Cyber Threat Management (CyberTM) Module 1 – 5 Group Test Online

Hint

Users may be unaware of their actions if not educated in the reasons why their actions can cause a problem with the computer. By implementing several technical and nontechnical practices, the threat can be reduced.

Hint

Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization. Each domain has various countermeasures available to manage threats.

Hint

The “Analyze” category of the workforce framework includes specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness.

Hint

The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as merchants and banks exchange transactions.

Hint

The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out methods to restrict information sharing with third-party firms.

Hint

Integrity checking is used to detect and report changes made to systems. Vulnerability scanning is used to find weaknesses and misconfigurations on network systems. Network scanning is used to discover available resources on the network.

Hint

Vulnerability scanners are commonly used to scan for the following vulnerabilities: Use of default passwords or common passwords Missing patches Open ports Misconfiguration of operating systems and software Active IP addresses

Hint

SIEM, which is a combination of Security Information Management and Security Event Management products, is used for forensic analysis and provides real-time reporting of security events.

Hint

There are many tests that are used by security specialists to assess the status of a system. They include the following: – penetration testing to determine the feasibility of attacks – network scanning to scan for and identify open TCP ports – integrity checking to check for changes that have occurred in the system – vulnerability scanning to detect potential weaknesses in systems

Hint

Tripwire – This tool assesses and validates IT configurations against internal policies, compliance standards, and security best practices.

Hint

Trusted Automated Exchange of Indicator Information (TAXII) is the specification for an application layer protocol that allows the communication of CTI over HTTPS. TAXII is designed to support Structured Threat Information Expression (STIX).

Hint

AIS responds to a new threat as soon as it is recognized by immediately sharing it with U.S. Federal Government and the private sector to help them protect their networks against that particular threat.

Hint

The United States government sponsored the MITRE Corporation to create and maintain a catalog of known security threats called Common Vulnerabilities and Exposures (CVE). The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.

Hint

There are four potential strategies for responding to risks that have been identified: Risk avoidance – Stop performing the activities that create risk. Risk reduction – Decrease the risk by taking measures to reduce vulnerability. Risk sharing – Shift some of the risk to other parties. Risk retention – Accept the risk and its consequences.

Hint

The steps in the Vulnerability Management Life Cycle include these:Discover – inventory all assets across the network and identify host details, including operating systems and open services, to identify vulnerabilities Prioritize assets – categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to business operations Assess – determine a baseline risk profile to eliminate risks based on asset criticality, vulnerability threats, and asset classification Report – measure the level of business risk associated with assets according to security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities. Remediate – prioritize according to business risk and fix vulnerabilities in order of risk Verify – verify that threats have been eliminated through follow-up audits

Hint

A network profile should include some important elements, such as the following: Total throughput – the amount of data passing from a given source to a given destination in a given period of time Session duration – the time between the establishment of a data flow and its termination Ports used – a list of TCP or UDP processes that are available to accept data Critical asset address space – the IP addresses or the logical location of essential systems or data

Hint

Asset management involves tracking the location and configuration of networked devices and software across an enterprise.

Hint

The scope metric is impacted by an exploited vulnerability that can affect resources beyond the authorized privileges of the vulnerable component or that are managed by a different security authority.

Hint

There are six steps in the vulnerability management life cycle: Discover Prioritize assets Assess Report Remediate Verify

Hint

Quantitative risk analysis takes the top threats, assigns a cost value to each threat if it actually occurred, and orders the list from most expensive to least expensive. This priority list allows management to determine where to apply current resources to the threat or threats that would cost the most to the organization. The quantitative risk analysis is based on cost, but this should not be the only criterion applied when, for example, evaluating a system that provides or involves national security.

Hint

A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

Hint

Risk management is a formal process that reduces the impact of threats and vulnerabilities. The process involves four general steps: – Frame the risk – Identify the threats throughout the organization that increase risk. – Assess the risk – Once a risk has been identified, it is assessed and analyzed to determine the severity that the threat poses. – Respond to the risk – Develop an action plan to reduce overall organization risk exposure. Management should rank and prioritize threats and a team determines how to respond to each threat. – Monitor the risk – Continuously review risk reductions due to elimination, mitigation and transfer actions.

Hint

Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Hint

Risk mitigation lessens the exposure of an organization to threats and vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce risk.

Hint

Of the formulas used in quantitative risk analysis, exposure factor is used to estimate the degree of destruction that could occur from an event such as flooding or data entry error.