Cyber Threat Management (CyberTM) Course Final Test Online

Hint

The nine Freedom of Information Act (FOIA) exemptions include the following: 1. National security and foreign policy information 2. Internal personnel rules and practices of an agency 3. Information specifically exempted by statute 4. Confidential business information 5. Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges 6. Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy 7. Law enforcement records that implicate one of a set of enumerated concerns 8. Agency information from financial institutions 9. Geological and geophysical information concerning wells

Hint

An organization needs to establish clear and detailed security policies. Some of these policies are: Password policy- Defines minimum password requirements, such as the number and type of characters used and how often they need to be changed. Acceptable use policy- Highlights a set of rules that determine access to and use of network resources. It may also define the consequences of policy violations. Remote access policy- Sets out how to remotely connect to the internal network of an organization and explains what information is remotely accessible. Data policy- Sets out measurable rules for processing data within an organization, such as specifying where data is stored, how data is classified, and how data is handled and disposed of.

Hint

A cybersecurity specialist needs to be familiar with the different frameworks and models for managing information security.

Hint

The Computer Fraud and Abuse Act (CFAA) provides the foundation for US laws criminalizing unauthorized access to computer systems.

Hint

Place the options in the following order:

a person who oversees the data protection strategy of an organization	Data protection officer
a person or organization who processes personal data on behalf of the data controller	Data processor
a person who determines the purposes for which, and the way in which, personal data is processed	Data controller
a person who ensures that data supports the business needs of an organization and meets regulatory requirements	Data steward
a person who ensures compliance with policies and procedures, assigns the proper classification to information assets, and determines the criteria for accessing information assets	Data owner
a person who implements the classification and security controls for the data in accordance with the rules set out by the data owner.	Data custodian

Hint

There are many security tests that can be used to assess a network. Penetration testing is used to determine the possible consequences of successful attacks on the network. Integrity checking is used to detect and report changes made to systems. Vulnerability scanning is used to find weaknesses and misconfigurations on network systems. Network scanning is used to discover available resources on the network.

Hint

Nmap is a low-level network scanner that is available to the public and which has the ability to perform port scanning, to identify open TCP and UDP ports, and perform system identification. It can also be used to identify Layer 3 protocols that are running on a system.

Hint

There are various network security tools available for network security testing and evaluation. L0phtcrack can be used to perform password auditing and recovery. SuperScan is a Microsoft port scanning software that detects open TCP and UDP ports on systems. Nmap and Zenmap are low-level network scanners available to the public.

Hint

Place the options in the following order:

used to assess if network devices are compliant with network security policies	Tripwire
used to scan systems for software vulnerabilities	Nessus
used for Layer 3 port scanning	Nmap

Hint

Place the options in the following order:

Displays TCP/IP settings (IP address, subnet mask, default gateway, DNS, and MAC information.	ipconfig
Gathers information from TCP and UDP network connections and can be used for port scanning, monitoring, banner grabbing, and file copying.	netcat
Assembles and analyzes packets for port scanning, path discovery, OS fingerprinting, and firewall testing.	hping
Queries a DNS server to help troubleshoot a DNS database.	nslookup

Hint

FireEye is a security company that uses a three-pronged approach combining security intelligence, security expertise, and technology. FireEye offers SIEM and SOAR with the Helix Security Platform, which use behavioral analysis and advanced threat detection.

Hint

CybOX is an open standards set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations that support many cybersecurity functions.

Hint

Talos maintains the security incident detection rule sets for the Snort.org, ClamAV, and SpamCop network security tools.

Hint

The MITRE Corporation maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations.

Hint

The SysAdmin, Audit, Network, Security (SANS) Institute has many resources. One of them is called NewsBites, the weekly digest of news articles about computer security.

Hint

A network profile should include some important elements, such as the following: Total throughput – the amount of data passing from a given source to a given destination in a given period of time Session duratio n – the time between the establishment of a data flow and its termination Ports used – a list of TCP or UDP processes that are available to accept data Critical asset address space – the IP addresses or the logical location of essential systems or data

Hint

A server profile will often contain the following: * Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server * User accounts – the parameters defining user access and behavior * Service accounts – the definitions of the type of service that an application is allowed to run on a server * Software environment – the tasks, processes, and applications that are permitted to run on the server

Hint

There are four potential strategies for responding to risks that have been identified: * Risk avoidance – Stop performing the activities that create risk. * Risk reduction – Decrease the risk by taking measures to reduce vulnerability. * Risk sharing – Shift some of the risk to other parties. * Risk retention – Accept the risk and its consequences.

Hint

The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics: * Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit * Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability

Hint

There are six steps in the vulnerability management life cycle: – Discover – Prioritize assets – Assess – Report – Remediate – Verify

Hint

A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

Hint

The three steps of risk assessment in order are as follows: – Identify threats and vulnerabilities and the matching of threats with vulnerabilities. – Establish a baseline to indicate risk before security controls are implemented. – Compare to an ongoing risk assessment as a means of evaluating risk management effectiveness.

Hint

Place the options in the following order:

Develop an action plan to reduce overall organization risk exposure. Management should rank and prioritize threats and a team determines how to respond to each threat.	Respond to the risk.
Once a risk has been identified, it is assessed and analyzed to determine the severity that the threat poses.	Assess the risk.
Continuously review risk reductions due to elimination, mitigation and transfer actions.	Monitor the risk.
Identify the threats throughout the organization that increase risk.	Frame the risk.

Hint

A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

Hint

Risk management is the identification, evaluation, and prioritization of risks. Organizations manage risk in one of four ways, avoidance, mitigation, transfer, or accept. In this scenario, implementing multi-factor authentication can reduce the risk of employee credential compromise, which is a mitigation action. Installing fingerprint or retinal scanners eliminates the risk, which is avoidance. Purchasing an insurance policy is transferring the financial risk to the insurance company.

Hint

Place the options in the following order:

performs disciplinary measures	human resources
changes firewall rules	information assurance
preserves attack evidence	IT support
designs the budget	management
reviews policies for local or federal guideline violations	legal department

Hint

When a threat actor prepares a weapon for an attack, the threat actor chooses an automated tool (weaponizer) that can be deployed through discovered vulnerabilities. Malware that will carry desired attacks is then built into the tool as the payload. The weapon (tool plus malware payload) will be delivered to the target system. By using a zero-day weaponizer, the threat actor hopes that the weapon will not be detected because it is unknown to security professionals and detection methods are not yet developed.

Hint

One tactic of weaponization used by a threat actor after the vulnerability is identified is to obtain an automated tool to deliver the malware payload through the vulnerability.

Hint

The management team creates the policies, designs the budget, and is in charge of staffing all departments. Management is also responsible for coordinating the incident response with other stakeholders and minimizing the damage of an incident.

Hint

The meta-feature element results are used to delineate what the adversary gained from the intrusion event.