Exam 2

Question 1

Why do most organizations monitor their network environment, according to the text?

A) To optimize network bandwidth usage
B) To understand typical activities
C) To increase employee productivity
D) To enforce company policies

Answer 1

To understand typical activities

Question 2

What is the purpose of establishing a database of key risk indicators (KRIs) based on monitoring network activities, according to the text?

A) To optimize network performance
B) To improve customer satisfaction
C) To enhance employee training programs
D) To assess and manage potential risks

Answer 2

To assess and manage potential risks

Question 3

What does a Key Risk Indicator (KRI) measure in the context of network activity?

A) Network downtime
B) Employee satisfaction
C) Normal range of specific network activity indicators
D) Customer engagement

Answer 3

Normal range of specific network activity indicators

Question 4

What does it indicate when a Key Risk Indicator (KRI) exceeds its normal bounds in network monitoring?

A) Improved network efficiency
B) Potential security compromise (IOC)
C) Enhanced data encryption
D) Increased employee satisfaction

Answer 4

Potential security compromise (IOC)

Question 5

What does an Indicator of Compromise (IOC) typically indicate in the context of cybersecurity?

A) A successful cybersecurity breach
B) Early stages of a potential attack
C) Routine network maintenance
D) Employee misconduct

Answer 5

Early stages of a potential attack

Question 6

What is the primary purpose of predictive analysis in cybersecurity?

A) To recover data after an attack
B) To detect and respond to ongoing attacks
C) To discover an attack before it occurs
D) To assess network bandwidth usage

Answer 6

To discover an attack before it occurs

Question 7

How does making an Indicator of Compromise (IOC) available contribute to cybersecurity efforts?

A) It ensures compliance with industry standards
B) It aids in predicting and preventing future attacks
C) It enhances network bandwidth utilization
D) It improves employee productivity metrics

Answer 7

It aids in predicting and preventing future attacks

Question 8

What are the two primary categories of threat intelligence sources?

A) Corporate and personal
B) Internal and external
C) Open source and closed source
D) Active and passive

Answer 8

Open source and closed source

Question 9

According to the text, what defines an “open source” in the context of threat intelligence?

A) Information available to the public without restrictions
B) Information accessible only to authorized personnel
C) Information sourced from government agencies
D) Information obtained through paid subscriptions

Answer 9

Information available to the public without restrictions

Question 10

What are the primary concerns associated with public information sharing centers?

A) Compatibility with existing systems and software
B) Availability of skilled personnel
C) Privacy of shared information and speed of information sharing
D) Cost-effectiveness and return on investment

Answer 10

Privacy of shared information and speed of information sharing

Question 11

What precaution should an organization take when sharing IOCs and attack details after being a victim of an attack?

A) Avoid sharing proprietary or sensitive information
B) Ensure all employees are aware of the incident
C) Implement stricter network security measures
D) Update software and hardware regularly

Answer 11

Avoid sharing proprietary or sensitive information

Question 12

What does Automated Indicator Sharing (AIS) technology facilitate in cybersecurity?

A) Human-to-human communication
B) Exchange of cyberthreat indicators via computer-to-computer communication
C) Secure data storage in the cloud
D) Real-time network monitoring

Answer 12

Exchange of cyberthreat indicators via computer-to-computer communication

Question 13

How does Automated Indicator Sharing (AIS) improve upon traditional email alerts in cybersecurity?

A) It reduces the number of alerts received
B) It enhances email encryption protocols
C) It automates the process of reading and reacting to alerts
D) It improves email server performance

Answer 13

It automates the process of reading and reacting to alerts

Question 14

How do STIX and TAXII contribute to Automated Indicator Sharing (AIS) in cybersecurity?

A) By facilitating the exchange of cyberthreat indicators
B) By providing encryption for sensitive data
C) By automating network monitoring processes
D) By improving incident response times

Answer 14

By facilitating the exchange of cyberthreat indicators

Question 15

What is Structured Threat Information Expression (STIX) primarily used for in cybersecurity?

A) Encrypting sensitive data
B) Automating network monitoring
C) Exchanging cyberthreat intelligence
D) Enhancing employee training

Answer 15

Exchanging cyberthreat intelligence

Question 16

How does STIX enhance the representation of threat information in cybersecurity?

A) By converting text-based reports into visual diagrams
B) By incorporating real-time threat feeds
C) By representing threat information using objects and relationships
D) By automating incident response procedures

Answer 16

By representing threat information using objects and relationships

Question 17

What is TAXII primarily used for in cybersecurity?

A) Automating network monitoring
B) Securely exchanging cyberthreat intelligence over HTTPS
C) Encrypting sensitive data
D) Enhancing employee training

Answer 17

Securely exchanging cyberthreat intelligence over HTTPS

Question 18

What is the primary purpose of a vulnerability database in cybersecurity?

A) Storing network configuration data
B) Tracking employee performance metrics
C) Maintaining customer service records
D) Managing known vulnerabilities and their exploitation details

Answer 18

Managing known vulnerabilities and their exploitation details

Question 19

What are the primary tasks involved in securing endpoint computers?

A) Ensuring network connectivity, optimizing file storage, and installing updates
B) Confirming secure startup, protecting from attacks, and hardening for enhanced protection
C) Monitoring email usage, encrypting web traffic, and restricting social media access
D) Auditing system logs, analyzing network traffic, and managing user permissions

Answer 19

Correct answer: B) Confirming secure startup, protecting from attacks, and hardening for enhanced protection

Question 20

Where is the BIOS typically located in a computer system?

A) On the hard drive
B) In the RAM
C) On the motherboard
D) In the processor

Answer 20

On the motherboard

Question 21

What are the typical steps performed by the BIOS during a legacy boot process when the computer is powered on?

A) Connecting to the internet, updating antivirus definitions, and launching applications
B) Initializing hardware, performing Power-On Self-Test (POST), and locating the bootloader
C) Checking email, synchronizing system clocks, and optimizing memory usage
D) Authenticating user credentials, launching virtual machines, and scanning for malware

Answer 21

Initializing hardware, performing Power-On Self-Test (POST), and locating the bootloader

Question 22

What is the initial function performed by the BIOS when a computer is powered on?

A) Initializing network connections
B) Testing computer components with POST
C) Loading operating system files
D) Encrypting hard drive data

Answer 22

Testing computer components with POST

Question 23

After completing the Power-On Self-Test (POST), what does the BIOS typically do next during the boot process?

A) Load device drivers
B) Authenticate user credentials
C) Reference the Master Boot Record (MBR)
D) Check for operating system updates

Answer 23

Reference the Master Boot Record (MBR)

Question 24

What role does the partition table play in the computer’s boot process?

A) Authenticates user credentials
B) Loads device drivers
C) Instructs the BIOS where to locate the operating system (OS)
D) Executes antivirus scans

Answer 24

Instructs the BIOS where to locate the operating system (OS)

Question 25

Discuss the advantages of storing BIOS contents in flash memory for computer systems. How does this capability facilitate the updating of BIOS firmware and the addition of new features?

Answer 25

Computer systems stored BIOS contents in flash memory for easy updates, enabling firmware updates to add new features.

Question 26

Describe the purpose of UEFI (Unified Extensible Firmware Interface) and explain how it improves upon BIOS by providing enhanced functionality.

Answer 26

UEFI (Unified Extensible Firmware Interface) was developed to replace BIOS, adding enhanced functionality

Question 27

List 5 enhancements that UEFI (Unified Extensible Firmware Interface) offers over BIOS, and briefly explain how each enhancement improves system performance or functionality

Answer 27

UEFI (Unified Extensible Firmware Interface) offers numerous enhancements over BIOS, such as supporting hard drives larger than two terabytes (TB), unlimited primary partitions, quicker boot times, and built-in networking for remote troubleshooting. It also features a more advanced user interface for configuration and information.

Question 28

Discuss the cybersecurity threat posed by BIOS attacks. Explain how threat actors could exploit vulnerabilities in BIOS updates to infect the BIOS with malware.

Answer 28

Updating the BIOS in firmware also introduced the risk of BIOS attacks, where threat actors could create malware to infect the BIOS.

Question 29

BIOS attack

Answer 29

exploit the update feature of the BIOS

Question 30

Describe why BIOS attacks are difficult to detect and disinfect once a computer’s BIOS has been infected.

Answer 30

Since the BIOS resides in firmware, an infected BIOS could persistently re-infect the computer each time it was powered on, making BIOS attacks challenging to detect and disinfect

Question 31

UEFI, used along with other components, is designed to

Answer 31

combat these BIOS vulnerabilities and provide improved boot security

Question 32

What is the primary objective of validating each element used in every step of the boot process in terms of boot security?

A) Ensuring compatibility with peripheral devices
B) Enhancing graphical user interface (GUI) responsiveness
C) Preventing unauthorized modifications to system components
D) Optimizing memory allocation

Answer 32

C) Preventing unauthorized modifications to system components

Explanation:
Boot security involves validating that each element used in each step of the boot process has not been modified to prevent unauthorized alterations to critical system components. This ensures the integrity and security of the system during startup.

Question 33

chain of trust

Answer 33

This process starts with validating the initial element (boot software). After confirming its integrity, it proceeds to validate subsequent items (like software drivers) until control is transferred to the operating system.

Question 34

how does of chain of trust work

Answer 34

each element relies on the confirmation of the previous element to know that the entire process is secure

Question 35

What is the term used to describe the starting point of security checks beginning with hardware?
A) Root of Modification
B) Root of Trust
C) Chain of Attestation
D) Trustworthy Software

Answer 35

Root of Trust

Question 36

According to the text, why is hardware considered the strongest starting point for security?
A) It is easy to modify
B) It cannot be verified
C) It is permanently fixed
D) It provides a hardware root of trust

Answer 36

It provides a hardware root of trust

Question 37

What does “boot attestation” refer to in the context of the text?
A) Verification of software integrity
B) Initialization of hardware components
C) The process of checking the OS
D) Relying on hardware verification

Answer 37

Relying on hardware verification

Question 38

How does each subsequent security check rely upon hardware in the described process?
A) It validates the OS first
B) It begins with software checks
C) It starts with hardware verification
D) It modifies the hardware

Answer 38

It starts with hardware verification

Question 39

What is the primary benefit of starting security checks with hardware, as mentioned in the text?
A) It ensures software modification
B) It establishes a chain of trust
C) It simplifies the validation process
D) It avoids hardware verification

Answer 39

It establishes a chain of trust

Question 40

Legacy BIOS Boot

Answer 40

Uses BIOS for boot functions

Question 41

advantages of Legacy BIOS boot

Answer 41

Compatible with older systems

Question 42

disadvantages of Legacy BIOS boot

Answer 42

No security features

Question 43

UEFI Native Mode

Answer 43

Uses UEFI standards for boot functions

Question 44

advantages of UEFI native mode

Answer 44

Security boot modules can be patched or updated as needed.

Question 45

disadvantages of UEFI Native mode

Answer 45

No validation or protection of the boot process

Question 46

Secure Boot

Answer 46

Each firmware and software executable at boot time must be verified as having prior approval

Question 47

advantages of Secure boot

Answer 47

All system firmware, bootloaders, kernels, and other boot-time executables are validated

Question 48

disadvantages of secure boot

Answer 48

Custom hardware, firmware, and software may not pass without first being submitted to system vendors like Microsoft

Question 49

Trusted Boot

Answer 49

Windows OS checks the integrity of every component of boot process before loading it.

Question 50

advantages of trusted boot

Answer 50

Takes over where Secure Boot leaves off by validating the Windows 10 software before loading it

Question 51

disadvantages of trusted boot

Answer 51

Requires using Microsoft OS

Question 52

measured boot

Answer 52

Computer’s firmware logs the boot process so the OS can send it to a trusted server to assess the security.

Question 53

advantages of a measured boot

Answer 53

Provides highest degree of security

Question 54

disadvantages of a measured boot

Answer 54

Could slow down the boot process