CIT

Question 1

ClamAV

Answer 1

Free open-source cross-platform antivirus software
Mainly CLI tool

Question 2

False Positive (F/P) Causes

Answer 2

Heuristics: AVs evolve and so do viruses
Behavioral Analysis: Legit apps behaving like malicious apps
Machine Learning: Mistakes in training data fed to software

Question 3

Zero Day

Answer 3

Undiscovered or newly discovered flaw in a program before the vendor can patch it

Question 4

What are three ways that anti-virus programs discover viruses

Answer 4

String/Byte Signatures
Hash Signatures
Heuristic Detection

Question 5

Antivirus Bypass Techniques

Answer 5

Packing and Encryption
Fileless Attacks
Code Mutation
Disable AV updates
Stealth Techniques

Question 6

Internal Firewall

Answer 6

Blocks incoming/outgoing connections to/from the workstation

Question 7

HIDS/HIPS

Answer 7

Host Based Intrusion Detection System
Host Based Intrusion Prevention System
Detects, protects, and alerts upon malicious activity

Question 8

Sandbox

Answer 8

Restricted environment used to run suspicious programs and files

Question 9

EDR

Answer 9

Endpoint Threat Detection and Response
Focuses on detecting and responding to malicious activity on the host

Question 10

YARA Signature Types

Answer 10

Body-Based Signature: looks for specific sequences
Hash-Based Signature: Looks for identical hashes

Question 11

YARA Rules

Answer 11

Way of describing a pattern to identify files
Rules written to meet specific conditions
YARA Rule Signature: Max 64 strings

Question 12

Honeypot

Answer 12

Decoy devices meant to lure attackers

Question 13

Honeypot Aims

Answer 13

Analysis: analyze attacker’s movements and gain insight
Collection: Collect forensic data needed to improve security

Question 14

Honeytokens

Answer 14

Fake IT resources designed to draw the attacker’s attention.
Typically found in public areas

Question 15

Canary Traps

Answer 15

Used to identify internal data leakers. Changes documents slightly and that is traced.

Question 16

MHN

Answer 16

Modern Honey Network
Open-source platform for honeypot management
Collects and analyzed honeypot data

Question 17

Regex

Answer 17

Regular Expressions
Method used to describe a specific pattern of characters

Question 18

DLP

Answer 18

Data Loss Prevention

Question 19

OpenDLP

Answer 19

Free open-source server
Able to concurrently scan thousands of OSs

Question 20

DLP Bypass Techniques

Answer 20

Encoding, Ciphering, and Steganography

Question 21

DNS Record

Answer 21

Stores info about every site on the web
DNS records tell DNS servers which domain is associated with which IP

Question 22

Mail Protocols

Answer 22

SMTP (25): Outgoing mail
POP3 (110): Push mail
IMAP (143): Keep mail on server

Question 23

Email Spoofing

Answer 23

Forging email headers to fool recipients into trusting the message

Question 24

DNS Spoofing

Answer 24

Creating fake DNS records to redirect traffic to a malicious website

Question 25

SPF

Answer 25

Sender Policy Framework
Email authentication protocol
Store info about which IPs can send emails from a domain
Doesn’t work when forwarding emails

Question 26

DKIM

Answer 26

DomainKey Identified Mail
Email validation
Preformed on server level
Uses digital signatures

Question 27

DMARC

Answer 27

Domain-Based Message Authentication, Reporting, and Conformance
Fails DMARC check: Monitor, Quarantine, Reject
Can generate a report about outgoing emails

Question 28

MTA

Answer 28

Mail Transfer Agent
Application side
Forwards

Question 29

MDA

Answer 29

Mail Delivery Agent
Sorting and delivery

Question 30

SIEM

Answer 30

Security Information and Event Management
Detect security incidents early

Question 31

SIEM Workflow

Answer 31

Collection, Parsing, Evaluation, Correlation, Inspection

Question 32

Snort

Answer 32

Open-source IDS/IPS system
Can preform real time network traffic analysis

Question 33

Splunk

Answer 33

Search Header: Interface used to search and access data
Indexers: Log parsers
Small Components: Collect data to be sent to Splunk

Question 34

Pipe & Search

Answer 34

Advanced Syntax Queries
Pipe forms a chain of commands
Search is used with Pipe to filter the output

Question 35

AS & BY

Answer 35

Advanced Syntax Queries
AS renames a column
BY groups by field

Question 36

Alert Flow

Answer 36

Log Inspection
Rule Definition
Rule Testing
Fine Tuning
Production

Question 37

Aggregation Alerts

Answer 37

Consolidate logs with identical content
Detects attacks like brute-force and port scanning

Question 38

Correlation Alerts

Answer 38

Alerts from different events correlated to single event
Indicate similar suspicious behavior among various system products

Question 39

SOAR

Answer 39

Security Orchestration Automation Response
Designed to reduce need for human intervention

Question 40

SOAR Features

Answer 40

Security Incident Response: Tools that respond to security-related incidents
Security Operation Automation: Repetitive tasks can be automated

Question 41

IOT System Components

Answer 41

Edge Components, Smart Gateway, Connectors, Data Processing, User Interface