Cyber Threat Management (CyberTM) Course Final Exam Answers
1. What are three disclosure exemptions that pertain to the FOIA? (Choose three.)
- law enforcement records that implicate one of a set of enumerated concerns
- information specifically non-exempt by statue
- confidential business information
- non-geological information regarding wells
- national security and foreign policy information
- public information from financial institutions
2. A company is developing security policies. Which security policy would address the rules that determine access to and use of network resources and define the consequences of policy violations?
- data policy
- remote access policy
- acceptable use policy
- password policy
3. Which framework should be recommended for establishing a comprehensive information security management system in an organization?
- ISO/IEC 27000
- ISO OSI model
- CIA Triad
- NIST/NICE framework
4. If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?
5. Match the roles in the data governance program to the description.
6. What type of security test uses simulated attacks to determine possible consequences of a real threat?
- penetration testing
- integrity checking
- network scanning
- vulnerability scanning
7. What are two tasks that can be accomplished with the Nmap and Zenmap network tools? (Choose two.)
- Identification of Layer 3 protocol support on hosts
- Password recovery
- TCP and UDP port scanning
- Validation of IT system configuratio
- Password auditing
8. Which network security tool can detect open TCP and UDP ports on most versions of Microsoft Windows?
9. Match the network security testing tool with the correct function. (Not all options are used.)
10. Match the command line tool with its description.
11. What three services are offered by FireEye? (Choose three.)
- deploys incident detection rule sets to network security tools
- creates firewall rules dynamically
- identifies and stops email threat vectors
- identifies and stops latent malware on files
- subjects all traffic to deep packet inspection analysis
- blocks attacks across the web
12. What is a characteristic of CybOX?
- It is the specification for an application layer protocol that allows the communication of CTI over HTTPS.
- It enables the real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector.
- It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.
- It is a set of specifications for exchanging cyberthreat information between organizations.
13. What three security tools does Cisco Talos maintain security incident detection rule sets for? (Choose three.)
14. Which security organization maintains a list of common vulnerabilities and exposures (CVE) and is used by prominent security organizations?
15. As a Cybersecurity Analyst, it is very important to keep current. It was suggested by some colleagues that NewsBites contains many good current articles to read. What network security organization maintains this weekly digest?
16. A network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element?
- the IP addresses or the logical location of essential systems or data
- the time between the establishment of a data flow and its termination
- the TCP and UDP daemons and ports that are allowed to be open on the server
- the list of TCP or UDP processes that are available to accept data
17. When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server?
- service accounts
- listening ports
- software environment
- critical asset address space
18. The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
- risk retention
- risk sharing
- risk reduction
- risk avoidance
19. Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?
- Exploit Code Maturity
- Modified Base
20. In what order are the steps in the vulnerability management life cycle conducted?
- discover, prioritize assets, assess, remediate, report, verify
- discover, prioritize assets, assess, remediate, verify, report
- discover, assess, prioritize assets, report, remediate, verify
- discover, prioritize assets, assess, report, remediate, verify
21. An organization has implemented antivirus software. What type of security control did the company implement?
- detective control
- compensative control
- deterrent control
- recovery control
22. What is the first step taken in risk assessment?
- Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
- Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness.
- Establish a baseline to indicate risk before security controls are implemented.
- Perform audits to verify threats are eliminated.
23. Match the stages in the risk management process to the description.
24. Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?
- qualitative analysis
- quantitative analysis
- loss analysis
- exposure factor analysis
25. A company manages sensitive customer data for multiple clients. The current authentication mechanism to access the database is username and passphrase. The company is reviewing the risk of employee credential compromise that may lead to a data breach and decides to take action to mitigate the risk before further actions can be taken to eliminate the risk. Which action should the company take for now?
- Install fingerprint or retinal scanners.
- Implement multi-factor authentication.
- Purchase an insurance policy.
- Enhance data encryption with an advanced algorithm.
26. Match the security incident stakeholder with the role.
27. Why would threat actors prefer to use a zero-day attack in the Cyber Kill Chain weaponization phase?
- to launch a DoS attack toward the target
- to get a free malware package
- to avoid detection by the target
- to gain faster delivery of the attack on the target
28. A threat actor has identified the potential vulnerability of the web server of an organization and is building an attack. What will the threat actor possibly do to build an attack weapon?
- Create a point of persistence by adding services.
- Install a webshell on the web server for persistent access.
- Obtain an automated tool in order to deliver the malware payload through the vulnerability.
- Collect credentials of the web server developers and administrators.
29. According to NIST standards, which incident response stakeholder is responsible for coordinating an incident response with other stakeholders to minimize the damage of an incident?
- IT support
- human resources
- legal department
30. Which meta-feature element in the Diamond Model describes information gained by the adversary?
31. The manager of a new data center requisitions magnetic door locks. The locks will require employees to swipe an ID card to open. Which type of security control is being implemented?
32. What is a statement of applicability (SOA)?
- It stipulates total compliance with NIST.
- It sets out a broad framework of network protocols used and their implementations.
- It allows for the tailoring of available control objectives and controls to best meet its priorities around confidentiality, integrity, and availability
- It is used as an audit point for network device implementation.
33. An organization is developing a data governance program that follows regulations and policies. Which role in the program is responsible for ensuring compliance with policies and procedures, assigning the proper classification to information assets, and determining the criteria for accessing information assets?
- data controller
- data custodian
- data owner
- data protection officer
34. A company is preparing for an ISMS audit. Match the right control for each control objective.
35. Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
- Prioritize assets
36. Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.)
- Confidentiality Requirement
- Modified Base
- Exploit Code Maturity
- Impact metrics
37. Which type of evidence cannot prove an IT security fact on its own?
38. What three tasks are accomplished by a comprehensive security policy? (Choose three.)
- useful for management
- defines legal consequences of violations
- is not legally binding
- gives security staff the backing of management
- sets rules for expected behavior
39. To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)
- measures used to prevent an incident
- time and date the evidence was collected
- extent of the damage to resources and assets
- vulnerabilities that were exploited in an attack
- serial numbers and hostnames of devices used as evidence
- location of all evidence
40. Which meta-feature element in the Diamond Model classifies the general type of intrusion event?
41. What key considerations does a business impact analysis (BIA) examine? (Choose four.)
- Recovery time objectives (RTOs)
- Recovery point objectives (RPOs)
- Recovery point times (RPTs)
- Mean time between objectives (RBOs)
- Mean time between failures (MTBF)
- Mean time to repair (MTTR)
42. Which type of controls help uncover new potential threats?
- Preventive controls
- Detective controls
- Corrective controls