Cyber Sec 15

Question 1

3 What is typically not included in a pentesting Rules of Engagement?

Answer 1

The operating system the pentester may use
(Rules the pentester needs to follow|Test Scope|Permission to perform the test)

Question 2

4 What type of attack model is examplified in the image?(unfair)

Answer 2

Attack tree

Question 3

5 When you find a vulnerability, ethical disclosure dictates that you should….

Answer 3

Report it to the relevant vender to allow them time to fix it before it is publicly published.

Question 4

6 Enumeration includes…..

Answer 4

Scanning hosts for open ports

Question 5

7 Which of the following is primarily a tool for exploiting vulnerable systems
Hydra|Nmap|SHODAN|Metasploit

Answer 5

Metasploit

Question 6

10 A honeypot is….

Answer 6

A system or set of systems offered as bait to attackers

Question 7

11 A document which outlines the steps for handling a specific type of incident is called

Answer 7

A playbook

Question 8

12 Someone working in a SOC with analysis of threats and incidents is called a…

Answer 8

Security analyst

Question 9

13 SPLUNK is an example of a

Answer 9

SIEM

Question 10

14 A false positive is when an…

Answer 10

Alert is raised for benign event

Question 11

17 A technique used by malware to avoid detection is….

Answer 11

Polymorphism

Question 12

18 What is true about using virtual memory?

Answer 12

Uses a page table to map between virtual and physical memory

Question 13

19 Metadata includes…

Answer 13

Time stamps and permissions

Question 14

20 What tool is used to prohibit a computer from writing anything to a disk?

Answer 14

Write blocker

Question 15

21 Cyber-enabled crime is…

Answer 15

a traditional crime that utilizes cyber