THE P.T: 1 CHRONICLE: ( ex.9 )

90問 • 6ヶ月前

問題一覧

List the NIST cybersecurity framework's four tiers, when ordered from least mature to most mature?

- Partial, - Risk Informed, - Repeatable, - Adaptive

Define the system that uses a computer to accomplish a task without being explicitly programmed. In the context of cybersecurity, This system generally works by analyzing example data sets to create its own ability to classify future items presented.

- Machine Learning ( M.L. )

What is the science of creating machines to develop problem-solving and analysis strategies without significant human direction or intervention. This system goes beyond Machine Learning ( M.L. ) and can make a more complicated decision than just the classifications made by Machine Learning ( M.L. ).

- Artificial Intelligence ( A.I. )

What system determines what is malicious traffic without having the prior benefit of being told what is benign/malicious.

- Deep Learning ( D.L. )

What Network is an underlying strategy used to accomplish deep learning but is not specific to the scenario described.

- The Generative Adversarial Network:

Why are hardware and software write blockers designed?

- To ensure that forensic software and tools cannot change a drive inadvertently by accessing it.

What is the primary purpose of a hardware write blocker?

- Is to intercept and prevent (or 'block') any modifying command operation from ever reaching the storage device.

What is the purpose of a Forensic Drive Duplicator?

- To copy a drive and validates that it matches the original drive but cannot be used by itself during analysis.

What is the purpose of a Degausser?

- Is used to wipe magnetic media.

In the Cyber Kill Chain, which phase involves the attacker fulfilling their intent on the victim’s system, such as data exfiltration, data destruction, or encryption for ransom?

- Actions and Objectives

Define Command and Control

- Involves maintaining communication with the compromised system, not fulfilling the adversary's intent

Define Reconnaissance

- Involves gathering information about the target system, not fulfilling the adversary's intent.

Define Weaponization

- Involves creating a malicious payload, not fulfilling the adversary's intent.

After a significant security breach involving customer data leakage, your organization conducts a comprehensive review. The aim is to comprehend the contributing factors that led to this incident and to establish measures to avert such incidents in the future. Which term best describes this specific post-incident activity?

- Lessons learned

Define a set of procedures and processes to handle and manage an incident effectively. It is used in preparation for potential incidents, not in post-incident activity

- Incident Response Plan

Define the Analysis that seeks to identify the initial cause of an issue, but does not involve a broad review of the incident response process.

- Root Cause Analysis

Which analysis involves a meticulous examination of all evidence related to an incident to understand its origin, extent, and impact. It does not inherently focus on the improvement of future responses.

- Forensic Analysis

Your organization is a large enterprise with a complex IT infrastructure. You have a team of system administrators who are responsible for collecting data from various sources, such as firewalls, IDS, and SIEMs. The data is collected to identify anomalies of interest, such as unusual network traffic patterns or suspicious login attempts. In which phase of the security intelligence cycle are the system administrators working?

- Collection

What phase focuses on converting collected data into useful information or actionable intelligence?

- Analysis

Which phase utilizes both intelligence producers and intelligence consumers' input. This phase also .aims to improve the implementation of the requirements, collection, analysis, and dissemination phases as the life cycle develops.

- Feedback

Which phase refers to publishing information produced by analysis to consumers who need to develop the insights.

- Dissemination

What method might a system administrator use to replicate the DNS information from one DNS server to another, but could also be used maliciously by an attacker?

- Zone transfers

What strengthens authentication in D.N.S. using digital signatures based on public-key cryptography.

- D.N.S.S.E.C.

Which is a service, which allows the owner of a domain name to use their name servers, which can match the domain name in question?

- D.N.S. Registration

What is a Canonical Name Record or Alias Record. A type of resource record in the Domain Name System ( D.N.S. ) specifies that one domain name is an alias of another canonical domain name.

- CNAME

This injection is a code injection technique that is used to attack data-driven applications. These injections are conducted by inserting malicious S.Q.L statements into an entry field for execution. For example, an attacker may try to dump the contents of the database by using this technique. This injection technique is to insert an always true statement, such as 1 == 1, or in this example, 6810 == 6810 . In this case, the SQL injection is evidenced by the SQL statements being sent to the web application hosted by WordPress.

- S.Q.L. Injection

What attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites?

- Cross-site scripting

This Injection is an attack technique used to manipulate or compromise an X.M.L. application or service's logic. This injection of unintended X.M.L content and/or structures into an X.M.L message can alter the application's intended logic.

- X.M.L. injection

This attack aims to access files and directories that are stored outside the webroot folder. By manipulating variables or URLs that reference files with “dot-dot-slash (../)” sequences and its variations or using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code or configuration and critical system files?

- Directory traversal

You received an incident response report indicating a piece of malware was introduced into the company’s network through a remote workstation connected to the company’s servers over a V.P.N. connection. Which of the following controls should be applied to prevent this type of incident from occurring again?

- N.A.C.

What is a network traffic filter that can control incoming or outgoing traffic?

- A.C.L.

This refers to a security access control method whereby the M.A.C. address assigned to each network card is used to determine access to the network. M.A.C. filtering operates at layer 2 and is easy to bypass.

- Mac Filtering

This Framework is an email authentication method designed to detect forging sender addresses during the email delivery.

- S.P.F.

In response to high-profile security incidents like the SolarWinds hack, the cybersecurity industry seeks to understand the specific strategies and methods used by attackers. Which of the following attack methodology frameworks focuses primarily on comprehending these specific tactics, techniques, and procedures ( T.T.Ps )?

- MITRE ATT&CK

This Model primarily focuses on understanding the relationship between four elements of an attack: the adversary, the victim, the infrastructure, and the capability.

- Diamond Model of Intrusion Analysis

This Guide provides a methodology for testing the security of web applications. It doesn't focus on the specific tactics, techniques, and procedures an attacker could potentially use.

- OWASP Testing Guide

This Chain describes the stages of a cyber attack, from identifying vulnerabilities (reconnaissance) to achieving objectives (actions and objectives).

- Cyber Kill Chain

A cybersecurity analyst is attempting to perform an active reconnaissance technique to audit their company’s security controls. Which DNS assessment technique would be classified as active?

- A zone transfer

What is an active technique that allows the resolution of names to I.P. addresses and I.P. addresses to names. This can be conducted as a passive technique.

- A D.N.S. forward or reverse lookup

What’s an open-source intelligence and forensics. It focuses on providing a library for data discovery from open sources and visualizing that information in a graph format suitable for link analysis and data mining. It collects this information passively since it can acquire the information from whois lookup servers, a D.N.S lookup tool using public D.N.S servers, or even emails and hostnames one can acquire from The Harvester.

- Using maltego

What is a passive reconnaissance technique that performs a query of the databases that store the registered users or assignees of an Internet resource, such as a domain name, an I.P. address block, or an autonomous system, but is also used for a wider range of other information.

- A whois query

Which of the following vulnerabilities was a zero-day exploit?

- SandWorm attack

This was a serious vulnerability in the Linux kernel, but it was not a zero-day exploit.

- Dirty COW

This was a critical vulnerability in the Bash shell, but it was not exploited before a patch was available.

- Shellshock

This was a significant vulnerability in Windows VBScript engine, it was not a zero-day exploit

- CVE-2018-8174

Your organization wants to perform a comprehensive security assessment of its applications, networks, and systems. Which methodology would best guide this process?

- Open Source Security Testing Methodology Manual (OSSTMM)

This framework primarily serves as a knowledge base for understanding attacker behaviors and tactics, techniques, and procedures (TTPs), not for conducting a comprehensive security assessment.

- MITRE ATT&CK

This describes the stages of a cyber attack, but it does not provide guidance for a comprehensive security assessment.

- Cyber Kill Chain

This focuses on understanding the relationships in a cyber attack, not on guiding a comprehensive security assessment.

- Diamond Model of Intrusion Analysis

As a cybersecurity professional, you are tasked with quickly identifying malicious IP addresses interacting with your network. You need a tool that provides a database of reported malicious IPs, allowing you to cross-check any suspicious IPs. What tool would be most suited for this purpose?

- AbuseIPDB

This is primarily used for malware analysis and doesn't provide a database of reported malicious IP addresses.

- Joe Sandbox

This is more related to identifying recurring trends or anomalies in data and doesn't provide a database of reported malicious I.P addresses.

- Pattern Recognition

This might help detect suspicious I.P. addresses through their data collection and analysis capabilities, but they do not provide a specific database of reported malicious IPs like AbuseIPDB.

- SOAR

Which phase of the Cyber Kill Chain involves the gathering of information about the target system, its technologies, potential vulnerabilities, and users?

- Reconnaissance

This phase involves transmitting the weaponized bundle to the victim, not gathering information about a target system.

- Delivery

This involves the execution of the delivered exploit, not gathering information about a target system.

- Exploitation

This phase involves packaging an exploit into a deliverable payload, not gathering information about a target system.

- Weaponization

Which of the following would a virtual private cloud infrastructure be classified as?

- Infrastructure as a Service

This is a cloud service model that supports serverless software architecture by provisioning runtime containers to execute code in a particular programming language.

- Function as a Service

This is a computing method that uses the cloud to provide users with application services.

- Software as a Service

This is a computing method that uses the cloud to provide any platform-type services.

- Platform as a Service

According to Lockheed Martin's white paper "Intel Driven Defense," which of the following technologies could degrade an adversary's effort during the actions on the objectives phase of the kill chain?

- Quality of service

These can detect actions an adversary has taken after the fact but will not degrade the actions themselves.

- Audit log

This could deceive an enemy during the actions on objective phase as the adversary may unknowingly take actions against a honeypot instead of their real objectives, but this would be classified as deception and not degradation.

- Honeypot

These technologies serve to disrupt C2 channels, not degrade them.

- NIPS

You are reviewing the I.D.S. logs and notice the following log entry: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (where email=support@diontraining.com and password=‘ or 7==7’) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What type of attack is being performed?

- SQL injection

This is an attack technique used to manipulate or compromise an X.M.L. application or service's logic. The injection of unintended X.M.L. content and/or structures into an X.M.L. message can alter the application's intended logic.

- XML injection

This is the insertion of malicious data, which has not been validated, into an H.T.T.P response header.

- Header manipulation

These are attacks that are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. These attacks occur when an attacker uses a web application to send malicious code, generally in a browser side script, to a different end-user.

- Cross-site scripting

Which of the following type of solutions would you classify an FPGA as?

- Anti-tamper

This is a secure subsystem that can provide attestation to declare something as true

- Root of trust

This is a specification for hardware-based storage of digital certificates, cryptographic keys, hashed passwords, and other user and platform identification information

- Trusted platform module

This is an appliance for generating and storing cryptographic keys. It is a solution that may be less susceptible to tampering and insider threats than a traditional software-based storage solution.

- Hardware security module

Your organization has been experiencing several cybersecurity incidents, including data breaches and compliance violations, that seems to stem from the software your team develops. What approach can you implement to systematically reduce these incidents?

- Secure Software Development Life Cycle (SDLC)

This is a linear approach to software development where one phase must be completed before the next begins. While it provides structure to the development process, it does not inherently emphasize security considerations, and therefore may not help to reduce security incidents.

- Waterfall Model

This is crucial for maintaining up-to-date security, it is a reactive approach. It may help to fix known vulnerabilities but does not prevent the introduction of new vulnerabilities during software development.

- Patch Management

This focuses on rapid and iterative development, which allows for flexibility and quick changes. However, without integrating a focus on security into each sprint, this method alone might not be effective in reducing cybersecurity incidents.

- Agile Development

Jorge and Marta are working on a programming project together. During a code review, Marta explains her code to Jorge while looking at the code on her computer. Which of the following code review techniques is being used in this scenario?

- Over-the-shoulder

This alternates between programmers, with one strategizing and reviewing it while the other enters the computer's code.

- Pair programming

This review is conducted using a software tool or other form of automation

- Tool-assisted review

This is a personnel security process that requires more than one employee available to perform a specific task. This is used with split knowledge and is not a form of code review.

- Dual control

Which of the following lists the U.E.F.I boot phases in the proper order?

- Security, - Pre-EFI initialization, - Driver Execution Environment, - Boot Device Select, - Transient System Load, - Runtime

After a cyber incident at your organization where a ransomware attack crippled the operational servers, your team is tasked with conducting an in-depth examination. The goal is to trace back the origin of the attack, determining where and how it penetrated your defenses. Which activity would best aid your team in this endeavor?

- Root cause analysis

This is a preparatory document outlining the organization's approach to managing security incidents. It is not an activity performed after an incident

- Incident response plan

This is the review process after an incident, where stakeholders evaluate what happened, what was done well, and what needs improvement. It's a broader concept than just determining the initial cause of an issue.

- Lessons learned

This is a thorough investigation of an incident, its focus is broader and often includes legal implications, whereas root cause analysis is more focused on the initial causes of the issue.

- Forensic analysis

What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes?

- Clear

This data is meant to eliminate information from being feasibly recovered even in a laboratory environment.

- Purge

This requires physical destruction of the media, such as pulverization, melting, incineration, and disintegration.

- Destroy

This is the process of decreasing or eliminating a remnant magnetic field. It’s an effective method of sanitization for magnetic media, such as hard drives and floppy disks.

- Degauss

THE P.T: 2 CHRONICLE: ( ex.10 )

The R.S.S.H Delivery Company · 88問 · 6ヶ月前

THE P.T: 2 CHRONICLE: ( ex.10 )