Question

Any Answer is appreciated. Thanks so much!

QUESTION 15

1. "If an attacker wanted to cause serious damage in the real world, which of the following systems would be the most likely target?"

		SCUBA systems
		SCAPA systems
		SCODA systems
		SCADA systems

QUESTION 19

1. Which of the following is often described as the weak link in cybersecurity defenses?

		Firewalls
		Intrusion Detection
		People
		Money

3 points   

QUESTION 20

1. "Attackers will inspect, observe, and survey a target in order to build a(n) __________ that will be useful in determining a plan of attack"

		Logbook
		Footprint
		Thumbprint
		Imprint

3 points   

QUESTION 21

1. How do security assessments help to improve overall security?

		They allow an organization to evaluate the quality of its security protections in order to address any weaknesses before they can be exploited by an attacker
		They allow an organization to evaluate the quality of its security protections in order to save money where possible
		"They force an organization to make security a larger focus, essentially guaranteeing they meet requlatory requirements"
		They're not - Security assessments are what hackers use to determine the best way to attack an organization's systems

QUESTION 27

1. Choose the three main areas of exposure that make up an overall Attack Surface

		Network
		Attacker
		People
		Firewalls
		Software

QUESTION 31

1. Which cryptographic operation can you use to determine if the contents of a file have been tampered with?

		Baking
		Figuring
		Shambling
		Hashing

2 points   

QUESTION 33

1. "Why are APTs typically identified as governments, or large, well-funded organizations?"

		They are the only groups that have the legal authority from the UN to launch advanced persistent attacks
		They are typically the only groups with the financial and technical resources to be able to sustain attacks on a long term basis
		They are typically the only groups that are forced to be persistent in their pursuit of security
		They are required by the UN to develop an adanced and persistent defense system to thwart terrorist organizations

Answer 1

Ans15) Scada system can allow attacker to cause damage in real world because Scada system are basically used for analyzing the real time data and also helps us to gather real time data so if they are exploited they can be used to cause damage in real world.They are used in many industries like telecommunication, transportation, oil refinery etc.

Ans 19)the main weak link is PEOPLE because many people working in different organization or individuals try to steal password of their seniors either by looking their password behind the wall or using some camera. Also many people sell their company weakness in terms of cyber security to attackers. Also many people attack on their company in which they are working to get some useful data .

Ans20) Footprint is used to create detailed information about the target or the victim so as to choose better strategies in exploiting. Attacker footprint the target software or victim to get detailed information about technology, software , encryption used etc.

Ans21) Security assessment allow organization to evaluate the quality of its security protections in order to address any weaknesses before they can be exploited by an attacker. Security assessment helps in finding vulnerability in the system so it can be patched and lot of sensitive data doesn't get compromised by attacker.

Ans27)The three main target that can cause the overall attack surface are People, Network and Attacker. Attacker is necessary to launch an attack via network bypassing all firewall to the target people so their software can be exploited.

Ans31) Hashing allows us to check whether data has been tempered or not. hash values are defined by companies or the owner so if there is change in hash value after downloading then one can say by comparison with the original hash values that the data has been tampered.

Ans33)Apt's are  typically the only groups with the financial and technical resources to be able to sustain attacks on a long term basis. These threat vectors are generally related to politics or are economic. They are done in order to get sensitive information about other government so as to lower them or to gain huge amount of money so they are generally done by government or large funded organization.