ECIHv2 Academia Questions Flashcards
What are the Information Security Threat Categories?
Host Threats
Network Threats
Application Threats
DNS and ARP Poisoning is what type of Information Security Threat Category?
Network Threats
A person or entity that is responsible for the incidents or has the potential to impact the security of an organization’s network is what type of actor?
Threat Actor
Script Kiddies, Organized Hackers and State Sponsored Attackers are all part of what?
Threat Actors
Recovery, Process Review and Practice are all part of which Incident Management guidelines?
OWASP
Jenny works on an Incident Response team for her organization. After a major incident, she is asked to check and verify as much as possible to get a positive confirmation from each party that in their opinion, everything is operating normally again. What Practice is Jenny taking part in?
Eradication and Recovery
Which standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization?
ISO/IEC 27001:2013
The NERC 1300 Cyber Security standard stands for what?
North American Electric Reliability Corporation
Federal law requires federal agencies to report incidents to the which Incident Response Center?
Federal Computer Incident Repsonse Center
Accurately detecting and assessing incidents are the most challenging and essential part of…
Signs of an Incident
What are the advantages of an Incident Response Orchestration?
It includes automated alarms that detect the incident and alert the response personnel with details
It allows responders to remotely assess the incident analysis results and manage the actions
It allows responders to configure different solutions to interact and streamline incident response action
Loss of productive hours, loss of business, and loss of theft of resources are considered…
Tangible Costs
What are the benefits when it comes to Incident handling and response (IH&R)?
The IH&R process provides a focused and structured approach for restoring normal business operations as quickly as possible after an incident
The decision to establish IH&R process is affected by inputs, complaints, and queries from all the stakeholders involved in the organization’s business processes
IH&R processes differ from organization to organization according to their business and operating environment
IH&R mission statements define the ____ and _____ of the planned incident handling and response capabilities
Purpose and Scope
Incident response procedures, also referred to as ___________, provide detailed processes to implement guidelines defined by IH&R plan and policy
Standard operating procedures (SOPs)
Which group is responsible for examining the computer network traffic for signs of incidents or attacks such as DoS, DDoS, firewall breach, or other malicious code?
Network Administrators
Organizations must implement several security controls. Which security control ensures that only selected or eligible employees have access to sensitive data, critical devices, and other necessary resources required to accomplish the assigned tasks?
Access Controls
Organizations must secure the network communications by implementing Packet Filters, IPsec, Virtual Private Network, and Secure Shell. Which is responsible for authenticating and validating the packets during transmission?
IPsec
A successful backup strategy must have two key features:
Security & Real-Time Offsite Backup
_______ refers to a contract between the organization and an insurer to protect related individuals from different threats and risks
Cyber Insurance
ManageEngine ServiceDesk Plus and AlienVault OSSIM are both websites used as
Ticketing Tools
Loss of personal password, failure to download antivirus signatures, and unsuccessful scans and probes in the networks are considered incidents at a _______
Low Level
Denial-of-Service attacks, the presence of harmful viruses, worms, and Trojan horse, or Suspected break-in in any computer of a company are all considered incidents at a _______
High Level
Report writing tools help incident handlers to generate efficient reports on detected incidents during incident handling and response process. What website is considered a note taking application that works on Windows, Linux, and MacOS X?
keepnote.org
What are examples of the objective of computer forensics?
Identify, gather, and preserve the evidence of a cyber crime
Find vulnerabilities and security loopholes
Recover deleted and hidden files
What is an important guideline for building an investigation team?
To appoint a person as a technical lead among the team members
James is a part of an incident response team that wants to ensure proper reaction against any mishap. Being forensically ready will allow him and his team to:
Eliminate the threat of repeated incidents
What refers to the first action performed after occurrence of a security incident?
First Response
The _____ ensure that the evidence is stored, examined, preserved, and examined in a way that protects the reliability and correctness of the evidence.
Principles of digital evidence collection
If the victim computer has an internet connection, the first responder must?
Unplug the network cable from the router and modem
What is the process of imaging or collecting information from various media in accordance with certain standards for analyzing its forensic value?
Forensic Data Acquisition
Volatile data is fragile and lost when the system loses power or the user switches it off. Where can this data be found?
Registries
Cache
RAM
What are tools used to calculate the hash value?
HashCalc
MD5 Calculator
HashMyFiles
The incident responder should collect information regarding network connections to and from the affected system, immediately after the report of any incident. What is a tool that can help gather this information?
Netstat
The first responder needs to prepare and check several prerequisites such as the availability of tools, reporting requirement, and ______ in order to conduct a successful investigation
Legal clearances
Andrea is a first responder and she wants to use forensics analysis tools to help her with collecting, managing, transferring, and storing necessary information required during forensics investigation. Which would be a beneficial tool for her to use?
Helix3
What is the most common type of attacks against any enterprise?
Malware
Which type of Malware is used to trick the victim into performing predefined action?
Trojan Horse
Which type of malware is access the victim’s computer or a network without the user’s knowledge?
Backdoor
What is considered a huge network of compromised systems used by attackers to perform denial-of-service (DoS) attacks?
Botnet
A type of Trojan that downloads other malware (or) malicious code and files from the internet on to the PC or device?
Downloader
Instant messenger applications, network propagation, email attachments, and decoy applications are all common ways attackers can _____?
Send a malware into a system
Jose is an incident responder who wants to eradicate malware security incidents. What steps should he include?
Content Filtering Tools & Network Security Devices
Blacklist & Antivirus
Manual Scan & Fixing Devices
What actions must take place in restoring email services after a malware incident?
Change passwords and enable scanning of links and attachments
When building a testbed there are some tools required for testing. What is an important tool for testing?
Sandbox
There are a ton of indications of malware incidents. What’s an important technique for users, tech support, administrators, and incident responders to help be able to identify?
Memory Dump/Static Analysis
John prefers using tools such as Mirekusoft and SysAnalyzer to help him at work. What is the primary use of these tools?
To monitor installation of malicious executables
________ is a built-in Windows tool that comes inbuilt in Windows 10/8/7 and searches for unsigned drivers on a system.
SIGVERIF
Email crimes can be categorized in two ways either by sending emails or supported by emails. What is a crime supported by Emails?
Cyberstalking
What crime refers to the unsolicited or undesired emails used to distribute malicious links and attachments, cause network congestion, perform phishing and financial frauds, and so on?
Spamming
There are several types of phishing that can occur. Which type targets high profile executives like CEO, CFO, politicians, and celebrities?
Whaling
Unavailability of the email server, sudden increase of advertising and spam emails, and change in email template and signature are all indicators of what?
Email Attacks
Netcraft,and PhishTank are tools for detecting _____&_____?
Phishing/Spam
Removing malware, isolating the critical systems infected with malware, blocking the compromised email accounts, and performing other email security hardening measures are all a part of _____.
Eradication
What are guidelines to prevent spam?
Avoid giving email ID to unnecessary or unsecured websites
Do not use or subscribe to sites that access email contact list
Use long email ID with numbers and underscore to prevent spammers
Identity theft occurs when someone uses your personal information in a malicious way. What is the best way to avoid identity theft from happening?
Review your credit card reports regularly
When it comes to email incidents changing passwords, informing banks, contacting law enforcement, and making an insurance claim are all a part of which step?
Recovery
David is an incident handler and wants to determine the email origin by matching the domain name for an IP address. Which website would he use?
arin.net
This type of identity theft occurs when a victim’s bank account and credit card information are stolen and used illegally by a thief.
Financial
Organizations must be able to handle and respond to various email attacks by developing and implementing proper incident response plan against the known attacks. This includes email filtering, email monitoring tools, and ________.
Developing an acceptable email usage policy
When discussing common network security incidents, these threats prevent the authorized users from accessing network resources.
Denial-of-Service Incidents
Reconnaissance attacks, sniffing and spoofing attacks, firewall attacks, and brute forcing attacks are all types of _______.
Unauthorized Access Incidents
There are many indications of unauthorized access incidents. Which indication would be applicable if there are suspicious tools or exploits and unpredicted open ports?
Changes in system configuration
User reports regarding network or system unavailability, System status changes, Misplaced hardware parts, and Unauthorized hardware found are all indications of _____.
Physical Intrusion
There are four main common types of reconnaissance attacks that are attempted by the attackers in order to exploit the networks. Which type tricks people into revealing sensitive information?
Social Engineering
A ______ is a basic network scanning technique that is employed to determine which range of IP addresses map to live hosts (computers).
Ping Sweeping
The most common way of networking computers is through a _______
Ethernet
What is a guideline for network security measures to prevent an unauthorized access incident?
Design the network in such a way that it blocks the suspicious traffic
Jane is an incident responder who wants to detect and access the malware present in the network and then eliminate it. Which website could she use to view logs in real time and identify malware propagation?
kiwisyslog.com
In a DoS attack, attackers flood the victim system with ___________ or traffic to overload its resources.
Non-legitimate Service Requests
Crashing a service by interacting with it in an unexpected way and Hanging a system by causing it to go into an infinite loop are examples of?
DoS attacks
Permanent DoS, also known as ________, refers to attacks that cause irreversible damage to system hardware
Phlashing
Insecure Coding, Configuration Errors, Platform Vulnerabilities, and Logic Errors are all causes of what?
Web Incidents
________ is an international organization that provides top 10 vulnerabilities and flaws of web applications.
OWASP
Kevin is an attacker who is exploiting vulnerabilities by performing an XSS attack. What are two types of exploitations that he can perform?
Data Theft and Data Manipulation
What method is an attack in which an authenticated user is made to perform certain tasks on the web application that an attacker chooses? For example, a user clicking on a link sent through an email or chat
Cross-Site Forgery
Sarah is a hacker who is using a method called __________ on victim systems to analyze users’ surfing habits and sell that information to other attackers or to launch various attacks on the victims’ web applications.
Cookie Snooping
If a hacker is identifying the kinds of websites a target company is frequently surfing and injecting malicious code that redirects the page to downloading malware, what kind of attack are they pursuing?
Watering Hole Attacks
What is another name for Cross-Site Request Forgery (CSRF)?
One-click Attack
_________ can contain session-specific data such as user IDs, passwords, account numbers, links to shopping cart contents, supplied private information, and session IDs.
Cookies
What is the name of the primary tool placed on the edge of a network and assists in filtering or blocking malicious content from entering or leaving web applications?
Web Application Firewall (WAF)
Proxy Servers act as doorways between the user and the web application that are browsed by the user. What are they used to prevent?
IP blocking and Maintain Anonymity.
Limiting the length of user input, using custom error messages, and disabling commands like xp_cmdshell are all different ways to eradicate _______.
SQL Injection Attacks
Charles is an incident handler who wants to eradicate insecure deserialization attacks. Which measure should he take?
Guard sensitive data during deserialization
Resource pooling, rapid elasticity, distributed storage, and broad network access are all characteristics of _______?
Cloud Computing
What would be considered a limitation of cloud computing?
Security, privacy, and compliance issues
Prone to outages and other technical issues
Contracts and lock-ins
This cloud computing service enables subscribers to use on demand fundamental IT resources such as computing power, virtualization, data storage, network, and so on. Some of the advantages from this service include global accessibility, policy-based services, and guaranteed uptime.
Infrastructure-as-a-Service (IaaS)
What would be considered an advantage and a disadvantage when comparing a private cloud to a public cloud?
A private cloud is more expensive but is also more secure
Attackers use __________ (e.g., Wireshark, Cain and Abel) to capture sensitive data such as passwords, session cookies, and other web service-related security configurations
Packet Sniffers
Chad is an incident responder who wants to monitor user and network activities, changes in files, and registry entries. What tool should he use to accomplish these tasks?
Tripwire
________ is the cloud server security platform with all the security functions you need to safely deploy servers in public and hybrid clouds
CloudPassage Halo
There are various threats to be aware of when dealing with cloud computing. Which type of threat arises because of incomplete and non-transparent terms of use, hidden dependency created by cross-cloud applications, inappropriate CSP selection, and lack of supplier redundancy?
Supply Chain Failure
There are four types of Domain Name System (DNS) attacks. Which type Involves conducting phishing scams by registering a domain name that is similar to that of a cloud service provider?
Cybersquatting
There are four types of Domain Name System (DNS) attacks. Which type involves registering an elapsed domain name?
Domain Snipping
Insecure or obsolete encryption makes cloud services susceptible to what type of attack?
Cryptanalysis
_________ refers to ability of a single cloud to handle data, accounts, systems, and applications of various organizations
Elasticity
Megan is a disgruntled employee who wants to take her companies secrets and send the data to competitors by using a steganography. Which type of attack would she be committing?
Insider Attack
What would be considered a harmful insider who uses their technical knowledge to identify the weaknesses and vulnerabilities of the company’s network and sell the confidential information to the competitors or black-market bidders?
Professional
There are several indicators of insider threats. The most common indicator of an insider threat is lack of awareness of employees against security measures. Examples of this may include_________.
Multiple Failed Login Attempts
Responders can figure out who is leaking information to the public or to another entity by giving a person a piece of data and waiting to see if the information makes it way to the public domain. What is the name of this technique?
Mole Detection
Incident handlers can employ tools such as _________, _________, and _________, to monitor, collect, detect, and analyze different activities of users on the network
User Behavior Analytics (UBA)
SIEM
DLP Technologies
Analyzing log files help incident handlers to detect the perpetrator. Analyzing _______ logs will help incident handler in understanding established connections, uploads, downloads, and requested URLs.
Network
Dhru is an incident handler who needs to perform a network traffic analysis. Which website will help him in detecting established malicious connections, the type and number of devices accessed, and exfiltrated data?
Wireshark
What command may give the incident responder valuable insight into what is happening within the server system? This command allows the incident handler to view and retrieve the active transaction log files for a specific database.
Database Consistency Checker (DBCC)
ObserveIT, Ekran System and DataRobot are both important tools that detect ______.
Insider Threats
What is a common technique that incident responders can use to secure the confidential data of a company from spies and eradicate different insider threats?
Limiting and controlling access
What are examples of best practices to avoid insider threats?
Monitor employee behaviors and the computer systems used by employees
Implement secure backup and disaster recovery processes for business continuity
Disable remote access and screen sharing activities for all the users
Joe is an employee who attacked his company to make a political statement by publicizing the company’s sensitive information. What is the driving force behind this insider attack?
Hacktivism
