July 2024

Question 1

URDF

Answer 1

Unified Robotic Description Format
Contains info about a platform (useful for high level understanding by the user)
Kinematics
Dynamics
Visual & Collision Properties
Sensors & Actuators
Modularity & Reusability

Basically the USD of Robotics

Question 2

STIG

Answer 2

Security Technical Implementation Guide
DISA STIG is a popular one (Defense Information Systems Agency)

Question 3

Ansible

Answer 3

An open source IT automation engine that automates provisioning, configuration management, application deployment, orchestration, and other IT stuff.

Question 4

Ansible vs. bash?

Answer 4

Bash: Do a thing - describes an action.
Ansible: Set a state - describes the state, then is capable of generating the necessary action(s)

Question 5

ClamAV

Answer 5

Anti-virus software for Linux

Question 6

Bitdefender

Answer 6

Anti-virus software for Linux
Discontinued the Home Linux, moved to pay.

Question 7

OSSEC

Answer 7

Open Source SECurity

Host-base Intrusion Detection System (HIDS)
Rootkit Detection
Active Response
Log Based Intrusion Detection
File Integrity Monitoring
System Inventory

Question 8

HIDS

Answer 8

Host Intrusion Detection System

Question 9

NIDS

Answer 9

Network Intrusion Detection System

Question 10

SNORT

Answer 10

open source Intrusion Prevention System (IPS)
series of rules -> help define malicious network activity
use rules to detect packets that match -> User alert

Question 11

IPS

Answer 11

Intrusion Prevention System

Question 12

rootkit

Answer 12

The worst kind of malware
Kernel parasite (or hidden really deep)

Question 13

Metasploitable

Answer 13

A version of Linux that is purposefully made vulnerable for the purpose of testing

Question 14

OpenSCAP

Answer 14

Configuration Checker
Security
Content
Automation
Protocol

Question 15

Lynis

Answer 15

POSIX security suite. Extensive health scan.

Security Auditing
Compliance Testing

Penetration Testing
Vulnerability Detection
System Hardening

Question 16

AIDE

Answer 16

Advanced Intrusion Detection Environment
Open Source HIDS (Host-based Intrusion Detection System)

Question 17

Nmap

Answer 17

The Network Mapper - Free Security Scanner
scan networks for hosts/services/open ports

Question 18

tool for exposing passwords & secrets in Git repos

Answer 18

Gitleaks

Question 19

Tripwire

Answer 19

Commercial Product
File Integrity & Change Monitoring
Security Configuration Management
Vulnerability and Risk Management
They offer “Managed Cybersecurity Services”

Question 20

Metasploit (not Metasploitable)

Answer 20

Exploitation Framework
links vulnerabilities with known exploits and allows you to just run them

Question 21

OpenVAS

Answer 21

Open Vulnerability Assessment Scanner
unauthenticated and authenticated testing
various high-level and low-level internet and industrial protocols
performance tuning for large-scale scans
powerful internal programming language

Question 22

Nessus

Answer 22

Commercial Vulnerability Analysis Tool.
OpenVAS was made as an open source alternative.

Question 23

Kali

Answer 23

Linux distro for cybersecurity

Question 24

Vulnerability Database

Answer 24

A local database of signatures (virus, packet, logs, etc) that is used when scanning for vulnerabilities. (Like Anti-Virus, they have databases or definitions too)

Question 25

ELK Stack

Answer 25

Elasticsearch
Logstash
Kibana
Beats

General tool for log analysis.

Take data from any source/format and search analyze & visualize

Elk Stack are tools for SIEM (Security Information and Event Management)

Question 26

Wazuh

Answer 26

Reporting/Triggering System for Big Data Analysis
Hook it up to Splunk and report/trigger on findings.

Question 26

SIEM

Answer 26

Security
Information
and Event
Management

Security Information Management (SIM) combined with
Security Event Management (SEM).

Collect from multiple sources, centralize, then analyze.

Question 26

Fail2Ban

Answer 26

Anti-Brute-Force
Consults auth.log for failed logins and bans hosts that do it too often

Question 27

jsql-injection

Answer 27

database penetration tester
automatic SQL injection (for gaining info)

Question 28

SSHGuard

Answer 28

anti-brute force
monitoring system logs
detecting attacks
blocking attackers using a firewall

Question 29

Moloch

Answer 29

PCAP on steroids
store and export all packets in standard PCAP format for later playback and analysis.
indexes stored packets for fast retrieval
named after deity known for child-sacrifice… Sheesh Stand in for Cannanite God Baal. –> Bahl (Baldur’s gate god of murder)

Question 30

Dr. Michael Shulman

Answer 30

Consultant (ex-Ford employee) brought in on Amendment #1
Help with testing and adhering to ITE CI guidelines

Question 31

ITE CI guidelines

Answer 31

Institue of Transportation Engineers - Connected Intersection

Question 32

OVAL

Answer 32

Open Vulnerability and Assessment Language

Question 33

Greenbone

Answer 33

Vulnerability Management Software (company)

Question 34

ArcherySec

Answer 34

Open Source Orchestration and Correlation Tool (ASOC)
Correlation as in (correlating data/evidence from multiple tools)

Question 34

Splunk

Answer 34

Commercial. searching, monitoring, analyzing big data (DBs, logs, sysfiles, etc)

Question 34

5 Pillars of Cybersecurity

Answer 34

Identify
Protect
Detect
Respond
Recover

Question 35

SPDU

Answer 35

Secured Protocol Data Units
pertains to WSM (WAVE Short Messages, part of DSRC)

Question 36

WAVE

Answer 36

Wireless Access in Vehicular Environments (WAVE)
A crucial component of DSRC