Time limit: 0
Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Cyber Threat Management (CyberTM) Course Final Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
1 pointsWhat are three disclosure exemptions that pertain to the FOIA? (Choose three.)Correct
Incorrect
Hint
The nine Freedom of Information Act (FOIA) exemptions include the following: 1. National security and foreign policy information 2. Internal personnel rules and practices of an agency 3. Information specifically exempted by statute 4. Confidential business information 5. Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges 6. Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy 7. Law enforcement records that implicate one of a set of enumerated concerns 8. Agency information from financial institutions 9. Geological and geophysical information concerning wells -
Question 2 of 30
2. Question
1 pointsA company is developing security policies. Which security policy would address the rules that determine access to and use of network resources and define the consequences of policy violations?Correct
Incorrect
Hint
An organization needs to establish clear and detailed security policies. Some of these policies are: Password policy- Defines minimum password requirements, such as the number and type of characters used and how often they need to be changed. Acceptable use policy- Highlights a set of rules that determine access to and use of network resources. It may also define the consequences of policy violations. Remote access policy- Sets out how to remotely connect to the internal network of an organization and explains what information is remotely accessible. Data policy- Sets out measurable rules for processing data within an organization, such as specifying where data is stored, how data is classified, and how data is handled and disposed of. -
Question 3 of 30
3. Question
1 pointsWhich framework should be recommended for establishing a comprehensive information security management system in an organization?Correct
Incorrect
Hint
A cybersecurity specialist needs to be familiar with the different frameworks and models for managing information security. -
Question 4 of 30
4. Question
1 pointsIf a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?Correct
Incorrect
Hint
The Computer Fraud and Abuse Act (CFAA) provides the foundation for US laws criminalizing unauthorized access to computer systems. -
Question 5 of 30
5. Question
1 pointsMatch the roles in the data governance program to the description.Correct
Incorrect
Hint
Place the options in the following order:a person who oversees the data protection strategy of an organization Data protection officer a person or organization who processes personal data on behalf of the data controller Data processor a person who determines the purposes for which, and the way in which, personal data is processed Data controller a person who ensures that data supports the business needs of an organization and meets regulatory requirements Data steward a person who ensures compliance with policies and procedures, assigns the proper classification to information assets, and determines the criteria for accessing information assets Data owner a person who implements the classification and security controls for the data in accordance with the rules set out by the data owner. Data custodian -
Question 6 of 30
6. Question
1 pointsWhat type of security test uses simulated attacks to determine possible consequences of a real threat?Correct
Incorrect
Hint
There are many security tests that can be used to assess a network. Penetration testing is used to determine the possible consequences of successful attacks on the network. Integrity checking is used to detect and report changes made to systems. Vulnerability scanning is used to find weaknesses and misconfigurations on network systems. Network scanning is used to discover available resources on the network. -
Question 7 of 30
7. Question
1 pointsWhat are two tasks that can be accomplished with the Nmap and Zenmap network tools? (Choose two.)Correct
Incorrect
Hint
Nmap is a low-level network scanner that is available to the public and which has the ability to perform port scanning, to identify open TCP and UDP ports, and perform system identification. It can also be used to identify Layer 3 protocols that are running on a system. -
Question 8 of 30
8. Question
1 pointsWhich network security tool can detect open TCP and UDP ports on most versions of Microsoft Windows?Correct
Incorrect
Hint
There are various network security tools available for network security testing and evaluation. L0phtcrack can be used to perform password auditing and recovery. SuperScan is a Microsoft port scanning software that detects open TCP and UDP ports on systems. Nmap and Zenmap are low-level network scanners available to the public. -
Question 9 of 30
9. Question
1 pointsMatch the network security testing tool with the correct function. (Not all options are used.)Correct
Incorrect
Hint
Place the options in the following order:used to assess if network devices are compliant with network security policies Tripwire used to scan systems for software vulnerabilities Nessus used for Layer 3 port scanning Nmap -
Question 10 of 30
10. Question
1 pointsMatch the command line tool with its description.Correct
Incorrect
Hint
Place the options in the following order:Displays TCP/IP settings (IP address, subnet mask, default gateway, DNS, and MAC information. ipconfig Gathers information from TCP and UDP network connections and can be used for port scanning, monitoring, banner grabbing, and file copying. netcat Assembles and analyzes packets for port scanning, path discovery, OS fingerprinting, and firewall testing. hping Queries a DNS server to help troubleshoot a DNS database. nslookup -
Question 11 of 30
11. Question
1 pointsWhat three services are offered by FireEye? (Choose three.)Correct
Incorrect
Hint
FireEye is a security company that uses a three-pronged approach combining security intelligence, security expertise, and technology. FireEye offers SIEM and SOAR with the Helix Security Platform, which use behavioral analysis and advanced threat detection. -
Question 12 of 30
12. Question
1 pointsWhat is a characteristic of CybOX?Correct
Incorrect
Hint
CybOX is an open standards set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations that support many cybersecurity functions. -
Question 13 of 30
13. Question
1 pointsWhat three security tools does Cisco Talos maintain security incident detection rule sets for? (Choose three.)Correct
Incorrect
Hint
Talos maintains the security incident detection rule sets for the Snort.org, ClamAV, and SpamCop network security tools. -
Question 14 of 30
14. Question
1 pointsWhich security organization maintains a list of common vulnerabilities and exposures (CVE) and is used by prominent security organizations?Correct
Incorrect
Hint
The MITRE Corporation maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations. -
Question 15 of 30
15. Question
1 pointsAs a Cybersecurity Analyst, it is very important to keep current. It was suggested by some colleagues that NewsBites contains many good current articles to read. What network security organization maintains this weekly digest?Correct
Incorrect
Hint
The SysAdmin, Audit, Network, Security (SANS) Institute has many resources. One of them is called NewsBites, the weekly digest of news articles about computer security. -
Question 16 of 30
16. Question
1 pointsA network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element?Correct
Incorrect
Hint
A network profile should include some important elements, such as the following: Total throughput – the amount of data passing from a given source to a given destination in a given period of time Session duratio n – the time between the establishment of a data flow and its termination Ports used – a list of TCP or UDP processes that are available to accept data Critical asset address space – the IP addresses or the logical location of essential systems or data -
Question 17 of 30
17. Question
1 pointsWhen a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server?Correct
Incorrect
Hint
A server profile will often contain the following: * Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server * User accounts – the parameters defining user access and behavior * Service accounts – the definitions of the type of service that an application is allowed to run on a server * Software environment – the tasks, processes, and applications that are permitted to run on the server -
Question 18 of 30
18. Question
1 pointsThe IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?Correct
Incorrect
Hint
There are four potential strategies for responding to risks that have been identified: * Risk avoidance – Stop performing the activities that create risk. * Risk reduction – Decrease the risk by taking measures to reduce vulnerability. * Risk sharing – Shift some of the risk to other parties. * Risk retention – Accept the risk and its consequences. -
Question 19 of 30
19. Question
1 pointsWhich class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?Correct
Incorrect
Hint
The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics: * Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit * Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability -
Question 20 of 30
20. Question
1 pointsIn what order are the steps in the vulnerability management life cycle conducted?Correct
Incorrect
Hint
There are six steps in the vulnerability management life cycle: – Discover – Prioritize assets – Assess – Report – Remediate – Verify -
Question 21 of 30
21. Question
1 pointsAn organization has implemented antivirus software. What type of security control did the company implement?Correct
Incorrect
Hint
A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. -
Question 22 of 30
22. Question
1 pointsWhat is the first step taken in risk assessment?Correct
Incorrect
Hint
The three steps of risk assessment in order are as follows: – Identify threats and vulnerabilities and the matching of threats with vulnerabilities. – Establish a baseline to indicate risk before security controls are implemented. – Compare to an ongoing risk assessment as a means of evaluating risk management effectiveness. -
Question 23 of 30
23. Question
1 pointsMatch the stages in the risk management process to the description.Correct
Incorrect
Hint
Place the options in the following order:Develop an action plan to reduce overall organization risk exposure. Management should rank and prioritize threats and a team determines how to respond to each threat. Respond to the risk. Once a risk has been identified, it is assessed and analyzed to determine the severity that the threat poses. Assess the risk. Continuously review risk reductions due to elimination, mitigation and transfer actions. Monitor the risk. Identify the threats throughout the organization that increase risk. Frame the risk. -
Question 24 of 30
24. Question
1 pointsYour risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?Correct
Incorrect
Hint
A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization. -
Question 25 of 30
25. Question
1 pointsA company manages sensitive customer data for multiple clients. The current authentication mechanism to access the database is username and passphrase. The company is reviewing the risk of employee credential compromise that may lead to a data breach and decides to take action to mitigate the risk before further actions can be taken to eliminate the risk. Which action should the company take for now?Correct
Incorrect
Hint
Risk management is the identification, evaluation, and prioritization of risks. Organizations manage risk in one of four ways, avoidance, mitigation, transfer, or accept. In this scenario, implementing multi-factor authentication can reduce the risk of employee credential compromise, which is a mitigation action. Installing fingerprint or retinal scanners eliminates the risk, which is avoidance. Purchasing an insurance policy is transferring the financial risk to the insurance company. -
Question 26 of 30
26. Question
1 pointsMatch the security incident stakeholder with the role.Correct
Incorrect
Hint
Place the options in the following order:performs disciplinary measures human resources changes firewall rules information assurance preserves attack evidence IT support designs the budget management reviews policies for local or federal guideline violations legal department -
Question 27 of 30
27. Question
1 pointsWhy would threat actors prefer to use a zero-day attack in the Cyber Kill Chain weaponization phase?Correct
Incorrect
Hint
When a threat actor prepares a weapon for an attack, the threat actor chooses an automated tool (weaponizer) that can be deployed through discovered vulnerabilities. Malware that will carry desired attacks is then built into the tool as the payload. The weapon (tool plus malware payload) will be delivered to the target system. By using a zero-day weaponizer, the threat actor hopes that the weapon will not be detected because it is unknown to security professionals and detection methods are not yet developed. -
Question 28 of 30
28. Question
1 pointsA threat actor has identified the potential vulnerability of the web server of an organization and is building an attack. What will the threat actor possibly do to build an attack weapon?Correct
Incorrect
Hint
One tactic of weaponization used by a threat actor after the vulnerability is identified is to obtain an automated tool to deliver the malware payload through the vulnerability. -
Question 29 of 30
29. Question
1 pointsAccording to NIST standards, which incident response stakeholder is responsible for coordinating an incident response with other stakeholders to minimize the damage of an incident?Correct
Incorrect
Hint
The management team creates the policies, designs the budget, and is in charge of staffing all departments. Management is also responsible for coordinating the incident response with other stakeholders and minimizing the damage of an incident. -
Question 30 of 30
30. Question
1 pointsWhich meta-feature element in the Diamond Model describes information gained by the adversary?Correct
Incorrect
Hint
The meta-feature element results are used to delineate what the adversary gained from the intrusion event.