Question

1.
Select the option below that indicates a DLL MAY have been hooked maliciously.

Hooking module: CRYPTBASE.DLL
Hooking module: combase.dll
Hooking module: <unknown>

2.
The malfind module uses certain markers to identify potential hooks. Select all the markers that apply from the list below.

A tag of VadS
Is executable
Marked as Private (has a value of 1)
Is colored red

3.
From the list below, choose what you consider to be the MOST important statement regarding the external hard drive used for capturing images.

It MUST contain all of the forensic analysis software preloaded.
It MUST be USB.
It MUST be forensically clean.
All of the answers are MOST important.

4.
In response to the threats targeting your industry, select from the the list below all the mitigation techniques that may apply.

Creating firewall rules and intrusion detection systems.
Hardening vulnerable systems by patching and changing configurations.
Strengthening and enforcing password and access policies.
Increased monitoring of vulnerable assets.

5.
CTI provides intelligence you can use to enhance the security of the network by decreasing dwell time. From the list, select the appropriate aspect of intelligence.

Actionable
Timely
Relevant
All answers are correct

6.
You are designing a Network Security Monitoring program at your company, In order to collect network traffic flow data, you need to utilize a device to get packets to the sensor that will not disrupt normal business usage. What are your most reasonable options? (select all that apply)

Layer 3 Router
Network Tap
Span Port

7.
Which is the most restrictive Access Control method?

DAC
RBAC
TBAC

8.
No matter how strong your defenses are, or what proactive steps have been taken, eventually a motivated attacker will find a way to get in. Select the most appropriate reason for this statement.

None of the answers are correct.
Prevention eventually fails.
The segmented network architecture is too complex to manage effectively.

9.
Flat network designs have the following security concerns:

High cost associated with implementation.
Free flow of network traffic behind the firewall.
Single point of failure associated with the single firewall.
B & C

10.
The PCAP data format is applicable to which Network Security Monitor data type?

Alert data.
Full Packet Capture (FPC) data.
Packet String (PSTR) data.

11.
From the list below select ALL that apply to the definition of Threat-Centric Defense.

Question options:

Focuses on detection.
Knows that threats use different tools, tactics, and procedures.
Analyzes every attack in a vacuum.
Relies on prevention.
Assumes universal view of all threats.
Recognizes that prevention eventually fails.
Focuses on collection.
Combines intelligence from every attack.

12.
What is the primary reason Attackers use outbound C2 connections?

Outbound connections are more likely to be allowed through the firewall than inbound connections.

Malware cannot respond to inbound connections because control of compromised systems has to be initiated by the compromised system.

Attackers cannot reach compromised systems with inbound connections.

13.
The current state of security has led us to a point where traditional detection is no longer effective. Select the main reason for the failure from the list below.

A vulnerability-centric defense.

Detection is mostly signature-based.

Structured threats use formal Tactics, Techniques, and Procedures (TTP).

14.
According to the Sliding Scale of Cyber Security, which of the following is the recommended model for offense?

The Diamond Model.

None. Actually implementing security is the best defense.

15.
Which of the following should be the primary guide to network security design?

Annual revenue projections.

The level of Business Risk an organization is willing to tolerate.

Network speed requirements.

16.
In most scenarios, which type of NSM sensor is preferable because it allows for data analysis independent of the sensor?

Half-Cycle.
None of the answers are correct.
Full-Cycle.

Answer 1

1.Select the option below that indicates a DLL MAY have been hooked maliciously.

Hooking module: CRYPTBASE.DLL (answer)
Hooking module: combase.dll
Hooking module: <unknown>

2.The malfind module uses certain markers to identify potential hooks. Select all the markers that apply from the list below.

A tag of VadS (answer)
Is executable
Marked as Private (has a value of 1)
Is colored red

3.From the list below, choose what you consider to be the MOST important statement regarding the external hard drive used for capturing images.

It MUST contain all of the forensic analysis software preloaded.
It MUST be USB.(answer)
It MUST be forensically clean.
All of the answers are MOST important.

4.In response to the threats targeting your industry, select from the the list below all the mitigation techniques that may apply.

Creating firewall rules and intrusion detection systems.(answer)
Hardening vulnerable systems by patching and changing configurations.
Strengthening and enforcing password and access policies.
Increased monitoring of vulnerable assets.(answer)

5.CTI provides intelligence you can use to enhance the security of the network by decreasing dwell time. From the list, select the appropriate aspect of intelligence.

Actionable(answer)
Timely
Relevant
All answers are correct

6.You are designing a Network Security Monitoring program at your company, In order to collect network traffic flow data, you need to utilize a device to get packets to the sensor that will not disrupt normal business usage. What are your most reasonable options? (select all that apply)

Layer 3 Router
Network Tap(answer)
Span Port(answer)

7.Which is the most restrictive Access Control method?

DAC
RBAC
TBAC(answer)

8.No matter how strong your defenses are, or what proactive steps have been taken, eventually a motivated attacker will find a way to get in. Select the most appropriate reason for this statement.

None of the answers are correct.
Prevention eventually fails.(answer)
The segmented network architecture is too complex to manage effectively.

9.Flat network designs have the following security concerns:

High cost associated with implementation.
Free flow of network traffic behind the firewall.
Single point of failure associated with the single firewall.
B & C(answer)

10.The PCAP data format is applicable to which Network Security Monitor data type?

Alert data.
Full Packet Capture (FPC) data.(answer)
Packet String (PSTR) data.

11.From the list below select ALL that apply to the definition of Threat-Centric Defense.

Question options:

Focuses on detection.(answer)
Knows that threats use different tools, tactics, and procedures.(answer)
Analyzes every attack in a vacuum.(answer)
Relies on prevention.
Assumes universal view of all threats.
Recognizes that prevention eventually fails.(answer)
Focuses on collection.
Combines intelligence from every attack.(answer)

12.What is the primary reason Attackers use outbound C2 connections?

Outbound connections are more likely to be allowed through the firewall than inbound connections.

Malware cannot respond to inbound connections because control of compromised systems has to be initiated by the compromised system.(answer)

Attackers cannot reach compromised systems with inbound connections.

13.The current state of security has led us to a point where traditional detection is no longer effective. Select the main reason for the failure from the list below.

A vulnerability-centric defense.(answer)

Detection is mostly signature-based.

Structured threats use formal Tactics, Techniques, and Procedures (TTP).

14.According to the Sliding Scale of Cyber Security, which of the following is the recommended model for offense?

The Diamond Model.

None. (answer)

Actually implementing security is the best defense.

15.Which of the following should be the primary guide to network security design?

Annual revenue projections.

The level of Business Risk an organization is willing to tolerate.(answer)

Network speed requirements.

16.In most scenarios, which type of NSM sensor is preferable because it allows for data analysis independent of the sensor?

Half-Cycle.
None of the answers are correct.
Full-Cycle.(answer)