- Ethical Hacking Statement
- The Modern Security Operations Center
- The Windows Operating System
- Linux Basics
- Network Protocols
- Ethernet and IP Protocol
- Connectivity Verification
- Address Resolution Protocol
- The Transport Layer
- Network Services
- Network Communication Devices
- Network Security Infrastructure
- Attackers and Their Tools
- Common Threats and Attacks
- Network Monitoring and Tools
- Attacking the Foundation
- Attacking What We Do
- Understanding Defense
- Access Control
- Threat Intelligence
- Public Key Cryptography
- EndPoint Protection
- Endpoint Vulnerability
- Technologies and Protocols
- Network Security Data
- Evaluating Alerts
- Working with Network Security Data
- Digital Forensics and Incidents Analysis and response
1. In profiling a server, what defines what an application is allowed to do or run on a server?
- A. Software environment
- B. Service accounts
- C. Listening ports
- D. User accounts
The service accounts element of a server profile defines the type of service that an application is allowed to run on a given host.
2. Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability?
- A. Exploit Code Maturity
- B. Exploitability
- C. Modified Base
- D. Impact
The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics: 1. Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit 2 Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability
3. Which statement describes the threat-vulnerability (T-V) pairing?
- A. It is the detection of malware against a central vulnerability research center.
- B. It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
- C. It is the comparison between known malware and system risks.
- D. It is the advisory notice from a vulnerability research center.
A mandatory activity in risk assessment is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities, also called threat-vulnerability (T-V) pairing.
4. When establishing a server profile for an organization, which element describes the type of service that an application is allowed to run on the server?
- A. User account
- B. Software environment
- C. Listening port
- D. Service account
A server profile should contain some important elements including these: o Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server o User accounts – the parameters defining user access and behavior o Service accounts – the definitions of the type of service that an application is allowed to run on a server o Software environment – the tasks, processes, and applications that are permitted to run on the server
5. What are the steps in the vulnerability management life cycle?
- A. Detect, analyze, recover, respond
- B. Plan, do, act, check
- C. Discover, prioritize assets, assess, report, remediate, verify
- D. Identify, protect, detect, respond, recover
There are six steps in the vulnerability management life cycle: 1. Discover 2. Prioritize assets 3. Assess 4. Report 5. Remediate 6. Verify
6. Which security management function is concerned with the inventory and control of hardware and software configurations of systems?
- A. Asset management
- B. Vulnerability management
- C. Risk management
- D. Configuration management
Security risks can be reduced through secure device configuration. Configuration management addresses the inventory and control of hardware and software configurations of systems.
7. In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?
- A. Risk avoidance
- B. Risk reduction
- C. Risk sharing
- D. Risk retention
There are four potential strategies for responding to risks that have been identified: 1. Risk avoidance – Stop performing the activities that create risk. 2. Risk reduction – Decrease the risk by taking measures to reduce vulnerability. 3. Risk sharing – Shift some of the risk to other parties. 4. Risk retention – Accept the risk and its consequences.
8. Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
- A. Remediate
- B. Discover
- C. Prioritize assets
- D. Assess
The steps in the Vulnerability Management Life Cycle include these: 1. Discover – inventory all assets across the network and identify host details, including operating systems and open services to identify vulnerabilities 2. Prioritize assets – categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to business operations 3. Assess – determine a baseline risk profile to eliminate risks based on asset criticality, vulnerability threats, and asset classification 4. Report – measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities 5. Remediate – prioritize according to business risk and fix vulnerabilities in order of risk 6. Verify – verify that threats have been eliminated through follow-up audits
9. What are the core functions of the NIST Cybersecurity Framework?
- A. Plan, do, act, check
- B. Identify, protect, detect, respond, recover
- C. Identification, assessment, response planning, implementation, assess results
- D. Discover, prioritize assets, assess, report, remediate, verify
The five core functions of the NIST Cybersecurity Framework are as follows: 1. Identify 2. Protect 3. Detect 4. Respond 5. recover
10. Which security management function is concerned with the implementation of systems that track the location and configuration of networked devices and software across an enterprise?
- A. Risk management
- B. Vulnerability management
- C. Asset management
- D. Configuration management
Part of any organizational security management plan is asset management, which involves the implementation of systems that are able to track the location and configuration of devices and software.
11. When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
- A. Ports used
- B. Session duration
- C. Critical asset address space
- D. Total throughput
Important elements of a network profile include: 1. Total throughput – the amount of data passing from a given source to a given destination in a given period of time 2. Session duration – the time between the establishment of a data flow and its termination 3. Ports used – a list of TCP or UDP processes that are available to accept data 4. Critical asset address space – the IP addresses or the logical location of essential systems or data
12. Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?
- A. Impact
- B. Exploitability
- C. Exploit Code Maturity
- D. Modified Base
The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics: 1. Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit 2. Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability