Question

In: Computer Science

1. Select the option below that indicates a DLL MAY have been hooked maliciously. Hooking module:...

1.
Select the option below that indicates a DLL MAY have been hooked maliciously.

Hooking module: CRYPTBASE.DLL
Hooking module: combase.dll
Hooking module: <unknown>

2.
The malfind module uses certain markers to identify potential hooks. Select all the markers that apply from the list below.

A tag of VadS
Is executable
Marked as Private (has a value of 1)
Is colored red

3.
From the list below, choose what you consider to be the MOST important statement regarding the external hard drive used for capturing images.

It MUST contain all of the forensic analysis software preloaded.
It MUST be USB.
It MUST be forensically clean.
All of the answers are MOST important.


4.
In response to the threats targeting your industry, select from the the list below all the mitigation techniques that may apply.

Creating firewall rules and intrusion detection systems.
Hardening vulnerable systems by patching and changing configurations.
Strengthening and enforcing password and access policies.
Increased monitoring of vulnerable assets.

5.
CTI provides intelligence you can use to enhance the security of the network by decreasing dwell time. From the list, select the appropriate aspect of intelligence.

Actionable
Timely
Relevant
All answers are correct

6.
You are designing a Network Security Monitoring program at your company, In order to collect network traffic flow data, you need to utilize a device to get packets to the sensor that will not disrupt normal business usage. What are your most reasonable options? (select all that apply)

Layer 3 Router
Network Tap
Span Port


7.
Which is the most restrictive Access Control method?


DAC
RBAC
TBAC

8.
No matter how strong your defenses are, or what proactive steps have been taken, eventually a motivated attacker will find a way to get in. Select the most appropriate reason for this statement.

None of the answers are correct.
Prevention eventually fails.
The segmented network architecture is too complex to manage effectively.

9.
Flat network designs have the following security concerns:

High cost associated with implementation.
Free flow of network traffic behind the firewall.
Single point of failure associated with the single firewall.
B & C

10.
The PCAP data format is applicable to which Network Security Monitor data type?

Alert data.
Full Packet Capture (FPC) data.
Packet String (PSTR) data.

11.
From the list below select ALL that apply to the definition of Threat-Centric Defense.

Question options:

Focuses on detection.
Knows that threats use different tools, tactics, and procedures.
Analyzes every attack in a vacuum.
Relies on prevention.
Assumes universal view of all threats.
Recognizes that prevention eventually fails.
Focuses on collection.
Combines intelligence from every attack.

12.
What is the primary reason Attackers use outbound C2 connections?

Outbound connections are more likely to be allowed through the firewall than inbound connections.

Malware cannot respond to inbound connections because control of compromised systems has to be initiated by the compromised system.

Attackers cannot reach compromised systems with inbound connections.

13.
The current state of security has led us to a point where traditional detection is no longer effective. Select the main reason for the failure from the list below.

A vulnerability-centric defense.

Detection is mostly signature-based.

Structured threats use formal Tactics, Techniques, and Procedures (TTP).

14.
According to the Sliding Scale of Cyber Security, which of the following is the recommended model for offense?

The Diamond Model.

None. Actually implementing security is the best defense.


15.
Which of the following should be the primary guide to network security design?

Annual revenue projections.

The level of Business Risk an organization is willing to tolerate.

Network speed requirements.

16.
In most scenarios, which type of NSM sensor is preferable because it allows for data analysis independent of the sensor?

Half-Cycle.
None of the answers are correct.
Full-Cycle.

Solutions

Expert Solution

1.Select the option below that indicates a DLL MAY have been hooked maliciously.

Hooking module: CRYPTBASE.DLL (answer)
Hooking module: combase.dll
Hooking module: <unknown>

2.The malfind module uses certain markers to identify potential hooks. Select all the markers that apply from the list below.

A tag of VadS (answer)
Is executable
Marked as Private (has a value of 1)
Is colored red

3.From the list below, choose what you consider to be the MOST important statement regarding the external hard drive used for capturing images.

It MUST contain all of the forensic analysis software preloaded.
It MUST be USB.(answer)
It MUST be forensically clean.
All of the answers are MOST important.


4.In response to the threats targeting your industry, select from the the list below all the mitigation techniques that may apply.

Creating firewall rules and intrusion detection systems.(answer)
Hardening vulnerable systems by patching and changing configurations.
Strengthening and enforcing password and access policies.
Increased monitoring of vulnerable assets.(answer)

5.CTI provides intelligence you can use to enhance the security of the network by decreasing dwell time. From the list, select the appropriate aspect of intelligence.

Actionable(answer)
Timely
Relevant
All answers are correct

6.You are designing a Network Security Monitoring program at your company, In order to collect network traffic flow data, you need to utilize a device to get packets to the sensor that will not disrupt normal business usage. What are your most reasonable options? (select all that apply)

Layer 3 Router
Network Tap(answer)
Span Port(answer)


7.Which is the most restrictive Access Control method?

DAC
RBAC
TBAC(answer)

8.No matter how strong your defenses are, or what proactive steps have been taken, eventually a motivated attacker will find a way to get in. Select the most appropriate reason for this statement.

None of the answers are correct.
Prevention eventually fails.(answer)
The segmented network architecture is too complex to manage effectively.

9.Flat network designs have the following security concerns:

High cost associated with implementation.
Free flow of network traffic behind the firewall.
Single point of failure associated with the single firewall.
B & C(answer)

10.The PCAP data format is applicable to which Network Security Monitor data type?

Alert data.
Full Packet Capture (FPC) data.(answer)
Packet String (PSTR) data.

11.From the list below select ALL that apply to the definition of Threat-Centric Defense.

Question options:

Focuses on detection.(answer)
Knows that threats use different tools, tactics, and procedures.(answer)
Analyzes every attack in a vacuum.(answer)
Relies on prevention.
Assumes universal view of all threats.
Recognizes that prevention eventually fails.(answer)
Focuses on collection.
Combines intelligence from every attack.(answer)

12.What is the primary reason Attackers use outbound C2 connections?

Outbound connections are more likely to be allowed through the firewall than inbound connections.

Malware cannot respond to inbound connections because control of compromised systems has to be initiated by the compromised system.(answer)

Attackers cannot reach compromised systems with inbound connections.

13.The current state of security has led us to a point where traditional detection is no longer effective. Select the main reason for the failure from the list below.

A vulnerability-centric defense.(answer)

Detection is mostly signature-based.

Structured threats use formal Tactics, Techniques, and Procedures (TTP).

14.According to the Sliding Scale of Cyber Security, which of the following is the recommended model for offense?

The Diamond Model.

None. (answer)

Actually implementing security is the best defense.


15.Which of the following should be the primary guide to network security design?

Annual revenue projections.

The level of Business Risk an organization is willing to tolerate.(answer)

Network speed requirements.

16.In most scenarios, which type of NSM sensor is preferable because it allows for data analysis independent of the sensor?

Half-Cycle.
None of the answers are correct.
Full-Cycle.(answer)


Related Solutions

Select all the answers that apply to modular design: 1. A module may not refer to...
Select all the answers that apply to modular design: 1. A module may not refer to other modules. 2. Modular design is an important part of procedural programming. 3. Modular design identifies the components of a program that can be developed independently. 4. Each module consists of a set of logical constructs that are related to one another. ///////////////////// Place the following parts of a function header into their correct order:       -       1.       2....
In Option #1 you have been hired as an IT expert by a small firm to...
In Option #1 you have been hired as an IT expert by a small firm to set up an office for 20 staff members, half of whom will work with desktop computers, and the remaining with laptop computers using wireless networks. The office will use one networked laser printer, accessible from both the desktop and laptop computers. The desktop computers will use a wired network, while the laptop computers will employ a wireless network to print and access the Internet....
Discussion Based on the 2018 State of the Union Address, select an option below as a...
Discussion Based on the 2018 State of the Union Address, select an option below as a discussion prompt: 1) Select 2 points from the address that you agree with and discuss how they are vital to the success of America. or 2) Select 2 points from the address that you disagree with and create alternative strategies that will benefit the American people. Trump, D. (2018). President Donald J. Trump’s State of the Union Address. Retrieved from https://www.whitehouse.gov/briefings-statements/president-donald-j-trumps-state-union-address/
1. The presence of protein in the urine indicates which of the following? Select one: A....
1. The presence of protein in the urine indicates which of the following? Select one: A. damage to the renal tubules B. damage to the filtration membrane C. too much protein in the diet D. high levels of transcription and translation by the bodies tissues Question 2 Adipose tissue is one of the most hydrated of all tissues in the human body. Select one: True False Question 3 The path urine takes after it is formed until it leaves the...
Select the letter for which the statement indicates either (1) a purpose of, (2) a reason...
Select the letter for which the statement indicates either (1) a purpose of, (2) a reason for, or (3) a risk of this: Speculation on a price increase in the underlying security. options: call buying put buying uncovered call writer covered call writer Select the letter for which the statement indicates either (1) a purpose of, (2) a reason for, or (3) a risk of this: Risks loss of the entire premium if the price of the underlying security falls....
You have been presented with the option of investing in either Bond #1 or Bond #3...
You have been presented with the option of investing in either Bond #1 or Bond #3 issued by the same UK corporation. Bond #1 and Bond #3 are equal in every respect (i.e. both are 3-year 6.5% coupon bonds), except that Bond #3 has a put option embedded in it. The following are the bonds’ Z-spreads over the UK term structure. Bond #1: Z-spread = 4.65% Bond #3: Z-spread = 4.05% Your broker informs you that Bond #3 is a...
Which of the following is true, select the most appropriate answer below. An American call option...
Which of the following is true, select the most appropriate answer below. An American call option on a stock should never be exercised early An American call option on a stock should never be exercised early when no dividends are expected There is always some chance that an American call option on a stock will be exercised early There is always some chance that an American call option on a stock will be exercised early when no dividends are expected
QUESTION OPTION 1 (20 MARKS) Choose an organisation and comment on how they have been engaging...
QUESTION OPTION 1 Choose an organisation and comment on how they have been engaging with issues of sustainability in recent years. How have they done well, and how have they done badly? QUESTION OPTION 2 Assume you are an advisor to the government of a developing country. You are asked to prepare a report which includes arguments for and against adopting IFRS. What key points would be included in your report? Please answer in your own words. QUESTION OPTION 3...
For each primary antibody below, select what secondary antibody would have been used for fluorescent imaging...
For each primary antibody below, select what secondary antibody would have been used for fluorescent imaging in a green wavelength: a) Mouse anti-GFAP: goat anti-mouse Alexa488 or goat anti-rabbit Alexa488 b) Rabbit anti-NF200: goat anti-mouse Alexa488 or goat anti-rabbit Alexa488 c) Rabbit anti-PSD95: goat anti-mouse Alexa488 or goat anti-rabbit Alexa488
Which characteristics below are distinct for insurance? May be more than one option a. Pooling of...
Which characteristics below are distinct for insurance? May be more than one option a. Pooling of losses – is the heart of insurance. Pooling means that losses are spread over a large group of individuals so that each individual realizes the average loss of the pool b. Payment only for random losses – is one that is unforeseen and unexpected and occurs as a result of chance c. Risk transition – a transition of a risk from an insured to...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT