Exam 2 Flashcards
Why do most organizations monitor their network environment, according to the text?
A) To optimize network bandwidth usage
B) To understand typical activities
C) To increase employee productivity
D) To enforce company policies
To understand typical activities
What is the purpose of establishing a database of key risk indicators (KRIs) based on monitoring network activities, according to the text?
A) To optimize network performance
B) To improve customer satisfaction
C) To enhance employee training programs
D) To assess and manage potential risks
To assess and manage potential risks
What does a Key Risk Indicator (KRI) measure in the context of network activity?
A) Network downtime
B) Employee satisfaction
C) Normal range of specific network activity indicators
D) Customer engagement
Normal range of specific network activity indicators
What does it indicate when a Key Risk Indicator (KRI) exceeds its normal bounds in network monitoring?
A) Improved network efficiency
B) Potential security compromise (IOC)
C) Enhanced data encryption
D) Increased employee satisfaction
Potential security compromise (IOC)
What does an Indicator of Compromise (IOC) typically indicate in the context of cybersecurity?
A) A successful cybersecurity breach
B) Early stages of a potential attack
C) Routine network maintenance
D) Employee misconduct
Early stages of a potential attack
What is the primary purpose of predictive analysis in cybersecurity?
A) To recover data after an attack
B) To detect and respond to ongoing attacks
C) To discover an attack before it occurs
D) To assess network bandwidth usage
To discover an attack before it occurs
How does making an Indicator of Compromise (IOC) available contribute to cybersecurity efforts?
A) It ensures compliance with industry standards
B) It aids in predicting and preventing future attacks
C) It enhances network bandwidth utilization
D) It improves employee productivity metrics
It aids in predicting and preventing future attacks
What are the two primary categories of threat intelligence sources?
A) Corporate and personal
B) Internal and external
C) Open source and closed source
D) Active and passive
Open source and closed source
According to the text, what defines an “open source” in the context of threat intelligence?
A) Information available to the public without restrictions
B) Information accessible only to authorized personnel
C) Information sourced from government agencies
D) Information obtained through paid subscriptions
Information available to the public without restrictions
What are the primary concerns associated with public information sharing centers?
A) Compatibility with existing systems and software
B) Availability of skilled personnel
C) Privacy of shared information and speed of information sharing
D) Cost-effectiveness and return on investment
Privacy of shared information and speed of information sharing
What precaution should an organization take when sharing IOCs and attack details after being a victim of an attack?
A) Avoid sharing proprietary or sensitive information
B) Ensure all employees are aware of the incident
C) Implement stricter network security measures
D) Update software and hardware regularly
Avoid sharing proprietary or sensitive information
What does Automated Indicator Sharing (AIS) technology facilitate in cybersecurity?
A) Human-to-human communication
B) Exchange of cyberthreat indicators via computer-to-computer communication
C) Secure data storage in the cloud
D) Real-time network monitoring
Exchange of cyberthreat indicators via computer-to-computer communication
How does Automated Indicator Sharing (AIS) improve upon traditional email alerts in cybersecurity?
A) It reduces the number of alerts received
B) It enhances email encryption protocols
C) It automates the process of reading and reacting to alerts
D) It improves email server performance
It automates the process of reading and reacting to alerts
How do STIX and TAXII contribute to Automated Indicator Sharing (AIS) in cybersecurity?
A) By facilitating the exchange of cyberthreat indicators
B) By providing encryption for sensitive data
C) By automating network monitoring processes
D) By improving incident response times
By facilitating the exchange of cyberthreat indicators
What is Structured Threat Information Expression (STIX) primarily used for in cybersecurity?
A) Encrypting sensitive data
B) Automating network monitoring
C) Exchanging cyberthreat intelligence
D) Enhancing employee training
Exchanging cyberthreat intelligence
How does STIX enhance the representation of threat information in cybersecurity?
A) By converting text-based reports into visual diagrams
B) By incorporating real-time threat feeds
C) By representing threat information using objects and relationships
D) By automating incident response procedures
By representing threat information using objects and relationships
What is TAXII primarily used for in cybersecurity?
A) Automating network monitoring
B) Securely exchanging cyberthreat intelligence over HTTPS
C) Encrypting sensitive data
D) Enhancing employee training
Securely exchanging cyberthreat intelligence over HTTPS
What is the primary purpose of a vulnerability database in cybersecurity?
A) Storing network configuration data
B) Tracking employee performance metrics
C) Maintaining customer service records
D) Managing known vulnerabilities and their exploitation details
Managing known vulnerabilities and their exploitation details
What are the primary tasks involved in securing endpoint computers?
A) Ensuring network connectivity, optimizing file storage, and installing updates
B) Confirming secure startup, protecting from attacks, and hardening for enhanced protection
C) Monitoring email usage, encrypting web traffic, and restricting social media access
D) Auditing system logs, analyzing network traffic, and managing user permissions
Correct answer: B) Confirming secure startup, protecting from attacks, and hardening for enhanced protection
Where is the BIOS typically located in a computer system?
A) On the hard drive
B) In the RAM
C) On the motherboard
D) In the processor
On the motherboard
What are the typical steps performed by the BIOS during a legacy boot process when the computer is powered on?
A) Connecting to the internet, updating antivirus definitions, and launching applications
B) Initializing hardware, performing Power-On Self-Test (POST), and locating the bootloader
C) Checking email, synchronizing system clocks, and optimizing memory usage
D) Authenticating user credentials, launching virtual machines, and scanning for malware
Initializing hardware, performing Power-On Self-Test (POST), and locating the bootloader