Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

NS_Spring2018 > L8: Threat Analysis > Flashcards

L8: Threat Analysis Flashcards

1
Q

Name the three phases of intelligence gathering used by attackers:

A

Footprinting (FP)
Scanning (S)
Enumeration (E)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Gathering information on OS, services, and architecture of the target system is called ______.

A

Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Gathering information on DNS, email servers, and IP Address range is called _______.

A

Footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Gathering information on network user and group names, routing tables, and network management protocols is called ________.

A

Enumeration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which protocol is used to break data into packets?

A

TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which protocol is used to move packets from router to router?

A

IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which protocol reassembles the data packets?

A

TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

With regards to computing, what is entropy?

A

Randomness for use in crypto or other applications that require random data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are two sources of entropy?

A

Hardware sources and randomness generators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Short lived domains are generally used by

A

Botnets (B)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Disposable domains are generally used by

A

Adware (A)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Anonymously registered domains are generally used by

A

Spyware (S)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Kopis and Notos are domain reputation systems. Which one has the global internet view?

A

Kopis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The number of distinct malware samples connected to IPs is an example of ________ features.

A

Evidence-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The average length of domain names and the occurrence freuency of different characters are examples of _________ features.

A

Zone-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The total number of IPs historically associated with geographical locations is an example of ________ features.

A

Network-based

17
Q

A dynamic malware-related domain detection system should have global visibility into DNS request and response messages.

A

True

18
Q

A dynamic malware-related domain detection system should not be able to detect malware domains before the infection reaches a local network.

A

False

19
Q

A dynamic malware-related domain detection system should not require data from other networks.

A

True

20
Q

A dynamic malware-related domain detection system should be able to detect malware-related domains even if there is no reputation data.

A

True

21
Q

One of the more successful methods to taking down a botnet requires investigators to find and target each bot in the net

A

False

22
Q

A proven method to stop botnets requires isolating the C&C domain from the botnet

A

True

23
Q

With regards to takedowns, P2P-based networks are much easier than C&C networks.

A

False

NS_Spring2018 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions