Time limit: 0
Quiz-summary
0 of 20 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Information
Cyber Threat Management (CyberTM) Module 6 Group Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 20 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Answered
- Review
-
Question 1 of 20
1. Question
1 pointsWhich type of data would be considered an example of volatile data?Correct
Incorrect
Hint
Volatile data is data stored in memory such as registers, cache, and RAM, or it is data that exists in transit. Volatile memory is lost when the computer loses power. -
Question 2 of 20
2. Question
1 pointsKeeping data backups offsite is an example of which type of disaster recovery control?Correct
Incorrect
Hint
A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime. -
Question 3 of 20
3. Question
1 pointsWhich NIST-defined incident response stakeholder is responsible for coordinating incident response with other stakeholders and minimizing the damage of an incident?Correct
Incorrect
Hint
The management team creates the policies, designs the budget, and is in charge of staffing all departments. Management is also responsible for coordinating the incident response with other stakeholders and minimizing the damage of an incident. -
Question 4 of 20
4. Question
1 pointsWhat type of exercise interrupts services to verify that all aspects of a business continuity plan are able to respond to a certain type of incident?Correct
Incorrect
Hint
Operational exercises: At the most extreme are full operational exercises, or simulations. These are designed to interrupt services to verify that all aspects of a plan are in place and sufficient to respond to the type of incident that is being simulated. -
Question 5 of 20
5. Question
1 pointsMatch the intrusion event defined in the Diamond Model of intrusion to the description.Correct
Incorrect
Hint
Place the options in the following order:network path used to establish and maintain command and controlk infrastructure a tool or technique used to attack the victim capability the parties responsible for the intrusion adversary the target of the attack victim -
Question 6 of 20
6. Question
1 pointsWhat is a chain of custody?Correct
Incorrect
Hint
A chain of custody refers to the documentation of evidence collected about an incident that is used by authorities during an investigation. -
Question 7 of 20
7. Question
1 pointsAccording to the Cyber Kill Chain model, after a weapon is delivered to a targeted system, what is the next step that a threat actor would take?Correct
Incorrect
Hint
The Cyber Kill Chain specifies seven steps (or phases) and sequences that a threat actor must complete to accomplish an attack: – Reconnaissance – The threat actor performs research, gathers intelligence, and selects targets. – Weaponization – The threat actor uses the information from the reconnaissance phase to develop a weapon against specific targeted systems. – Delivery – The weapon is transmitted to the target using a delivery vector. – Exploitation – The threat actor uses the weapon delivered to break the vulnerability and gain control of the target. – Installation – The threat actor establishes a back door into the system to allow for continued access to the target. – Command and Control (CnC) – The threat actor establishes command and control (CnC) with the target system. – Action on Objectives – The threat actor is able to take action on the target system, thus achieving the original objective. -
Question 8 of 20
8. Question
1 pointsIn which step of the NIST incident response process does the CSIRT perform an analysis to determine which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring?Correct
Incorrect
Hint
In the detection and analysis phase of the NIST incident response process life cycle, the CSIRT should immediately perform an initial analysis to determine the scope of the incident, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring. -
Question 9 of 20
9. Question
1 pointsWhich task describes threat attribution?Correct
Incorrect
Hint
Threat attribution refers to determining the individual, organization, or nation responsible for a successful intrusion or attack incident. The security investigation team correlates all the evidence in order to identify commonalities between tactics, techniques, and procedures (TPPs) for known and unknown threat actors. -
Question 10 of 20
10. Question
1 pointsPlace the seven steps defined in the Cyber Kill Chain in the correct order.Correct
Incorrect
Hint
Place the options in the following order:step 1 reconnaissance step 2 weaponization step 3 delivery step 4 exploitation step 5 installation step 6 command and control step 7 action on objectives -
Question 11 of 20
11. Question
1 pointsMatch the NIST incident response stakeholder with the role.Correct
Incorrect
Hint
Place the options in the following order:preserves attack evidence IT support designs the budget management reviews policies for local or federal guideline violations legal department performs disciplinary measures human resources develops firewall rules information assurance -
Question 12 of 20
12. Question
1 pointsWhich type of controls restore the system after a disaster or an event?Correct
Incorrect
Hint
Corrective measures include controls that restore the system after a disaster or an event. -
Question 13 of 20
13. Question
1 pointsA company is applying the NIST.SP800-61 r2 incident handling process to security events. What are two examples of incidents that are in the category of precursor? (Choose two.)Correct
Incorrect
Hint
As an incident category, the precursor is a sign that an incident might occur in the future. Examples of precursors are log entries that show a response to a port scan or a newly-discovered vulnerability in web servers using Apache. -
Question 14 of 20
14. Question
1 pointsWhat will a threat actor do to create a back door on a compromised target according to the Cyber Kill Chain model?Correct
Incorrect
Hint
Once a target system is compromised, the threat actor will establish a back door into the system to allow for continued access to the target. Adding services and autorun keys is a way to create a point of persistent access. -
Question 15 of 20
15. Question
1 pointsWhat is the objective the threat actor in establishing a two-way communication channel between the target system and a CnC infrastructure?Correct
Incorrect
Hint
In the command and control phase of the Cyber Kill Chain, the threat actor establishes command and control (CnC) with the target system. With the two-way communication channel, the threat actor is able to issue commands to the malware software installed on the target. -
Question 16 of 20
16. Question
1 pointsWhich type of evidence supports an assertion based on previously obtained evidence?Correct
Incorrect
Hint
Corroborating evidence is evidence that supports a proposition already supported by initial evidence, therefore confirming the original proposition. Circumstantial evidence is evidence other than first-hand accounts of events provided by witnesses. -
Question 17 of 20
17. Question
1 pointsWhat is specified in the plan element of the NIST incident response plan?Correct
Incorrect
Hint
NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. One component of the plan element is to develop metrics for measuring the incident response capability and its effectiveness. -
Question 18 of 20
18. Question
1 pointsA cybersecurity analyst has been called to a crime scene that contains several technology items including a computer. Which technique will be used so that the information found on the computer can be used in court?Correct
Incorrect
Hint
A normal file copy does not recover all data on a storage device so an unaltered disk image is commonly made. An unaltered disk image preserves the original evidence, thus preventing inadvertent alteration during the discovery phase. It also allows recreation of the original evidence. -
Question 19 of 20
19. Question
1 pointsAccording to NIST, which step in the digital forensics process involves identifying potential sources of forensic data, its acquisition, handling, and storage?Correct
Incorrect
Hint
NIST describes the digital forensics process as involving the following four steps: * Collection – the identification of potential sources of forensic data and acquisition, handling, and storage of that data. * Examination – assessing and extracting relevant information from the collected data. This may involve decompression or decryption of the data. * Analysis – drawing conclusions from the data. Salient features, such as people, places, times, events, and so on should be documented. * Reporting – preparing and presenting information that resulted from the analysis. Reporting should be impartial and alternative explanations should be offered if appropriate. -
Question 20 of 20
20. Question
1 pointsWhich activity is typically performed by a threat actor in the installation phase of the Cyber Kill Chain?Correct
Incorrect
Hint
In the installation phase of the Cyber Kill Chain, the threat actor establishes a back door into the system to allow for continued access to the target.