Module 1-2 Exam Tech 171
In a smart home, an owner has connected many home devices to the Internet, such as the refrigerator and the coffee maker. The owner is concerned that these devices will make the wireless network vulnerable to attacks. What action could be taken to address this issue?
Install the latest firmware versions for the devices.
A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?
botnet
An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation?
rogue access point
Which three technologies should be included in a SOC security information and event management system? (Choose three.)
security monitoring, threat intelligence, log management
What are two examples of personally identifiable information (PII)? (Choose two.)
street address, credit card number
Which three are major categories of elements in a security operations center? (Choose three.)
technologies, processes, people
Which organization is an international nonprofit organization that offers the CISSP certification?
(ISC)2
Which statement describes cyberwarfare?
It is Internet-based conflict that involves the penetration of information systems of other nations.
What is the dark web?
It is part of the internet that can only be accessed with special software.
Why do IoT devices pose a greater risk than other computing devices on a network?
Most IoT devices do not receive frequent firmware updates.
A worker in the records department of a hospital accidentally sends a medical record of a patient to a printer in another department. When the worker arrives at the printer, the patient record printout is missing. What breach of confidentiality does this situation describe?
PHI
MTTR
average time that it takes to stop and remediate a security incident
MTTD
average time to identify that valid security incidents have occurred in the network
How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?
by combining data from multiple technologies
What job would require verification that an alert represents a true security incident or a false positive?
Alert Analyst
Which regulatory law regulates the identification, storage, and transmission of patient personal healthcare information?
HIPAA
Which cyber attack involves a coordinated attack from a botnet of zombie computers?
DDoS
What is a benefit to an organization of using SOAR as part of the SIEM system?
SOAR automates incident investigation and responds to workflows based on playbooks.
An SOC is searching for a professional to fill a job opening. The employee must have expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering in order to search for cyber threats hidden within the network. Which job within an SOC requires a professional with those skills?
Threat Hunter
The term cyber operations analyst refers to which group of personnel in a SOC?
Tier 1 personnel
Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?
Tier 3 SME
Which KPI metric does SOAR use to measure the time required to stop the spread of malware in the network?
Time to Control
A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic. This traffic rendered the server inoperable. How would a certified cybersecurity analyst classify this type of threat actor?
amateur
dwell time
length of time that threat actors have access to a network before their access is stopped
When a user turns on the PC on Wednesday, the PC displays a message indicating that all of the user files have been locked. In order to get the files unencrypted, the user is supposed to send an email and include a specific ID in the email title. The message also includes ways to buy and submit bitcoins as payment for the file decryption. After inspecting the message, the technician suspects a security breach occurred. What type of malware could be responsible?
ransomware
A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?
rogue access point
MTTC
time required to stop the incident from causing further damage to systems or data
What is the main purpose of cyberwarfare?
to gain advantage over adversaries
What websites should a user avoid when connecting to a free and open wireless hotspot?
websites to make purchases
What type of cyberwarfare weapon was Stuxnet?
worm