrated circuit designed to be configured by a customer or a designer after manufacturing
Field programmable Gate Array
Which of the following refers to creating a new partition table after partitioning has been accomplished? a. Degaussing b. Partitioning c. Formatting d. Wiping out a Hard Drive
Formatting
Which legal requirement provides guidelines for securing all financial information and prohibits sharing financial information with third parties? a. GLBA b. PCI DSS c. HIPPA d. GDPR
Gramm-Leach-Bliley Act (GLBA) of 1999
Which of the following is a special trusted computer which is dedicated solely to cryptographic processing? a. Trusted Foundry b. Trusted Platform Module (TPM) c. Hardware Security Module (HSM) d. Hardware Root of Trust
Hardware Security Module (HSM)
Which comes as a live CD that can be mounted on a host without affecting the data on the host and provides the ability to acquire evidence and make drive images? a. Sysinternals b. EnCase c. FTK d. Helix3
Helix3
Which of the following refers to information critical to the function of an organization? a. Sensitive Personal Information (SPI) b. High Value Assets (HVA) c. Intellectual Property (IP) d. Corporate Confidential
High Value Assets (HVA)
Which of the following tools is used to test/audit firewalls? a. Reaver b. Hping c. Aircrack-ng d. Responder
Hping
Which of the following cloud models offer a simple method of accessing computing capabilities on demand over the web? a. Infrastructure as a Service (IaaS) b. Function as a Service (FaaS) c. Platform as a Service (PaaS) d. Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Which of the following vulnerabilities allow attackers to achieve their malicious goals undetected?
Insufficient logging and monitoring
Which of the following is not a category used in the ATT&CK matrix when profiling threat actors and activities? a. Discovery b. Location c. Initial Access d. Defense Evasion
Location
security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. Each user and device on the system is assigned a similar classification and clearance level
Mandatory Access Controls (MAC)
Which of the following checks each start up component, including everything from boot drivers to firmware, to better protect PCs from rootkits and other malware? a. Trusted Firmware Updates b. Device Attestation c. Measured Boot d. Atomic Execution
Measured Boot
small, containerized application services that perform a single task or a small group of related tasks
Microservices
Which of the following is a communication protocol primarily used for transmitting information over serial lines between electronic devices? a. Controller Area Network (CAN) bus b. Supervisory Control and Data Acquisition Systems (SCADA) c. Modbus d. Workflow and Process Automation Systems
Modbus
Which of the following device tracking technologies has the smallest range? a. NFC b. Wi-Fi c. Bluetooth d. GPS
NFC
Which of the following tools is used for Dynamic Analysis of code? a. Qualys b. Veracode c. SonarQube d. Netsparker
Netsparker
Which of the following can be either hardware or software, can examine data packets moving in or out of a network and is used to immediately detect unauthorized activity? a. IDS b. IPS c. HIDS d. NIDS
Network Intrusion Detection Systems (NIDS)
What is not considered a method of mitigating a security incident? a. Avoidance b. Acceptance c. Patching d. Deterrence
Patching
Which data type is concerned with information regarding pathological and other medical tests, medial history and medical insurance? a. Intellectual Property b. Personal Health Information (PHI) c. Personal Identifiable Information (PII) d. Payment Card Information
Personal Health Information (PHI)
Which of the following cloud deployment models is typically used by a single organization? a. Community b. Private c. Public d. Hybrid
Private
Which risk calculation method does not involve quantifying the data in the risk analysis process and instead uses categories that describe the qualities of risk elements? a. Regulatory Risk Analysis b. Monetary Risk Analysis c. Qualitative Risk Analysis d. Quantitative Risk Analysis
Qualitative Risk Analysis
Tool to brute force the WPS of a WiFi Router
Reaver
using least amount of devices/networks
Reducing the Attack Surface Area
set of constraints to guide how Web should behave
Representational State Transfer (REST)
When conducting a risk identification process, which option is not taken into consideration? a. Calculate threat probability and business impact b. Reputation c. Identify vulnerabilities and threats d. Identify assets and asset values
Reputation
Which of the following is not considered a containment method? a. Reverse Engineering b. Removal c. Segmentation d. Isolation
Reverse engineering
Which of the following describes a device present on a network which you do not control or manage?
Rogue devices
Which of the following hashing algorithms generates a Message Digest between 256 bits and 512 bits?
SHA-2 Hashing Algorithm
protocol for operating securely over unsecured network
Secure Shell (SSH)
open standard for exchanging authentication and authorization data between parties
Security Assertions Markup Language (SAML)
using specific standards to enable automated vulnerability management
Security Content Automation Protocol (SCAP)
Which of the following is a messaging protocol based on XML which is used for exchanging information among computers? a. Microservices b. Security Assertions Markup Language (SAML) c. Representational State Transfer (REST) d. Simple Object Access Protocol (SOAP)
Simple Object Access Protocol (SOAP)
Which of the following methods of internet-based machine-to-machine communications uses Extensible Markup Language (XML) as the message format transmits through HTTP or SMTP? a. Trusted Automated eXchange of Intelligent Information (TAXII) b. Secure Shell (SSH) c. Simple Object Access Protocol (SOAP) d. Representational State Transfer (REST)
Simple Object Access Protocol (SOAP)
uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network, easy to collect network usage information
Software-Defined Network (SDN)
Uses static code analysis to debug
SonarQube
What does STRIDE stand for?
Spoofing Identity, Tampering with data, Repudiation, Information disclosure, Denial of service and elevation of privilege
Which of the following are a type of Industry Control System? a. Supervisory Control and Data Acquisition Systems (SCADA) b. Field-Programmable Gate Arrays (FPGAs) c. Embedded Systems d. System-on-Chip Systems (SoC)
Supervisory Control and Data Acquisition Systems (SCADA)
computer that spans large geographic area, public connection through the Internet
Wide Area Network (WAN)
Virtual Machine Sprawl refers to which of the following? a. An attacker targeting a VM with requests resulting in disruption of the target's online services b. With many virtual machines, there is a greater likelihood of lapses in security making it difficult for an administrator to manage. c. A guest OS is able to connect with the hypervisor, enabling the guest OS to interact directly with other VMs as well as the host d. Migrating a virtual machine to a different host without updating the configuration and security controls which leave it vulnerable to an attack
With many virtual machines, there is a greater likelihood of lapses in security making it difficult for an administrator to manage
What is a Service Level Agreement (SLA)?
a document that defines the level of service you expect from a vendor
identifying known malware
automated malware signature creation
Which of the following are used to identify and control who can access and operate corporate networks and services? a. Monitoring and Logging b. Digital Signatures c. Certificate management d. Mandatory Access Control (MAC)
certificate management
code changes are automatically prepared for production release
continuous delivery
changes are prepared periodically
continuous deployment
the sampling of continuous world information to get data which will be manipulated by a computer
data acquisition
removing association between data and subject
deidentification
software verifies the authenticity and integrity of the hardware and software of a device.
device attestation
mathematical technique which validates the authenticity and integrity of a message, software or digital documents. It allows us to verify the author name, date and time of signatures, and authenticate the message contents
digital signature
has a dedicated function within a larger mechanical or electronic system
embedded system
Which of the following is a controlled network which allows third-parties to connect, allowing them to gain information without connecting to the corporate internal network? a. A WAN b. A DMZ c. An Extranet d. An Intranet
extranet
the foundation on which all secure operations of a computing system depend
hardware root of trust
used to verify data has not been altered
hashing
public and private mix
hybrid cloud
private network within a business
intranet
which of the following are threat actors: a. Nation-state, Zero-days, Hacktivist, Organised Crime b. Nation-state, Intentional insider threat, Ransomware, Organised crime c. Nation-state, Advanced Persistent Threat (APT), Insider threat, Organised crime d. Nation-state, Insider threat, hacktivist, Organised crime
nation state, insider threat, hacktivist, organized crime
each guest can access its' own stuff but not any other guests' stuff
partitioning
Anybody can access, less secure
public cloud
process of taking a piece of software or hardware and analyzing its functions and information flow so that its functionality and behavior can be understood
reverse engineering
divides network into multiple parts
segmentation
sending emails from a known or trusted sender to make targeted individuals reveal confidential information
spear phishing
integrated circuit that integrates all or most components of a computer or other electronic system
system-on-chip
the process of substituting a sensitive data element with a non-sensitive equivalent
tokenization
international standard for a secure cryptoprocessor/chip
trusted platform module (TPM)
threat feed combination
using public database of known threats
group of computers and devices that share a communications line or wireless link to a server within the same geographical area
virtual LAN
process of running multiple virtual instances of a device on a single physical hardware resource
virtualization
