cspf

What physical characteristics can affect the usability of security mechanisms?. Ambient temperature. Pollution. Noise. All of the above.

One of the main benefits of analyzing the malware structure that may include the libraries and toolkits and coding techniques, we may find some important data that is possibly helpful to attribution. Which means being able to identify the likely author and operator. To understand what damage can be done due to the malware program. To be able to know the amount of data that has been lost or corrupted. Both B and C are correct, and A is incorrect.

____________ reflects on the potential harmful effect of design choices before technological innovations are put into large-scale deployment. Saltzer and Schroeder Principles. The Precautionary Principle. Latent Design Conditions. NIST Principles.

The process of developing and evaluating options to address exposure is called?. Threat Management. Failure Management. Incident Management. Risk Management.

In Security Architecture and Lifecycle "to group users and data into broad categories using role- access requirements, together with formal data classification and user clearance" is part of which step?. First Step. Second Step. Last Step. Third Step.

Syslog provides a generic logging infrastructure that constitutes an extremely efficient data source for many uses. This new specification introduces several improvements over the original implementation. A Syslog entry is a timestamped text message coming from an identified source. Timestamp, Hostname, Process, Priority, and PID. DNS and Routing info, Data security gateway ID. Authentication ID, Encryption and decryption info, and data privacy flag. Routers CPU ID, Transport Layer Security protocol info, and Syslog current version.

According to The US Government NIST guidelines, "Conduct" is the phase where. Threats, vulnerabilities, likelihood and impact are identified. Inform about the actions. Continually update the risk assessment. Identifying the purpose.

With regards to large numbers of unique passwords, what is a way to support people in managing them?. Limit number of characters to 9. Expire only passwords with more than 6 characters. Provide flash drives to save a list of passwords. Use of password managers.

Systems benefit from a uniform approach to security infrastructure. Which is NOT a part of this approach?. User Access. Reconnaissance. Roles. Intrusion detection.

What is a common technique for permitting data processing without risk to individuals?. Data integrity. Duplicity. Generalization. Anonymization.

This method begins by asking "What is the overall goal of the system or enterprise". Systems-Theoretic Accident Model and Process (STAMP). The Open Group Architectural Framework (TOGAF). SABSA. Dependency Modelling.

Which of the following options is not an element of Information Security?. Reliability. Integrity. Confidentiality. Availability.

____________ allows scholars, engineers, auditors, and regulators to examine how security controls operate to ensure their correctness, or identify flaws, without undermining their security. Least common mechanism. Open design. Least privilege. Least access.

GDPR brought about a significant change in the ______________ jurisdiction of European data protection law. Territorial prescriptive. Territorial assertive. Territorial data protection. None of the above.

The pcap library needs the accessibility of a network interface that can be employed in alleged promiscuous mode, which means that interface will recover all packets from the network, even those packets that are not requested to it. Also, it is not required to bind an IP address to the network interface to capture traffic. Binding of IP address to the network interface is essential to do what?. General maintenance and traffic monitoring. Capture traffic. Security and incident management. Traffic configuration.

The privacy knowledge area is structured in different sections, which is consider part of this paradigm?. As informational control. As confidentiality. As transparency. All of the above.

Criteria by which usability is assessed?. Incompetence. Incapacity. Indecision. None of the above.

Memory-resident malware such that if the computer is rebooted or the infected running program terminates, it no longer exists anywhere on the system and can evade detection by many anti-virus systems that rely on file scanning. What is the advantage of memory-resident malware?. It can easily clean up its attack operations right after its execution ANS. A memory-resident malware has no advantage in the context of hiding its attack operations. Cleaning up its attacks is possible, but it may require additional malware utilities. It is difficult to clean up its attack operations if the compromised system is guarded by real- time anti-virus programs.

What theme is of high relevance regarding the cost versus benefits trade-offs of security to user systems and cybercriminals. Verification Methods. Security Architecture. Security Economics. None of the above.

The golden arches of McDonald's are protected under what intellectual property law?. Trade secret. Copyright. Logo protection. Trademark.

Software programs are protected from illegal distribution under what law?. SPA. Trade Secret. Copyright. Trademark.

Which is NOT an aspect of Risk Communication with relation to compliance and accountability?. Involvement. Education. Password Policies. Training and inducement of behavior change.

Renn defines three basic abstract elements which are at the core of most risk assessment methods. Which element is NOT part of Renn's definition?. Possibility of occurrence (uncertainty). Combination of outcomes and possibility of occurrence. Relationship between risk and security. Outcomes that have an impact on what human's value.

Confidentiality based on the ____________ of data, is meant to provide a way to control the extent to which an adversary can make inferences about users' sensitive information. Encryption. Coding. Cryptography. Obfuscation.

Which is a type of onion router used to forward data making use of an anonymous communication network?. Exit. Entry. Middle. All of the above.

There are many benefits to analyzing malware. First, we can understand the intended malicious activities to be carried out by the malware. What is the benefit of understanding intended malicious activities?. This will not allow us to update our network and endpoint sensors to detect and block such activities. This will help to identify which machines have malware and take corrective actions. This will let us remove the malware or even completely wiping the computer clean and reinstalling everything. Both B and C are correct.

The 1st dimension of our taxonomy is whether malware is a standalone (or, independent) program or just a sequence of instructions to be embedded in another program. Complete software and its working depend on the type of compromised Operating system. It is an incomplete software and is used just for illustration of the Malware program life cycle. An incomplete program and it needs the help of already installed programs to plan for attack. A Standalone Malware program is a complete software that can run on its own when installed on a target system and executed.

Flaws caused by humans frequently arise in design and code which lead to security vulnerabilities. Which discipline has made a big effort in minimizing these faults?. Information Technology discipline. CISO. Security Architecture. Software Engineering.

What is a traditional method for obtaining custody of a cybercriminal who is not present within the state?. Extradition. Indictment. Impeachment. Recrimination.

The injection of fake data points into data made available in order to hide real samples is called. Dummy addition. Data injection. Suppression. None of the above.

The detection issue is a classification job. The assessment of an IDS, therefore, equates the outcome of the detector with the base reality identified to the evaluator, but not to the detector. What are the possible outcomes of the detection process?. True Negatives are normal actions that occur in the trace and should not be stated in alerts by the detector. True Positives are attack actions that should be stated in alerts by the detector. False positives are also known as false alerts & False negatives also known as miss or type II errors. All of the above.

Layer 3 information, such as IP addresses, the amount and timing of the data transferred, or the duration of the connection, is accessible to observers even if communications are encrypted or obfuscated. What type of metadata is this in reference to?. Traffic metadata. Network metadata. Wireshark metadata. Host based metadata.

There are two principal approaches to formal modelling. Mathematical, Statistical. Computational, Symbolic. Logical, Mathematical. Symbolic, Logical.

Most modern malware uses some form of obfuscation to avoid detection as there is a range of obfuscation techniques and there are tools freely available on the Internet for a malware author to use. polymorphism can be used to defeat detection methods that are based on 'signatures' or patterns of malware code which mean?. The identifiable malware features are changed to be unique to each instance of the malware. Malware instances look different from each other, but they all maintain the same malware functionality. Some common polymorphic malware techniques include packing. All A, B & C are correct.

With reference to law, which school of thought has universally prevailed with state authorities. Second school. Third school. First school. Harvard University.

There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence?. Best evidence. Corroborative evidence. Conclusive evidence. Direct evidence.

Encrypted traffic, and particularly TLS, is common and TLS guarantees both the validation of the server to the client and the privacy of the exchange over the network. But it is difficult to evaluate the payload of packets. The solution is to put a supplementary dedicated box near to the application server, usually named the Hardware Security Module (HSM). What is the purpose of HSM?. The HSM is designed to establish the TLS session beforehand the application server delivers any information. HSM transfers the burden of establishing the TLS session external to the application server. TLS secured traffic is encrypted and decrypted at the HSM, and streams in clear to the server, and triggers IDPSes and WAFs to evaluate the traffic. All the options A, B & C include the working functionality of HSM.

The analogy between quality management and security is not perfect because the. Threat environment is not static. Hardware is not powerful enough. System security is leaked. Human errors.

The early-day malware activities were largely nuisance attacks (such as defacing or putting graffiti on an organization's web page) but Present-day malware attacks are becoming full-blown cyberwars. An underground eco-system has also emerged to support what?. The full malware lifecycle that includes development, deployment, operations, and monetization. The middle half of the malware lifecycle that includes only deployment & operations. The 2nd half of the malware lifecycle that includes only operations and monetization. The 1st half of the malware lifecycle that includes only development & deployment.

Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities. This supposedly supports the detection of what?. environmental vulnerability. 0-day attacks. economic vulnerability and social vulnerability. physical and real-time vulnerability.

"The effectiveness, efficiency and satisfaction with which specified users achieve specified goals in particular environment". This is the definition of "usability" by. ANSI. OWASP. ISO. NIST.

Consist of principles which refer to security architecture, precise controls and engineering process management?. Security Architecture and Design. Security Capability and Intrinsic Behaviors. Life Cycle Security. All of the above.

is the number of characters that most humans can commit to STM without overload. 12. 3. 7. 6.

In a scenario where the data belongs to the sender and the recipient acts as the data process is an example of?. In house processing. Outsourcing. Data processing. None of the above.

Component-driven methods are good for. Bringing together multiple stakeholders views of what a system should and should not do. Exploiting security breaches which emerge out of the complex interactions of many parts og your system. Establishing system security requirements before you have decided on the system is exact physical design. Analysing the risks faced by individuals technical components.

"International and national statutory and regulatory requirements, compliance obligations and security ethics including data protections and developing doctrines on cyber warfare". Which of the following option describes the above - mentioned statement?. Human Factors. Privacy & Online Rights. Risk Management & Governance. Law & Regulations.

In SIEM data collection, the transport protocol defines how the alert bilstring is migrated from one place to another. What are the examples of transport protocols ?. Syslog, IDXP, HTTP or AMQP. CLNP Connections Networking Protocol & HSRP Hot Standby Router Protocol. VRRP Virtua; Router Redundancy Protocol &S7 signing protocol. Ethernet and TCP/IP.

__________ is a principle where conditions appear from previous decisions about said systems. Precautionary Conditions. Latent Design Conditions. ONIST conditions. None of the above.

Which is an incident management functions specific to cybersecurity?. Backup and Restore. Security Monitoring. Recovery files. None of the above.

Which of the following is NOT a core Concept of risk Assessment?. Impact. Risk Analysis. Likelihood. Vunerability.

The Domain Name System translates domain names, significantly bits of text to IP addresses needed for network communications. The DNS protocol is also a regular DDOs enhancer as it is likely for an attacker to impersonate the IP address of a target in a DNS request, this triggering the DNS server to send unwanted traffic to the target. What other protocols are prone to amplification. S7 Signifing protocol. NTP Network Time Protocol. TCP/IP. ARP.

Which is not a Good Security Metric?. Consistently measured without subjective criteria. Cheap to gather preferably in an automated way. Express results with quantitative label units of measure. Contextually specific and relevant enough to decision makers that they can take a decision.

Which one is NOT part of the risk governance model?. Emblematic. Transparent. Decisionistic. Technocratic.

Which is NOT an aspect of RISK Communication with relation to compliance and accountability. Password Policies. Training and inducement behaviour Change. Education. Involvement.

Which is a valuable framework for the system engineers and who probe deficiencies and vunerabilities within such systems?. Procedures. Policies. IT Service Management. Code of conduct.

Which principle states that controls need to define and enable operations that can positively be identified as being in accordance with a security policy and reject all others?. Penestration testing. Complete Mediation. Open Design. Fail Safe Defaults.

Experts Proposed a framework to systematize the attribution efforts of cyberattacks which of the following is NOT a Layer of the framework. Operational. Analytical. Strategic. Tactical.

What is the good example of a security measure made ineffective due to its 0.1% utilization and that has been around for over 20 years?. Log Management. Email Encryption. Software Encrytion. Data backup.

Whic of the following is not a NIST security architecture strategy?. The Referance Monitor Concept. Defence in Depth. Isolation. Behaviour.

The third Dimension generally applies to only persistent malware based on the layers that include firmware, boot- sector,operating System kernel, drivers and Application programming Interfaces (API's) and user Applications. All the above mentioned layers are presented in which order?. All are in the order in which they are implemented. They are in random Order. in the context of persistent malware the order of system stack layers does nit matter. All layer of the system slack are mentioned in the ascending order.

As Netflow was designed by the network equipment providers it is exceptionaaly well implemented in networks and extensively used for network angement jobs. It is Standardized and even nonetheless the commercial names vary alike information is gathered by the manufacturers that are supportive of theis technology. Controlling Packets to calculate Netflow Counters Requires access to what?. GPU Designed for visual Al. Routers CPU. Transit Gateway CPU.

Situations where risks are less clear cut there may be a need to include a broader set of evidence and consider a comparitive approach such as cost benefit analysis or cost effectiveness. This is all true with regards to. Ambiguous risks. Uncertain risks. Complex Risks. Routine Risks.

is the result of a threat exploitying a vunerability, which has a negative effect on the success on the objectives for which we are assessing the risk. Impact. Likelihood. Attack. Threat.

Which of the following is not done by Cyber Criminals?. Mask Attack using Trojans as Botnets. Unauthorized accound Access. Email Spoofing and spamming. Report vunerability in any system.

In legal research, this term can refer to any systemaized collection of primary legislation, secondary legislation, model laws or merely a set of rules publised by public or private organizations. Codes. Ethics. Compliance. Contracts.

TLS guarantees both the validation to the server to the client and the privacy of the exchange over the network. But it is difficult to evaluate the payload of pockets. The solution is to put a supplementart dedicated box neae to the application server, usually named as Hardware Security Module (HSM). What is the purpose of HSM?. The HSM is designed to establish the TLS session beforehand the application server delivers any information. HSM tranfers the burden of establishing the TLS session external the application server. TLS secured traffic is encrypted and decrypted at the HSM and strams in clear to the server and triggers IDPSes and WAFs to evaluate the traffic. All the Options A, B, & C include the working functionality of HSm.

Malware essentially Codifies the malicious activities intended by an attacker and can be analyzed using the Cyber Kill Chain Model which represents (iterations of) steps typically involved in a cybersttack. What is the first step in the Cyber Kill Chain Model that Cyber Attackers Follow ?. Establishing a command-and-control channel for attackers to remotely commander the victims system. Reconnaissance is the 1st step where an attacker identifies or attracts the potential targets by scanning. Exploiting a vunerability and executing malicious code on the victims system. The 1st Step is to gain access to the targets by sending crafted input to trigger a vunerability.

Which concept addresses information flows with different privacy needsdepending on the entities exchanging the information or the environment in which it is exchanged. PII. PHI. Integrity of the information. Contextual integrity.

A framework that acknowledges that current systems are interconnected, and provides basis on how to secure them. NIST. FAIR. OISO. ITIL.

An adversary cannot determine which candidate a user voted for, this is true for. Ballot Secrecy. Ballot anonymity. Vote confidence. Vote secrecy.

The term 'jurisdiction' is used to refer to a state, or any political sub-division of a state, that has the authority to do?. Place probable cause. Address conflict of law. Enforce laws or regulations. All of the above.

Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities. This supposedly supports the detection of what?. economic vulnerability and social vulnerability. environmental vulnerability. physical and real-time vulnerability. 0-day attacks.

________ is oriented towards operational risk and security practices rather than technolog. STRIDE. Attack Trees. FAIR. Octave Allegro.

Cybercrime can be categorized into __ types. 3. 2. 6. 4.

What is the best detection approach when dealing with DDoS. Include monitoring host activities involved in encryption. Use the layer 7 capability firewall for detection. Analyze the statistical properties of traffic. Look for synchronized activities both in C&C like traffic and malicious traffic.

Before performing any penetration test, through legal procedure, which key points listed below is not mandatory?. Type of broadband company used by the firm. System and network. Characteristics of work done in the firm. Know the nature of the organization.

Capturing the MAC layer is doable but needs an explicit configuration. Capturing the MAC layer is mandatory to identify attacks like ARP poisoning. For the definite categories of industrial control networks that execute right on top of the Ethernet layer, capturing traffic involves adding a node and could change the real-time conventions. Understanding the information available in the MAC layer requires what?. The configuration of the network segment to which the collection network interface is attached. Understanding of network architecture. Design configuration of the whole network interface. Network configuration in promiscuous mode.

As with any process of risk management, a key calculation relates to expected impact, being calculated from some estimate of likelihood of events that may lead to impact, and an estimate of the impact arising from those events. Which is NOT an element of likelihood?. Command and control. Presence of vulnerability. Nature of the threat. All of the above.

Systems benefit from a uniform approach to security infrastructure. Which is NOT a part of this approach?. Intrusion Detection. Reconnaisance. Roles. user Access.

Which of the following is not a type of peer-to-peer cyber-crime?. Injecting trojans to a target victim. MITM. Phising. Credit Card details mask in deep web.

The collection, analysis & reporting of digital analysis in support of incidents or criminal events. Cryptography. Adversarial Behaviours. Law 7 Regulations. Forensics.

Which of the following is not a type of cybercrime?. Forgery. Data Theft. Installing antivirus for protection. Damage to data and systems.

Experts proposed a framework to systematize the attribution efforts of cyberattacks, which of the following is NOT a layer of this framework. Operational. Strategic. Tactical. Analytical.

The very noticeable zone where autonomous network-oriented mitigation is essential is Denial of Service (DoS), and principally large-scale Dis. DDoS attacks have increased _______________. In terms of volume and number of sources. In the context of vulnerability. With respect to loss of data. None of the above.

A ______________ is a machine which is offered as bait to attackers. Hub. Honeypot. Honeywall. Honeywell.

Since the late 1990s, machine learning (ML) has been applied to automate the process of building models for detecting malware and attacks. The benefit of machine learning is its ability to generalize over a population of samples. Which of the following is an example of machine learning?. After providing an ML algorithm samples of different malware families for 'training', the resultant model can classify new, unseen malware as belonging to one of those families. Instructions, control flow graphs, and call graphs. system call sequences and other statistics (e.g., frequency and existence of system calls), system call parameters, data flow graphs & network payload features. Both B and C are examples of machine learning.

While browsing the internet David saw the advertisement of a used car in great condition, low miles, and below market price, he contact the car owner and made a small payment upfront before the final delivery. After some time, he didn't hear back from the car owner. This is an example of?. Advance Fee Fraud. Social Media Fraud. E-Commerce Fraud. Automobile Fraud.

Criminals exploit vulnerabilities in organizations websites they disagree with and use them to change the home page of the website to a politically charged one to spread their message. This hacktivism type is called. Denial of services. Low Orbit lon Cannon (LOIC) Program. Netstrickes. Web Defacements.

The source code of the malware is often not available and, therefore, the first step of static analysis is to disassemble malware binary into assembly code and the most commonly used code obfuscation technique is packing. Packing is part of the malware program?. Compressing and encrypting part of the malware. Operating system kernel, drivers, and Application Programming Interfaces (APIs). Uncompressed and decrypted part of the malware program. Static and run-time libraries in n the infected machine.

There are several types of takedowns to disrupt malware operations. If the malware uses domain names to look up and to communicate with centralized C&C servers. What is the line of action in the above scenario?. As the botmaster has little control of the IP address diversity and down-time for compromised machines in a fast-flux network, we can use these features to detect fast-flux. we perform takedown of C&C domains by 'sinkhole' the domains, i.e., making the C&C domains resolve to the defender's servers so that botnet traffic is 'trapped' (that is, redirected) to these servers. Among the algorithm-generated domains, the botmaster can pick a few to register (e.g., daily) and make them resolve to the C&C servers. we can partition the P2P botnet into isolated sub-networks, create a sinkhole node, or poison the communication channel by issuing commands to stop the malicious activities.

If malware is not detected during its distribution state, i.e., a detection system misses its presence in the payloads of network traffic or the filesystem and memory of the end-host, it can still be detected?. During Packing. By Applying Dynamic Dataflow. When It Dissembled. When It Executes.

In IDS, ________________ are attack events that should be reported in alerts by the detector. True Positives (TP). True Negatives (TN). False positives (FP). False negatives (FN).

At the core network, MPLS provides an interesting option to mitigate DDoS attacks. They pass all legitimate traffic through firewall. They deploy IDS system between links. They reserve bandwidth and bandwidth usage control for legitimate traffic. They stop all traffic for some time.

From a commercial point of view, attack graphs and vulnerability management techniques facilitate risk management and compliance with governance. As the potential for cyber-attacks surge, and possibly becomes a risk to human life or corporate stability, regulators enforce protection and detection methods to confirm what?. Network threats are occasionally monitored. The technical staff is well educated in detecting malware. Cyber-risk is effectively controlled in organizations. Top management is properly trained regarding cybersecurity.

Code-based architecture emulation is Easy to use, Fine-grained introspection, Powerful control over the system state. As compared to Type1 & Type 2 Hypervisor, what is the main drawback of the machine emulator?. Low transparency, Unreliability support of architecture semantics. Low transparency, Artifacts from paravirtualization. Less control over the system state. Lack of fine-grained introspection, Scalability and cost issues, Slower to restore to clean state.

These are people who are recruited by criminals to perform money laundering operations. Money Mules. Contractual Partners. Outsource Criminal. White-Hat Hacker.

Malware analysis is an important step in understanding malicious behaviors and properly updating our attack prevention and detection systems. Which of the following employs a wide range of evasion techniques?. Detecting the analysis environment. Obfuscating malicious code. Trigger-conditions to execute. Options A, B & C.

A method for discovering vulnerabilities, bugs and crashes in software by feeding randomized inputs to programs is called. Concolic Execution. Fuzzing. Dynamic analysis. Static Analysis.

Which of the following provides a way to reference specific vulnerabilities attached to specific versions of products?. SER-. NIST. CVE. CTI.

What is the main problem with Domain Name System (DNS). Confidentiality. Authorization. Integrity. Authentication.

The Security Procedures and Incident Supervision field contain many subjects. From a technical perspective, SOIM requires the capability to witness the activity of an Information System or network, by gathering traces that are illustrative of this activity. Real-time traces analysis is required to detect what?. Malicious events. Internet worms, Browser Hijacker and Web Scripting Virus. Instant Messaging Worms, Overwrite Virus and File Infector. Computer worms and Multipartite Virus.

____________________ targets a specific organization rather than aiming to launch large-scale attacks. Spam and Phish Emails. PowerShell to Inject Malware. Advanced Persistent Threats (APTs). Distributed Denial-of-Service (DDoS) Attack-.

Static analysis involves examining the code (source, intermediate, or binary) to assess the behaviors of a program without actually executing it and a wide range of malware analysis techniques fall into the category of static analysis. What is/are the main limitations of this technique?. The analysis output may not be consistent with the actual malware behaviors (at runtime). It is not possible to precisely determine a program's behaviors statically (i.e. without the actual run-time input data). The packed code cannot be statically analyzed as it is encrypted and compressed data until unpacked into executable code at run-time. All the above reasons are the main limitations of static analysis-.

A technique used by cybercriminals where they use multiple servers associated with the Command-and-Control infrastructure and rotate them quickly to make their infrastructure more resilient, is called?. Rotate Flux. Fast Flux. Shut Down Flux-. Domain Flux.

What are Potentially Unwanted Programs (PUPs)?. A kind of malicious .exe file that is downloaded within a movie. A third-party software that is harmful for Operating Systems-. A plugin installed in a Web Browser. A piece of code that is part of a useful program downloaded by a user.

Why are chances in passive security indicators often missed by human, particularly if they are on the edges of the screen?. Humans do not have the physical and mental capacity to review such indicators. Humans are detecting anomalies. Human are busy with alert signals. Human can only focus on one task at any one time.

Criteria by which usability is assessed?. Incompetence. Incapacity. indecision. None of the above.