THE P.T. 6: CHRONICLE: ( ex.14 )

90問 • 6ヶ月前

問題一覧

This is a pattern matching technique that uses a structured database of string values to detect matches. For example, a company might have a list of actual social security numbers of its customers.

- Exact data match

This is a further refinement of partial document matching that uses machine learning to analyze various data sources using artificial intelligence or machine learning.

- Statistical matching

These techniques use a rule based on a confidentiality classification tag or label attached to the data. For example, the military might use a classification based DLP to search for any files labeled as secret or top secret.

- Classification

This attempts to match a whole document or a partial document against a signature in the DLP.

- Document matching

This refers to the attack method that takes many usernames and loops them with a single password.

- Password spraying

This is exploiting a valid computer session to gain unauthorized access to information or services in a computer system.

- Session hijacking

This is the automated injection of breached username/password pairs to gain user accounts access fraudulently. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account. The attacker can then hijack for their own purposes.

- Credential stuffing

This is the act of pretending to be another person for fraud.

- Impersonation

What are the Seven phases of the Software Development Life Cycle (SDLC):

- Planning (or Requirements Planning):, - Focus: Define the scope, purpose, and initial requirements of the software, but with a strong emphasis on security from the outset., - Requirements and Analysis:, - Focus: Detail functional and non-functional requirements, including specific security requirements., - Design:, - Focus: Translate requirements into a detailed architectural and technical design for the software., - Development (or Coding/Implementation):, - Focus: Write the actual code based on the design specifications., - Testing:, - Focus: Verify that the software meets its requirements and identify defects, including security vulnerabilities., - Deployment:, - Focus: Release the working software to production environments., - Maintenance (or Operations and Monitoring):, - Focus: Ongoing support, monitoring, and updates to the software after deployment.

During the 2017 WannaCry ransomware attack, cybersecurity professionals across organizations globally rushed to contain the spread and impact of the ransomware. In this effort, they used a variety of software solutions designed to detect, analyze, and respond to security incidents. A popular open-source platform that provides comprehensive capabilities for network traffic analysis and log management was used extensively. What is the name of this platform?

- Security Onion

This is primarily used for penetration testing and security auditing, rather than network traffic analysis and log management.

- Kali Linux

This is a penetration testing platform that is used for developing and executing exploit code against a remote target machine.

- Metasploit

This is a useful tool for analyzing network traffic, it doesn't provide the comprehensive log management features offered by Security Onion

- Wireshark

This will allow an authorized administrator the option to change a great deal about an operating system, but it cannot explicitly stop a process or service that is already running

- secpol.msc

This tool can also enable, start, or terminate a running service.

- services.msc

This can terminate a service using the following: wmic service call StopService.

- wmic ( Windows Management Instrumentation )

This command allows an analyst to control services, including terminating them.

- sc.exe

This is the legal basis for protecting information assets. These are used between companies and employees, between companies and contractors, and between two companies.

- Non-disclosure agreement (NDA)

This is a contractual agreement that sets out the detailed terms under which a service is provided

- service level agreement (SLA)

This states that personal data can only be collected for a specific purpose. This can specify how a dataset can be analyzed and proscribe the use of reidentification techniques.

- data sharing and use agreement (DSUA)

This is defined by NIST's SP800-4 and is used by any federal agency interconnecting its I.T. system to a third party must create an I.S.A to govern the relationship.

- interconnection security agreement (ISA)

The N.I.S.T. Special Publication 800-61 ( Computer Security Incident Handling Guide ), recoverability effort categories are:

- Regular, - Time to recovery is predictable with existing resources., - Supplemented, - Time to recovery is predictable with additional resources., - Extended, - Time to recovery is unpredictable; additional resources and outside help are needed., - Not Recoverable , - Recovery from the incident is not possible (e.g., sensitive data exfiltrated and posted publicly); launch an investigation.

Which of the following provides a cryptographic authentication mechanism to positively identify an organization as the authorized sender of email for a particular domain name?

- DomainKeys Identified Mail (DKIM)

This uses a D.N.S. record published by an organization hosting an email service. This record identifies the hosts authorized to send email from that domain, and there must be only one per domain.

- Sender Policy Framework (SPF)

This is a communication protocol for electronic mail transmission, which does not utilize cryptographic authentication mechanisms by default.

- Simple Mail Transfer Protocol (SMTP)

This framework ensures that S.P.F. and D.K.I.M are being utilized effectively. D.MARC relies on D.K.M.I. for the cryptographic authentication mechanism, making it the incorrect option for this question.

- Domain-Based Message Authentication, Reporting, and Conformance (DMARC)

What is the C.I.A. Triad?

Is a foundational model in information security that represents three core principles essential for protecting information and systems.

List and Define the three elements within the C.I.A. TRIAD:

- Confidentiality, - This principle ensures that sensitive information is accessible only to authorized individuals or systems. It's about preventing unauthorized disclosure of data., - Integrity, - This principle guarantees that information is accurate, complete, and trustworthy. It ensures that data has not been modified, altered, or destroyed in an unauthorized manner., - Availability, - This principle ensures that authorized users can reliably access information and systems when needed. It's about maintaining operational uptime and providing timely access to resources.

You're examining system logs for potential security incidents when you encounter the following command: nc -lvnp 4444 -e /bin/bash What does this command suggest?

- Potential Reverse Shell

This involves injecting malicious scripts into trusted websites. This scenario involves shell commands, not web-based script injection.

- XSS Attack

This involves the exploitation of a security vulnerability in an application's database layer.

- SQL Injection

This involves navigating through a filesystem and is not represented in this command.

- Directory Traversal

What tool can be used as an exploitation framework during your penetration tests?

- Metasploit

This is used in digital forensic investigations.

- Autopsy

This tool is a port scanner.

- Nmap

This is a very popular vulnerability scanner. It can be used to check how vulnerable your network is by using various plugins to test for vulnerabilities. Also, this can perform compliance auditing, like internal and external P.C.I D.S.S. audit scans.

- Nessus

This is a method of cracking passwords, encryption keys, or other authentication credentials by systematically trying every possible combination until the correct one is found. It's essentially like trying every key on a keyring until you find the one that opens the lock.

- Brute force

This is a type of brute force attack that takes a "low and slow" approach to avoid detection. Instead of trying many different passwords against a single user account (which often triggers account lockouts), a password spraying attack attempts to use a small number of common passwords against a large number of user accounts.

- Password spraying

This is a type of cyberattack where attackers leverage a common user habit: reusing the same username and password across multiple online services.

- Credential stuffing

This is the act of pretending to be another person for fraudulent purposes.

- Impersonation

A recent security audit revealed several vulnerabilities in your organization's network. Your security team wants to understand the specific tactics, techniques, and procedures (TTPs) that an attacker could potentially use to exploit these vulnerabilities. Which framework would be most appropriate to use?

- MITRE ATT&CK

This focuses on understanding the relationships between the elements of a cyber attack, not the specific tactics, techniques, and procedures an attacker might use.

- Diamond Model of Intrusion Analysis

By Lockheed Martin that describes the sequential stages an attacker typically follows to achieve their objective in a cyberattack. It's an adaptation of a military concept to the realm of cybersecurity, providing a structured way for organizations to understand, identify, and disrupt cyber threats.

- Cyber Kill Chain

This is to understand and track the sequential steps an attacker takes from initial planning to achieving their ultimate objective.

- The linear progression of a cyber attack

Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?

- MITRE ATT&CK framework

This contains a depth of research on A.P.Ts but does not integrate the detections and mitigation strategy.

- OpenIOC

This provides an excellent methodology for communicating cyber events and allowing an analyst to derive mitigation strategies implicitly.

- Diamond Model of Intrusion Analysis

This provides a general life cycle description of how attacks occur but do not deal with the specifics of how to mitigate.

- Lockheed Martin cyber kill chain

Which attack methodology framework primarily focuses on understanding the stages of a cyber attack from the reconnaissance to the exploitation, installation, and achieving their objectives?

- Cyber Kill Chain

This focuses on the relationship between four elements of an attack: the adversary, the victim, the infrastructure, and the capability.

- Diamond Model of Intrusion Analysis

This provides a methodology for testing the security of web applications. It doesn't describe the stages of a cyber attack.

- OWASP Testing Guide

This framework provides a matrix of tactics, techniques, and procedures ( T.T.Ps ) used by cyber adversaries.

- MITRE ATT&CK

According to the MITRE ATT&CK framework, which of the following types of capabilities would an adversary need to identify and exploit zero-day vulnerabilities?

- Developed

This refers to the utilization of commodity malware and techniques (i.e., script kiddies).

- Acquired and augmented

These capabilities involve non-cyber tools such as political or military assets.

- Integrated

These capabilities refer to those that can introduce vulnerabilities through the supply chain in proprietary and open-source products.

- Advanced

List the correct sequence to collect the data from the workstation?

- CPU cache, - RAM, - Swap, - Hard drive

This sends specially crafted packets to the target host(s) and then analyzes the responses to determine the open ports and services running on those hosts. Also, nmap can determine the versions of the applications being used on those ports and services. Nmap is a command-line tool for use on Linux, Windows, and macOS systems.

- Nmap

This is an open-source packet analyzer used for network troubleshooting, analysis, software and communications protocol development, and education.

- Wireshark

This tool is used to query another computer on a network to determine whether there is a valid connection.

- ping

This tool is a command-line utility that displays network connections for incoming and outgoing T.C.P. packets, routing tables, and some network interface and network protocol statistics. Still, it cannot identify open ports and services on a host with their version numbers.

- netstat

This is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. Attackers may use a cross-site scripting vulnerability to bypass access controls such as the same-origin policy.

- Cross-site scripting

This is a malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. There are many ways in which a malicious website can transmit commands, such as specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests can all work without the user's interaction or even knowledge.

- Cross-site request forgery

This is an attack in which the goal is to execute arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, etc.) to a system shell.

- Command injection

This is a code injection technique used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution, such as dumping the database contents to the attacker.

- SQL injection

When you purchase an exam voucher at diontraining.com, the system only collects your name, email, and credit card information. Which of the following privacy methods is being used by Dion Training?

- Data minimization

This is the process of removing personally identifiable information from data sets so that the people whom the data describe remain anonymous. M

- Anonymization

This means that all or part of data in a field is replaced with a randomly generated token. The token is stored with the original value on a token server or token vault, separate from the production database

- Tokenization

This can mean that all or part of a field's contents are redacted, by substituting all character strings with x, for example.

- Data masking

This combines several programs into one, including writing to a temporary file, netcat usage, and FTP usage. This integrates more than one form of attack to accomplish their goal.

- Chained exploit

This attack occurs when legitimate users cannot access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.

- Denial of Service exploit

- SQL injection exploit

This is an anomaly where a program that occurs while writing data to a buffer overruns the buffer's boundary and overwrites adjacent memory locations.

- Buffer overflow exploit

After a successful spear-phishing attack, an adversary has gained access to your organization's network. The adversary then performs a Pass-the-Hash attack to gain administrative privileges, moves horizontally in the network, and finally exfiltrates sensitive data. Which stage of the MITRE ATT&CK framework does this movement represent?

- Lateral Movement

This refers to the final stage where the adversary exports the data they're after.

- Exfiltration

This involves stealing credentials, like the Pass-the-Hash attack mentioned. However, it doesn't refer to moving through the network.

- Credential Access

This is the first stage where the adversary gains a foothold in the network. In this scenario, the spear-phishing attack would be the Initial Access.

- Initial Access

Cisco log levels: ( Start from 0 )

- Level 0, - Emergency, - Level 1, - Alert, - Level 2, - Critical, - Level 3, - Errors, - Level 4, - Warnings, - Level 5, - Notifications, - Level 6, - Information, - Level 7, - Debugging

Which of the following techniques would allow an attacker to get a full listing of your internal DNS information if your DNS server is not properly secured?

- Zone transfers

This resolution is a normal function of D.N.S. that converts a domain name like www.diontraining.com to its corresponding I.P. address.

- FQDN resolution

D.N.S. poisoning is a type of attack which uses security gaps in the Domain Name System (DNS) protocol to redirect internet traffic to malicious websites.

- DNS poisoning

This is a method of preventing a routing loop in a network.

- Split horizon

Barrett needs to verify settings on a macOS computer to ensure that the configuration he expects is currently set on the system. What type of file is commonly used to store configuration settings for a macOS system?

- plists

This file is a configuration file used by various applications containing plain text parameters that define settings or preferences for building or running a program. Commonly used in Windows.

- .config files

This is used to store registration configuration settings on Windows systems.

- The registry

This is a UNIX user's start-up file, like the autoexec.bat file of DOS.

- .profile files

This is a serious vulnerability in the OpenSSL cryptographic software library. It was first disclosed in April 2014 and allowed anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromised the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This bug in OpenSSL could have serious consequences, such as private key theft, making it a critical vulnerability.

- Heartbleed

This is a sophisticated malware that was used in a series of targeted attacks against financial institutions from 2013 to 2015. The malware was able to steal millions of dollars from banks in over 30 countries. While the Carbanak attacks were significant, they involved targeted phishing and advanced persistent threats (APTs), not a widespread vulnerability like Heartbleed.

- Carbanak

This is a type of Denial-of-Service (DoS) attack that can be used to disable Bluetooth-enabled devices. The attack works by sending a specially crafted packet to the target device that causes it to crash or become unresponsive. While BlueSmack was a significant vulnerability affecting Bluetooth devices, it did not have the same global impact or exploitability as Heartbleed.

- BlueSmack

This Attack was a significant vulnerability affecting the RSA encryption algorithm, but it didn't have the same level of impact or exploitability as Heartbleed. Carbanak is a sophisticated malware that was used in a series of targeted attacks against financial institutions from 2013 to 2015. The malware was able to steal millions of dollars from banks in over 30 countries.

- ROBOT Attack

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )