Question 1: What physical characteristics can affect the usability of security mechanisms?
Question 2: __________ reflects on the potential harmful effect of design choices before technological innovations are put into large-scale deployment
Question 3: One of the main benefits of analyzing the malware structure that may include the libraries and toolkits and coding techniques, we may find some important data that is possibly helpful to attribution.
What is the prime importance of the above-mentioned benefit?
Question 4: The process of developing and evaluating options to address exposure is called?
Question 5: In Security Architecture and Lifecycle “to group users and data into broad categories using role-access requirements, together with formal data classification and user clearance” is part of which step?
Question 6: Syslog provides a generic logging infrastructure that constitutes an extremely efficient data source for many uses. This new specification introduces several improvements over the original implementation. A Syslog entry is a timestamped text message coming from an identified source.
What is the information stored in Syslog?
Question 7: According to The US Government NIST guidelines, “Conduct” is the phase where
Question 8: With regards to large numbers of unique passwords, what is a way to support people in managing them?
Question 9: Systems benefit from a uniform approach to security infrastructure. Which is NOT a part of this approach?
Question 10: What is a common technique for permitting data processing without risk to individuals?
Question 11: This method begins by asking “What is the overall goal of the system or enterprise”
Question 12: Which of the following options is not an element of Information Security?
Question 13: _______ allows scholars, engineers, auditors, and regulators to examine how security controls operate to ensure their correctness, or identify flaws, without undermining their security.
Question 14: GDPR brought about a significant change in the ______________ jurisdiction of European data protection law
Question 15: The pcap library needs the accessibility of a network interface that can be employed in alleged promiscuous mode, which means that interface will recover all packets from the network, even those packets that are not requested to it. Also, it is not required to bind an IP address to the network interface to capture traffic.
Binding of IP address to the network interface is essential to do what?
Question 16: The privacy knowledge area is structured in different sections, which is consider part of this paradigm?
Question 17: Criteria by which usability is assessed?
Question 18: Memory-resident malware such that if the computer is rebooted or the infected running program terminates, it no longer exists anywhere on the system and can evade detection by many anti-virus systems that rely on file scanning.
What is the advantage of memory-resident malware?
Question 19: What theme is of high relevance regarding the cost versus benefits trade-offs of security to user systems and cybercriminals
Question 20: The golden arches of McDonald’s are protected under what intellectual property law?
Question 21: Software programs are protected from illegal distribution under what law?
Question 22: Which is NOT an aspect of Risk Communication with relation to compliance and accountability?
Question 23: Renn defines three basic abstract elements which are at the core of most risk assessment methods. Which element is NOT part of Renn’s definition?
Question 24: Confidentiality based on the __________ of data, is meant to provide a way to control the extent to which an adversary can make inferences about users’ sensitive information
Question 25: Which is a type of onion router used to forward data making use of an anonymous communication network?
Question 26: There are many benefits to analyzing malware. First, we can understand the intended malicious activities to be carried out by the malware.
What is the benefit of understanding intended malicious activities?
Question 27: The 1st dimension of our taxonomy is whether malware is a standalone (or, independent) program or just a sequence of instructions to be embedded in another program.
Question 28: Flaws caused by humans frequently arise in design and code which lead to security vulnerabilities. Which discipline has made a big effort in minimizing these faults?
Question 29: What is a traditional method for obtaining custody of a cybercriminal who is not present within the state?
Question 30: The injection of fake data points into data made available in order to hide real samples is called
Question 31: The detection issue is a classification job. The assessment of an IDS, therefore, equates the outcome of the detector with the base reality identified to the evaluator, but not to the detector.
What are the possible outcomes of the detection process?
Question 32: Layer 3 information, such as IP addresses, the amount and timing of the data transferred, or the duration of the connection, is accessible to observers even if communications are encrypted or obfuscated.
What type of metadata is this in reference to?
Question 33: There are two principal approaches to formal modelling
Question 34: Most modern malware uses some form of obfuscation to avoid detection as there is a range of obfuscation techniques and there are tools freely available on the Internet for a malware author to use.
polymorphism can be used to defeat detection methods that are based on ‘signatures’
or patterns of malware code which mean?
Question 35: With reference to law, which school of thought has universally prevailed with state authorities
Question 36: There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence?
Question 37: Encrypted traffic, and particularly TLS, is common and TLS guarantees both the validation of the server to the client and the privacy of the exchange over the network. But it is difficult to evaluate the payload of packets. The solution is to put a supplementary dedicated box near to the application server, usually named the Hardware Security Module (HSM).
What is the purpose of HSM?
Question 38: The analogy between quality management and security is not perfect because the
Question 39: The early-day malware activities were largely nuisance attacks (such as defacing or putting graffiti on an organization’s web page) but Present-day malware attacks are becoming full-blown cyberwars.
An underground eco-system has also emerged to support what?
Question 40: Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.
This supposedly supports the detection of what?
Question 41: “The effectiveness , efficiency and satisfaction with which specified users achieve specified goals in particular environment”
This is the definition of “usability” by
Question 42: Consist of principles which refer to securitu architecture , precise controls and engineering process management?
Question 43: ________ is the number of characters that most humans can commit to STM without overload
Question 44: In a scenario where the data belongs to the sender and the recipient acts as the data process is an example of?
Question 45: Component-driven methods are good for
Question 46: “International and national statutory and regulatory requirements , compliance obligations and security ethics including data protections and developing doctrines on cyber warfare “
Which of the following option describes the above – mentioned statement?
Question 47: In SIEM data collection , the transport protocol defines how the alert bilstring is migrated from one place to another .
What are the examples of transport protocols?
Question 48: _________ is a principle where conditions appear from previous decisions about said systems
Question 49: Which is an incident management functions specific to cybersecurity?
Question 50: Which of the following is NOT a core Concept of risk Assessment?
Question 51: The Domain NAme System translates domain names, significantly bits of text to IP addresses needed for network communications . The DNS protocol is also a regular DDOs enhancer as it is likely for an attacker to impersonate the IP address of a target in a DNS request , this triggering the DNS server to send unwanted traffic to the target
What other protocols are prone to amplification
Question 52: Which is not a Good Security Metric?
Question 53: Which one is NOT part of the risk governance model?
Question 54: Which is NOT an aspect of RISK Communication with rekation to compliance and accountability
Question 55: Which is a valuable framework for the system engineers and who probe deficiencies and vunerabilities within such systems?
Question 56: Which principle states that controls mneed to define and enable operatiosn that can postevily be identified as being in accordance with a security policy and reject all others?
Question 57: Experts Proposed a framework to systematize the attribution efforts of cyberattacks which of the following is NOT a Layer of the framework
Question 58: What is the good example of a security measure made ineffective due to its 0.1 % utilization and that has been around for over 20 years?
Question 59: Which of the following is not a NIST security architecture strategy?
Question 60: The third Dimension generally applies to only persistent malware based on the layers that include firmware , boot- sector ,operating System kernel , drivers and Application programming Interfaces (APi’s) and user Applications
All the above mentioned layers are presented in which order?
Question 61: As Netflow was designed by the network equipment providers it is exceptionaaly well implemented in networks and extensively used for network angement jobs . It is Standardized and even nonetheless the commercial names vary alike information is gathered by the manufacturers that are supportive of theis technology.
Controlling Packets to calculate Netflow Counters Requires access to what?
Question 62: Situations where risks are less clear cut there may be a need to include a broadet set of evidence and consider a comparitive approach such as cost benefit analysis or cost eefectiveness . This is all true with regards to
Question 63: ____________ is the result of a threat exploitying a vunerability , which has a negative effect on the success on the objectives for which we are assessing the risk
Question 64: Which of the following is not done by Cyber Criminals?
Question 65: In legal research , this term can refer to any systemaized collection of primary legislation , secondary legislation , model laws or merely a set of rules publised by public or private organizations
Question 66: TLS guarantees both the validation to the server to the client and the privacy of the exchange over the network . But it is difficult to evaluate the payload of pockets . The solution is to put a supplementart dedicated box neae to the application server , usually named as Hardware Security Module (HSM)
What is the purpose of HSM?
Question 67: MAlware essentially Codifies the malicious activities intended by an attacker and can be analyzed using the Cyber Kill Chain Model which represents ( iterations of ) steps typically involved in a cybersttack
What is the forst step in the Cyber Kill Chain Model that Cyber Attackers Follow?
Question 68: Which concept addresses information flows with different privacy needs depending on the entities exchanging the information or the environment in which it is exchanged.
Question 69: A framework that acknowledges that current systems are interconnected, and provides basis on how to secure them
Question 70: An adversary cannot determine which candidate a user voted for, this is true for
Question 71: The term ’jurisdiction’ is used to refer to a state, or any political sub-division of a state, that has the authority to do?
Question 72: Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.
Question 73: _________ is oriented towards operational risk and security practices rather than technology.
Question 74: Cybercrime can be categorized into ________ types
Question 75: What is the best detection approach when dealing with DDoS
Question 76: Before performing any penetration test, through legal procedure, which key points listed below is not mandatory?
Question 77: Capturing the MAC layer is doable but needs an explicit configuration. Capturing the MAC layer is mandatory to identify attacks like ARP poisoning. For the definite categories of industrial control networks that execute right on top of the Ethernet layer, capturing traffic involves adding a node and could change the real-time conventions.
Understanding the information available in the MAC layer requires what?
Question 78: As with any process of risk management, a key calculation relates to expected impact, being calculated from some estimate of likelihood of events that may lead to impact, and an estimate of the impact arising from those events.
Which is NOT an element of likelihood?
Question 79: Systems benefit from a uniform approach to security infrastructure . Which is NOT a part of this approach?
Question 80: Which of the following is not a type of peer-to-peer cyber-crime?
Question 81: Why are chances in passive security indicators often missed by human , particularly if they are on the edges of the screen?
Question 82: Criteria by which usability is assessed?
Question 83: The collection,analysis & reporting of digital analysis in support of incidents or criminal events
Question 84: Which of the following is not a type of cybercrime?
Question 85: Experts proposed a framework to systematize the attribution efforts of cyberattacks, which of the following is NOT a layer of this framework
Question 86: The very noticeable zone where autonomous network-oriented mitigation is essential is Denial of Service (DoS), and principally large-scale Dis
DDoS attacks have increased ___
Question 87: A __________ is a machine which is offered as bait to attackers.
Question 88: Since the late 1990s, machine learning (ML) has been applied to automate the process of building models for detecting malware and attacks. The benefit of machine learning is its ability to generalize over a population of samples.
Which of the following is an example of machine learning?
Question 89: While browsing the internet David saw the advertisement of a used car in great condition, low miles, and below market price, he contact the car owner and made a small payment upfront before the final delivery. After some time, he didn’t hear back from the car owner. This is an example of?
Question 90: Criminals exploit vulnerabilities in organizations websites they disagree with and use them to change the home page of the website to a politically charged one to spread their message. This hacktivism type is called
Question 91: The source code of the malware is often not available and, therefore, the first step of static analysis is to disassemble malware binary into assembly code and the most commonly used code obfuscation technique is packing.
Packing is part of the malware program?
Question 92: There are several types of takedowns to disrupt malware operations. If the malware uses domain names to look up and to communicate with centralized C&C servers.
What is the line of action in the above scenario?
Question 93: If malware is not detected during its distribution state, i.e., a detection system misses its presence in the payloads of network traffic or the filesystem and memory of the end-host, it can still be detected?
Question 94: In IDS, _________ are attack events that should be reported in alerts by the detector.
Question 95: At the core network, MPLS provides an interesting option to mitigate DDoS attacks
Question 96: From a commercial point of view, attack graphs and vulnerability management techniques facilitate risk management and compliance with governance.
As the potential for cyber-attacks surge, and possibly becomes a risk to human life or corporate stability, regulators enforce protection and detection methods to confirm what?
Question 97: Code-based architecture emulation is Easy to use, Fine-grained introspection, Powerful control over the system state.
As compared to Type1 & Type 2 Hypervisor, what is the main drawback of the machine emulator?
Question 98: These are people who are recruited by criminals to perform money laundering operations
Question 99: Malware analysis is an important step in understanding malicious behaviors and properly updating our attack prevention and detection systems.
Which of the following employs a wide range of evasion techniques?
Question 100: A method for discovering vulnerabilities, bugs and crashes in software by feeding randomized inputs to programs is called
Question 101: What is the main problem with Domain Name System (DNS)
Question 102: The Security Procedures and Incident Supervision field contain many subjects. From a technical perspective, SOIM requires the capability to witness the activity of an Information System or network, by gathering traces that are illustrative of this activity.
Real-time traces analysis is required to detect what?
Question 103: Which of the following provides a way to reference specific vulnerabilities attached to specific versions of products?
Question 104: Static analysis involves examining the code (source, intermediate, or binary) to assess the behaviors of a program without actually executing it and a wide range of malware analysis techniques fall into the category of static analysis.
What is/are the main limitations of this technique?
Question 105: A technique used by cybercriminals where they use multiple servers associated with the Command-and-Control infrastructure and rotate them quickly to make their infrastructure more resilient, is called?
Question 106: _____________ targets a specific organization rather than aiming to launch large-scale attacks.
Question 107: What are Potentially Unwanted Programs (PUPs)?
