THE P.T. 4: CHRONICLE: ( ex.11 )

52問 • 6ヶ月前

問題一覧

In the Syslog severity levels: Define Emergency (emerg):

- Level 0, - System is unusable. This indicates a complete system failure or a kernel panic. Immediate action is required.

In the Syslog severity levels: Define Alert (alert):

- Level 1, - Immediate action must be taken. This means a condition that should be corrected immediately, such as a loss of primary internet connection or database corruption.

In the Syslog severity levels: Define Critical (crit):

- Level 2, - Critical conditions. These are serious conditions, like hardware failures (e.g., a disk drive malfunction) or critical system errors.

In the Syslog severity levels: Define Error (err):

- Level 3, - Error conditions. These indicate error conditions that might not immediately impact system usability but require attention, such as an application crash or service interruption.

In the Syslog severity levels: Define Warning (warning):

- Level 4, - Warning conditions. These are potential issues that might lead to problems if not addressed, like low disk space or high CPU usage.

In the Syslog severity levels: Define Notice (notice):

- Level 5, - Normal but significant condition. These are normal operational events that are noteworthy, such as a successful system startup or shutdown, or a configuration change.

In the Syslog severity levels: Define Informational (info):

- Level 6, - Informational messages. These are routine information about the operation of the device, typically for analysis and monitoring.

In the Syslog severity levels: Define Debug (debug):

- Level 7, - Debugging messages. These are highly detailed messages typically used for troubleshooting and diagnostics during development or specific problem-solving.

Which analysis framework is essentially a repository of known I.O.Cs with ties to known specific threats?

- OpenIOC

This provides additional details about detection and mitigation.

- MITRE ATT&CK framework

This provides a generalized concept for how an attacker might approach a network but does not deal with individual I.O.Cs' specifics.

- Lockheed Martin cyber kill chain

This is an analytic framework for describing an attacker's work.

- Diamond Model of Intrusion Analysis

Your organization is a financial services company. You have a team of security analysts who are responsible for gathering and analyzing intelligence about potential threats to your organization. The analysts recently published a report that identifies a new threat actor who is targeting financial services companies. The report includes information about the threat actor's tactics, techniques, and procedures (TTPs). In which phase of the security intelligence cycle will this information be provided to those who need to act on it?

- Dissemination

This phase focuses on converting collected data into useful information or actionable intelligence.

- Analysis

This utilizes both intelligence producers and intelligence consumers' input. This phase aims to improve the implementation of the requirements, collection, analysis, and dissemination phases as the life cycle is developed.

- Feedback

This phase is usually implemented by administrators using various software suites, such as security information and event management ( S.I.E.M. ).

- Collection

As a cybersecurity professional, you're reviewing a Python script used in your organization's automation process. You notice the following line of code: os.system('rm -rf /') What potential security concern does this line of code represent?

- Command Injection

This attacks target application users by injecting malicious scripts into trusted websites. This scenario doesn't involve web applications or user input.

- Cross-Site Scripting (XSS)

This is a common software vulnerability, it doesn't describe the situation here, which involves the potential execution of a harmful command.

- Buffer Overflow

This involves inserting malicious SQL statements into an entry field for execution, but this scenario doesn't involve any SQL operations.

- SQL Injection

Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?

- OpenID Connect

This is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. This is an XML-based markup language for security assertions.

- Security Assertion Markup Language (SAML)

This is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

- Kerberos

This is a software component developed by Microsoft that can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries.

- Active Directory Federation Services (ADFS)

Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly?

- Continuous deployment

This is a software development method in which code updates are tested and committed to development or build server/code repositories rapidly.

- Continuous integration

This is the technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon.

- Continuous monitoring

This is a software development method in which app and platform requirements are frequently tested and validated for immediate availability.

- Continuous delivery

Which of the following vulnerabilities was the MOST critical due to its potential impact and exploitability?

- EternalBlue

This was a significant security bug disclosed in April 2016 that affected both Microsoft Windows and Samba servers. Samba is an open-source software suite that provides file and print services to SMB/CIFS clients, enabling Linux/Unix systems to interact with Windows environments.

- Badlock

Short for Decrypting R.S.A with Obsolete and Weakened eNcryption) is a serious cross-protocol security flaw discovered in March 2016. It allows attackers to decrypt sensitive communications, even those protected by modern TLS (Transport Layer Security) protocols, by leveraging support for the outdated and insecure SSLv2 protocol.

- DROWN

Refers to a security flaw found in the Apache Struts web application framework. Apache Struts is an open-source framework widely used by developers to create Java web applications, particularly those following the Model-View-Controller (MVC) architecture.

- Apache Struts

What SCAP component could be used to create a checklist to be used by different security teams within an organization and then report results in a standardized fashion?

- XCCDF (extensible configuration checklist description format )

This is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise's computing assets.

- Common Platform Enumeration ( C.P.E. )

This system provides a reference-method for publicly known information-security vulnerabilities and exposures.

- Common Vulnerabilities and Exposures ( C.V.E. )

This provides unique identifiers to system configuration issues to facilitate fast and accurate correlation of configuration data across multiple information sources and tools.

- Common Configuration Enumeration ( C.C.E. )

Syed is developing a vulnerability scanner program for a large network of sensors used to monitor his company's transcontinental oil pipeline. What type of network is this?

- SCADA ( supervisory control and data acquisition )

This uses serial communication buses to connect electronic control units and other subsystems in cars and unmanned aerial vehicles ( U.A.V. ).

- CAN ( controller area network )

This is a design where all these processors, controllers, and devices are provided on a single processor die or chip.

- SoC ( System-on-chip )

These are for offices and data centers ("smart buildings") can include physical access control systems, but also heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators and escalators.

- BAS ( building automation system )

Which of the following is not considered a component that belongs to the category of identity management infrastructure?

- Human resource system

This is responsible for coordinating the creation of user accounts, email authorizations in the form of rules and roles, and other tasks such as provisioning of physical resources associated with enabling new users.

- Provisioning engine

LDAP servers, provisioning engines, and auditing systems are all part of identity management infrastructures. Most organizations rely on an LDAP Directory to store users, groups, roles, and relationships between those entities.

- LDAP

The auditing system is responsible for verifying the identities present in the organization's systems are valid and correct.

- Auditing system

Which of the following is a senior role with the ultimate responsibility for maintaining confidentiality, integrity, and availability in a system?

- Data owner

This person is responsible for oversight of any P.I.I. / S.P.I. / P.H.I. assets managed by the company.

- Privacy officer

This person is primarily responsible for data quality. This involves ensuring data are labeled and identified with appropriate metadata. That data is collected and stored in a format and with values that comply with applicable laws and regulations.

- Data steward

This person is the role that handles managing the system on which the data assets are stored. This includes responsibility for enforcing access control, encryption, and backup/recovery measures.

- Data custodian

You have been hired as a cybersecurity analyst for a privately-owned bank. Which of the following regulations would have the greatest impact on your bank's cybersecurity program?

- Gramm-Leach-Bliley Act (GLBA)

This is a U.S. law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers.

- Health Insurance Portability and Accountability Act (HIPPA)

This is a United States federal law that set new or expanded requirements for all US public company boards, management, and public accounting firms.

- Sarbanes-Oxley (SOX)

The Act of 1974 is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments.

- Family Educational Rights and Privacy Act (FERPA)

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )