CMP eREAD Flashcards
True or False. Cybersecurity operations are driven by technical implementers
False. Cybersecurity programs are driven by senior leadership via governance
What is the name of the team that risk managers depend upon to assess whether work is being performed in accordance to policy?
Compliance
Risk __________ requires that activities with high levels of risk are stopped
Avoidance
What activity is focused on deconstructing a system to better understand the threats and exploits that might impact it?
Threat Modelling
The leadership teams would like to develop controls designed to provide oversight of various information systems. What type of control does this describe?
Managerial
A Web application firewall identifies and records any attempted or successful intrusion to a log file. What category of control does this describe?
Technical
After identifying that a port scan was performed on an internal database system, a security analyst performs a series of well-defined steps to further investigate the issue. What type of control does this describe?
Responsive
What is being analyzed when all potential pathways a threat actor could use to gain unauthorized access or control of a system are identified and documented?
Attack Surface
Systems, services and protocols are discovered and characterized by analyzing network packet captures. What type of discovery technique does this describe?
Passive discovery
True or False. Advanced endpoint protection tools eliminate the need for operating system patching
False. Patching is needed in addition to these tools.
True or false. Critical security patches are best implemented during the next most convenient maintenance window
False. Critical patches should be implemented immediately
What tool allows administrators to centrally create and enforce software settings?
Configuration management
True or False. Systems should not be monitored during maintenance windows to avoid confusion
False. Monitoring should still occur. But be aware of what changes are anticipated during the maintenance window
Which policy dictates how work is completed during a maintenance window?
Change Management
This threat actor group is generally associated with advanced persistent threats
Nation State
After gaining unauthorized access, an attacker takes time to remove evidence of the actions they performed. These actions are commonly known as _______-___________.
Anti-forensics
This Framework provides very detailed documentation regarding threat actor tactic, techniques, and procedures.
MITRE ATT&CK
True or False. Open -Source intelligence describes the use of Linux to identify potential attackers
False. Open-Source intelligence describes using openly available resources to look for information about threats
What type of threat intelligence is only available via subscription or by purchasing specialty vendor-supported equipment?
Closed, or proprietary sourced intelligence
What metric helps rank or score threat intelligence to help isolate applicable or highly likely threat intelligence?
Confidence level
What activity is best defined by the “assume breach” mindset?
Threat hunting
What term describes when an attacker has successfully moved to another system within the environment after gaining initial access?
Lateral Movement
True or False. Indicators of attack (IoA) depend upon forensic evidence to identify that unauthorized access has occurred
False. Utilizing forensic evidence is more closely associated with indicators of compromise (IoC) or searching for evidence that a breach occurred in the past
System intentionally created to appear vulnerable
Honeypot
