General Information Quiz

Questions and Answers

What type of tool is Skipfish, as used by a white hat hacker?

• Vulnerability scanner (correct)
• Debugger
• Packet sniffer
• Fuzzer

Which of the following statements best describes a man-in-the-middle attack?

• It manipulates data in transit.
• It validates data during transmission.
• It floods a network with excessive traffic.
• It establishes unauthorized communication between two parties. (correct)

What are the two primary functions provided by NetFlow?

• Monitoring application performance and auditing network access
• Using AI for incident detection and providing statistics on IP flows (correct)
• Capturing real-time traffic and performing vulnerability assessments
• Encrypting network traffic and blocking unauthorized access

What is the primary goal of a white hat hacker?

Protecting systems from vulnerabilities (C)

What is a characteristic of the RADIUS protocol regarding packet encryption?

Encryption of the password only (A), Encryption of the entire body of the packet (C)

What is the purpose of the automated system that CISA uses to share verified cybersecurity information?

To support the Automated Information Sharing (AIS) (C)

What security threat is represented by a phone call requesting a user's username and password for auditing?

Phishing attempt (B)

Which AAA component can be established through the use of token cards?

Authentication (D)

What principle underlies the nondiscretionary access control model?

Access control based on roles and responsibilities (D)

Why might an attacker want to spoof a MAC address?

To capture traffic from multiple VLANs (B)

Which of these is NOT a characteristic of a vulnerability scanner like Skipfish?

Provides real-time packet analysis (C)

Which type of access control applies the strictest measures and is commonly used in military applications?

Mandatory access control (MAC) (B)

Which security term encompasses passwords, passphrases, and PINs?

Authentication factors (A)

What is a key feature of the RADIUS protocol in relation to communication ports?

Relies on UDP ports for authentication and accounting (A)

What certificate class is considered more reliable than class 1 certificates?

Class 0 (A)

Which objective of secure communications focuses on confidentiality?

Encryption (A)

What is the primary benefit of performing a retrospective analysis after identifying malware entering the network?

It helps in tracking the behavior of the malware. (A)

In which attack phase of the Cyber Kill Chain does a threat actor collect employee information from web servers?

Reconnaissance (B)

Which HIDS is integrated into the Security Onion to detect changes in operating parameters caused by malware?

OSSEC (C)

Which type of event is assigned to the SID created by Sourcefire and distributed under a GPL agreement?

True positive (C)

Which tool should a cybersecurity analyst visit first to verify security alerts in Security Onion?

Sguil (C)

What does the field in the Sguil application window indicate?

Event priority (D)

Which method describes how the malware originally entered the network?

Initial access vector (B)

What is the role of the EmergingThreats community in relation to Snort?

Creation of community rules (B)

What is CybOX focused on capturing and communicating?

Network operations properties (A)

Which component of the zero trust security model ensures secure access while accessing a database?

Container (A), API (C), Microservice (D)

What is the purpose of the network security accounting function?

To determine resource access for users (C)

Which term best describes the capability of a web server to log usage time by users?

Accounting (B)

What is a characteristic of the defense-in-depth approach?

Each layer must be penetrated to access target data (C)

Which statement accurately describes a characteristic of a layered defense-in-depth security approach?

Three or more devices are required (C)

What is a key benefit of implementing a defense-in-depth strategy?

Multiple safeguards can protect against failures (C)

What does the concept of zero trust imply regarding user verification?

Continuous verification is required (A)

What are two purposes of launching a reconnaissance attack on a network?

To scan for accessibility (C), To gather information about the network and devices (D)

Which type of network attack involves randomly opening many Telnet requests to a router, preventing legitimate access?

SYN flooding (A)

What functionality is provided by Cisco SPAN in a switched network?

It mirrors traffic for analysis on another port (D)

Which technology is recognized as a proprietary SIEM system?

StealthWatch (A)

What are three functionalities provided by SOAR? (Choose three.)

Uses artificial intelligence for incident detection (B), Automates complex incident response procedures (C), Presents correlated and aggregated event data in real-time (D)

Which cyber attack involves a coordinated attack from a botnet of zombie computers?

DDoS (C)

What technique depletes the pool of IP addresses available for legitimate hosts?

DHCP starvation (C)

What is one purpose of gathering information about the network and devices during a reconnaissance attack?

To identify vulnerabilities for exploitation (D)

What is the primary purpose of using digital signatures for code signing?

To verify the integrity of executable files (A)

Which technology uses trusted third-party protocols to issue authoritative identity credentials?

Public Key Infrastructure (PKI) certificates (A)

In a CVSS assessment, which metric describes the requirement for user interaction in an attack scenario?

Exploitability (B)

What risk management strategy is used when facing low potential impact but high mitigation costs?

Risk retention (A)

Which two classes of metrics are part of the CVSS Base Metric Group?

Impact metrics and Exploit Code Maturity (A), Impact metrics and Modified Base (C)

Which type of test employs software to scan networks for vulnerabilities?

Vulnerability assessment (A)

What are the outcomes of the NIST Cybersecurity Framework core function?

Identify, protect, detect (C)

Which strategy is utilized to enhance endpoint security in a company?

Implementing multi-factor authentication (B)

Flashcards

Purpose of Reconnaissance Attack

A reconnaissance attack aims to gather information about a network's devices and accessibility to plan further attacks or exploits.

SYN Flooding Attack

A network attack that overwhelms a system by sending a high volume of SYN requests, preventing legitimate users from connecting.

Cisco SPAN Functionality

Cisco Span mirrors network traffic from one port or VLAN to another for analysis without affecting the original traffic flow.

SOAR Functionality

SOAR (Security Orchestration, Automation, and Response) automates incident response, analyzes events, and provides incident response procedures.

DDoS Attack

A coordinated attack from a botnet of compromised computers to overwhelm a target system and disrupt service.

DHCP Starvation

A cybersecurity attack that depletes the pool of available IP addresses to prevent legitimate devices from obtaining IP addresses.

NetFlow

A network monitoring solution used to analyze network traffic and provide services for user access control.

Stealthwatch

A proprietary Security Information and Event Management (SIEM) system.

White hat hacker's goal

To find and report vulnerabilities, not to exploit them.

Skipfish Tool Type

A vulnerability scanner used to discover weaknesses in computer systems.

NetFlow Functions (2)

Provides an audit trail of IP flows and statistics about network traffic.

Man-in-the-Middle Attack

An attack where a malicious actor intercepts and controls communication between two parties.

Security Threat (Phone call)

Social engineering, tricking a user into revealing sensitive information.

MAC Address Spoofing Reason

To capture traffic from multiple VLANs by disguising the attacker's device.

Cybersecurity Information Sharing

Automatic sharing of cybersecurity information between public and private organizations.

Vulnerability Scanner

A tool that identifies security weaknesses in a system.

CybOX

A standard for communicating cyber threat information, allowing for real-time exchange of threat indicators between organizations.

Workload Security

Ensuring secure access for applications or services like APIs, microservices, or containers when they connect to databases.

Network Security Accounting

Tracking and logging user actions and resource access to monitor network activity.

Authentication

The process of verifying the identity of a user or device.

Authorization

The process of determining what resources a user or device is allowed to access.

Defense-in-Depth

A security approach that uses multiple layers of protection to safeguard data and systems.

Layered Defense Benefit

Having multiple security layers makes it harder for attackers to penetrate all defenses, increasing overall security.

Layered Defense Characteristic

Even if one security layer fails, the other layers continue to protect the system.

RADIUS Protocol

A network protocol used for centralized authentication, authorization, and accounting (AAA) for users accessing network services. It uses UDP ports for communication and encrypts only the password for security.

Token Cards

Physical or digital tokens used for authentication by providing a unique, time-dependent code or factor to verify user identity.

Nondiscretionary Access Control

An access control model where access rights are assigned based on predefined roles and responsibilities, rather than individual ownership of data.

Mandatory Access Control (MAC)

The strictest access control model where access rights are assigned and enforced based on predefined security labels, typically used in high-security environments.

Attribute-Based Access Control (ABAC)

An access control model that evaluates access based on attributes of the user, the object, or the environment.

Encryption for Secure Communications

The process of converting data into an unreadable format to protect its confidentiality during transmission or storage.

Certificate Classes in PKI

Categorization of digital certificates based on their intended purpose and trust level. Lower class numbers generally indicate higher trust levels.

Digital Signatures for Code Signing

Digital signatures used to verify the integrity of executable files downloaded from a vendor website. This ensures that the file hasn't been tampered with and is authentic.

PKI Certificates

PKI certificates are issued by trusted third-party entities to verify the identity of individuals or organizations. They are used in various online security applications, such as email encryption and online banking.

CVSS Base Metric Group: Exploitability

This metric assesses how easy it is for an attacker to exploit a vulnerability. It considers factors like the complexity of the attack and whether user interaction is required.

Risk Retention

A risk management strategy where an organization accepts the potential consequences of a risk, often because the cost of mitigation outweighs the potential impact.

Vulnerability Assessment

A type of security test that scans internal networks and internet-facing servers for vulnerabilities. It identifies weaknesses that could be exploited by attackers.

NIST Cybersecurity Framework Core Functions

The NIST Cybersecurity Framework identifies three core functions: Identify, Protect, and Detect.

Endpoint Security Recommendations

Recommendations for enhancing security on devices like computers, laptops, and mobile phones. They aim to protect against various threats and vulnerabilities.

CVSS Base Metric Group Classes

The CVSS Base Metric Group includes two classes of metrics: Exploitability and Impact.

Sguil Categories

Sguil uses categories to classify security events. 'Below 3464' refers to a category for events considered less critical and may require further analysis.

False Positive

A security alert triggered by a security tool, but it's not actually a real threat.

True Positive

A security alert triggered by a security tool, and it's actually a real threat.

False Negative

A security tool fails to detect a real threat.

True Negative

A security tool correctly identifies that there's no threat.

Retrospective Analysis

Examining past security events to understand how a malware attack happened and how to prevent similar incidents.

Sguil Application Window

The Sguil interface displays security events. It shows the priority of events using a field called 'Pr'.

Cyber Kill Chain Model: Reconnaissance

The initial phase of an attack where attackers gather information about a target, like employee contacts and network details.

Study Notes

General Information

• Study notes are being generated.
• Please provide the text or questions for which you require study notes.