Module 01 - Introduction to Ethical Hacking ( EC Mode ) Flashcards

1
Q

Which technique is used by attackers to snoop on the communication between users or devices and record private information to launch passive attacks?

A. Eavesdropping
B. Spoofing
C. Session hijacking
D. Privilege escalation

A

Answer: A. Eavesdropping

Session Hijacking: It is an attack where active session of the user is intercepted and stolen by an attacker.

Privilege Escalation: It is a process of leveraging OS or application’s bug, design flaw or misconfiguration in order to obtain elevated access to their resources.

Spoofing: It is a process of fooling the target device or user by tampering the original message/request and pretending to be trusted origin.

Eavesdropping: It is the process of listening to the communication between users or devices and record private information to launch attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which warfare category involves the use of viruses, worms, Trojan horses, or sniffers to automatically shut down systems, corrupt data, steal information or services, send fraudulent messages, and access unauthorized data?

A. C2 warfare
B. Electronic warfare
C. Hacker warfare
D. Psychological warfare

A

Answer: C. Hacker warfare

Psychological warfare: Psychological warfare is the use of various techniques such as propaganda and terror to demoralize one’s adversary in an attempt to succeed in battle.

Hacker warfare: The purpose of this type of warfare can vary from the shutdown of systems, data errors, theft of information, theft of services, system monitoring, false messaging, and access to data.

C2 warfare: In the computer security industry, C2 warfare refers to the impact an attacker possesses over a compromised system or network that they control.

Electronic warfare: It uses radio-electronic and cryptographic techniques to degrade the communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the name of the close-in attack technique where an attacker examines an organization’s trash for discarded sensitive information such as usernames, passwords, credit-card statements, bank statements, ATM receipts, social security numbers, and private telephone numbers?

A. Wiretapping
B. Dumpster diving
C. Pod slurping
D. Shoulder surfing

A

Answer: B. Dumpster diving

Pod slurping: Pod slurping is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer.

Shoulder surfing: It is a type of data theft where attackers steal personal information or confidential information by looking over the target’s shoulders.

Dumpster diving: Dumpster diving may even provide attackers with even more sensitive information, such as usernames, passwords, credit card statements, bank statements, ATM receipts, Social Security numbers, private telephone numbers, checking account numbers, or other sensitive data.

Wiretapping: Monitoring telephone and Internet-based conversations by a third party secretly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which category of information warfare refers to a sensor-based technology that can directly disrupt technological systems?

A. Electronic warfare
B. Economic warfare
C. Psychological warfare
D. Intelligence-based warfare

A

Answer: D. Intelligence-based warfare

Economic warfare: It can affect the economy of a business or nation by blocking the flow of information.

Intelligence-based warfare: Intelligence-based warfare is a sensor-based technology that directly corrupts technological systems. According to Libicki, “intelligence-based warfare” is warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battlespace.

Psychological warfare: Psychological warfare is the use of various techniques such as propaganda and terror to demoralize one’s adversary in an attempt to succeed in battle.

Electronic warfare: Attempt to disrupt the means of sending information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which information security element includes a checksum and access control to verify that a given block of data is not changed in transit and ensures that only authorized personnel can update, add, or delete data?

A. Availability
B. Integrity
C. Confidentiality
D. Non-repudiation

A

Answer: B. Integrity

Non-Repudiation: Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

Confidentiality: Confidentiality is the assurance that the information is accessible only to authorized. Confidentiality breaches may occur due to improper data handling or a hacking attempt. Confidentiality controls include data classification, data encryption, and proper disposal of equipment (such as DVDs, USB drives, and Blu-ray discs).

Integrity: Integrity is the trustworthiness of data or resources in the prevention of improper and unauthorized changes—the assurance that information is sufficiently accurate for its purpose. Measures to maintain data integrity may include a checksum (a number produced by a mathematical function to verify that a given block of data is not changed) and access control (which ensures that only authorized people can update, add, or delete data).

Availability: Availability is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users. Measures to maintain data availability can include disk arrays for redundant systems and clustered machines, antivirus software to combat malware, and distributed denial-of-service (DDoS) prevention systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which category of information warfare involves the use of various techniques such as propaganda and terror to demoralize the adversary in an attempt to succeed in battle?

A. Intelligence-based warfare
B. Electronic warfare
C. Command and control warfare (C2 warfare)
D. Psychological warfare

A

Answer: D. Psychological warfare

Command and control warfare (C2 warfare): In the computer security industry, C2 warfare refers to the impact an attacker possesses over a compromised system or network that they control.

Intelligence-based warfare: Intelligence-based warfare is a sensor-based technology that directly corrupts technological systems. According to Libicki, “intelligence-based warfare” is warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battlespace.

Electronic warfare: According to Libicki, electronic warfare uses radio-electronic and cryptographic techniques to degrade the communication. Radio electronic techniques attack the physical means of sending information, whereas cryptographic techniques use bits and bytes to disrupt the means of sending information.

Psychological warfare: Psychological warfare is the use of various techniques such as propaganda and terror to demoralize one’s adversary in an attempt to succeed in battle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Bob recently joined an organization and completed his training. His work involved dealing with important documents of the organization. On one Sunday, he connected to the corporate network by providing authentication credentials to access a file online from his residence.

Which element of information security was demonstrated in the scenario where Bob connects to the corporate network by providing authentication credentials to access a file online from his residence?

A. Integrity
B. Authenticity
C. Availability
D. Non-repudiation

A

Answer: C. Availability

Integrity: The trustworthiness of data or resources in terms of preventing improper or unauthorized changes.

Non-Repudiation: A guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

Authenticity: Refers to the characteristic of a communication, document, or any data that ensures the quality of being genuine.

Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Sam, an attacker, was hired to launch an attack on an organization to disrupt its operations and gain access to a remote system for compromising the organization’s internal network. In the process, Sam launched an attack to tamper with the data in transit to break into the organization’s network.

What type of attack did Sam perform against the target organization by tampering with the data in transit to break into the organization’s network?

A. Insider attack
B. Distribution attack
C. Active attack
D. Passive attack

A

Answer: C. Active attack

Passive Attacks: Passive attacks do not tamper with the data and involve intercepting and monitoring network traffic and data flow on the target network.

Insider Attacks: Insider attacks involve using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems.

Distribution Attacks: Distribution attacks occur when attackers tamper with hardware or software prior to installation.

Active Attacks: Active attacks tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Don, a professional hacker, was hired to break into an organization’s network and extract sensitive data. In the attack process, Don found that the organization has purchased new hardware. He accessed the new hardware while it was in transit and tampered with it to launch further attacks on the target organization.

What type of attack did Don perform on the target organization by tampering with the new hardware while it was in transit to launch further attacks?

A. Passive attack
B. Active attack
C. Insider attack
D. Distribution attack

A

Answer: D. Distribution attack

Passive Attacks: Passive attacks do not tamper with the data and involve intercepting and monitoring network traffic and data flow on the target network.

Insider Attacks: Insider attacks involve using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems.

Distribution Attacks: Distribution attacks occur when attackers tamper with hardware or software prior to installation.

Active Attacks: Active attacks tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following fundamental elements of information security refers to an assurance that the information is accessible only to those authorized to have access?

A. Authenticity
B. Integrity
C. Availability
D. Confidentiality

A

Answer: D. Confidentiality

Confidentiality: Confidentiality is the assurance that the information is accessible only to those who are authorized to have access. Confidentiality controls include data classification, data encryption, and proper equipment disposal (i.e. of DVDs, CDs, etc.).

Integrity: Integrity is the trustworthiness of data or resources in the prevention of improper and unauthorized changes—the assurance that information is sufficiently accurate for its purpose. Measures to maintain data integrity may include a checksum, access control, etc.

Availability: Availability is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users. Measures to maintain data availability can include redundant systems’ disk arrays and clustered machines, antivirus software to stop malware from destroying networks, and distributed denial-of-service (DDoS) prevention systems.

Authenticity: Authenticity refers to the characteristic of a communication, document, or any data that ensures the quality of being genuine or uncorrupted. The major role of authentication is to confirm that a user is genuine, one who he / she claims to be. Controls such as biometrics, smart cards, and digital certificates ensure the authenticity of data, transactions, communications, or documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-malware/virus software, and an insurance application developed by a contractor. All the software updates and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the desktop computers, including the use of Applocker to restrict the installation of any third-party applications.

There are one hundred employees who work from their home offices. Employees who work from home use their own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is synchronized with the corporate internal domain service. The computers are updated and patched through the cloud-based domain service. Applocker is not used to restrict the installation of third-party applications.

The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-based file server. The protocol that they have chosen is Authentication Header (AH).

The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices.

Based on the knowledge of the network topology, which of the main elements of information security has Highlander, Incorporated, NOT addressed in its plans for its laptops?

A. Confidentiality
B. Availability
C. Integrity
D. Authenticity

A

Answer: A. Confidentiality

Explanation:
Highlander, Incorporated, has not addressed confidentiality.

They have chosen to use Authentication Header, which will digitally sign the packets. That will allow the company to guarantee integrity, authenticity, and non-repudiation. The use of work folders will allow employees to gain access to data, even when the network connection fails. Direct access is used when connecting to the Highlander, Incorporated, hosted network, not the cloud-based file servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following close-in attacks is performed by an attacker to gather information by observing the target’s activity at the closest proximity?

A. ARP poisoning
B. Denial of service
C. Shoulder surfing
D. DNS spoofing

A

Answer: C. Shoulder surfing

Shoulder surfing: Performed by observing the target’s activity at closest proximity. Shoulder surfing steals personal information or confidential information by peering over the target’s shoulders.

Denial-of-service (DoS): Causing the services to be unavailable for the target system.

ARP poisoning: ARP poisoning technique generally used by attackers to perform sniffing on a target network.

DNS Spoofing: DNS spoofing, the attacker tricks a DNS server into believing that it has received authentic information when, in reality, it has not received any.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which category of information warfare involves the use of information systems against the virtual personas of individuals or groups and includes information terrorism, semantic attacks, and simula-warfare?

A. Intelligence-based warfare
B. Electronic warfare
C. Economic warfare
D. Cyberwarfare

A

Answer: D. Cyberwarfare

Cyberwarfare: Libicki defines cyber warfare as the use of information systems against the virtual personas of individuals or groups. It is the broadest of all information warfare. It includes information terrorism, semantic attacks (similar to Hacker warfare, but instead of harming a system, it takes over the system while maintaining the perception that it is operating correctly), and simula-warfare (simulated war, for example, acquiring weapons for mere demonstration rather than actual use).

Economic warfare: Libicki notes that economic information warfare can affect the economy of a business or nation by blocking the flow of information. This could be especially devastating to organizations that do a lot of business in the digital world.

Intelligence-based warfare: Intelligence-based warfare is a sensor-based technology that directly corrupts technological systems. According to Libicki, “intelligence-based warfare” is warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battlespace.

Electronic warfare: According to Libicki, electronic warfare uses radio-electronic and cryptographic techniques to degrade the communication. Radio electronic techniques attack the physical means of sending information, whereas cryptographic techniques use bits and bytes to disrupt the means of sending information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

James, a professional hacker, is performing an attack on a target organization. He succeeded in gathering information about the target and identified vulnerabilities existing in the target network. He is now in the process of exploiting the vulnerabilities to enter the target’s network and escalate privileges so that he can have complete access to the target system.

Which phase of hacking is James currently in where he has identified vulnerabilities and is exploiting them to enter the target’s network and escalate privileges to gain complete access?

A. Reconnaissance
B. Maintaining access
C. Scanning
D. Gaining access

A

Answer: D. Gaining access

Reconnaissance: Reconnaissance refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack

Gaining Access: Gaining access refers to the point where the attacker obtains access to the operating system or applications on the target computer or network. The attacker can escalate privileges to obtain complete control of the system. In this process, the target’s connected intermediate systems are also compromised

Scanning: Scanning refers to the pre-attack phase when the attacker scans the network for specific information based on information gathered during reconnaissance

Maintaining Access: Maintaining access refers to the phase when the attacker tries to retain their ownership of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In which hacking phase does an attacker create a profile of the target organization and obtain information such as its IP address range, namespace, and employees?

A. Enumeration
B. Scanning
C. Footprinting
D. Vulnerability analysis

A

Answer: C. Footprinting

Scanning: Attackers use different types of scanning methods or tools for host discovery, port and service discovery, operating system (OS) discovery, and evading endpoint security devices such as intrusion detection systems (IDSs) and firewalls.

Vulnerability Analysis: Process to identify security loopholes in the target organization’s network, communication infrastructure, and end systems.

Footprinting: Vulnerability assessment is an examination of the ability of a system or application, including its current security procedures and controls, to withstand the assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

Enumeration: Enumeration is a method of intrusive probing, through which attackers gather information such as network user lists, routing tables, security flaws, and Simple Network Management Protocol (SNMP) data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In which of the following hacking stages does an attacker use Trojans, spyware, backdoors, and keyloggers to create and maintain remote access to a system?

A. Executing applications
B. Covering tracks
C. Gaining access
D. Escalating privileges

A

Answer: A. Executing applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following techniques is used by an attacker for identifying the active hosts, open ports, and unnecessary services enabled on target hosts?

A. Vulnerability analysis
B. Scanning
C. Footprinting
D. Enumeration

A

Answer: B. Scanning

Footprinting: Footprinting is the process of accumulating data about a specific network environment. In the footprinting phase, the attacker creates a profile of the target organization and obtains information such as its IP address range, namespace, and employees.

Enumeration: Enumeration is a method of intrusive probing, through which attackers gather information such as network user lists, routing tables, security flaws, and Simple Network Management Protocol (SNMP) data. This is of significance, because the attacker ranges over the target territory to glean information about the network, and shared users, groups, applications, and banners.

Scanning: Scanning is a procedure used for identifying active hosts, open ports, and unnecessary services enabled on particular hosts. Attackers use different types of scanning methods for host discovery, port and service discovery, operating system (OS) discovery, and evading endpoint security devices such as intrusion detection systems (IDSs) and firewalls.

Vulnerability Analysis: Vulnerability assessment is an examination of the ability of a system or application, including its current security procedures and controls, to withstand the assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Joel, a professional hacker, has targeted an organization to steal sensitive information remotely. He was successful in the attack and was able to access sensitive data of the organization. He is now trying to wipe out the entries corresponding to his activities in the system to remain undetected.

Which of the following hacking steps is Joel performing now?

A. Gaining access
B. Escalating privileges
C. Clearing logs
D. Maintaining access

A

Answer: C. Clearing logs

Gaining Access: Password cracking involves gaining access to low-privileged user accounts by cracking passwords using techniques such as brute-forcing, password guessing, and social engineering. Attackers exploit the identified vulnerabilities, such as buffer overflows, to gain root-level access to the target system.

Escalating Privileges: After gaining access, attackers then escalate their privileges to administrative levels, to perform a protected operation. Attackers exploit vulnerabilities that exist in OSs and software applications to escalate privileges.

Clearing Logs: To maintain future system access, attackers attempt to avoid recognition by legitimate system users. To remain undetected, attackers wipe out the entries corresponding to their activities in the system logs, thus avoiding detection by users.

Maintaining Access: After successfully gaining access and escalating privileges to the target system, attackers ensure that high levels of access are maintained to perform malicious activities such as executing malicious applications and stealing, hiding, or tampering with sensitive system files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In which of the following phases of the cyber kill chain methodology does an adversary select or create a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim?

A. Weaponization
B. Installation
C. Reconnaissance
D. Delivery

A

Answer: A. Weaponization

Reconnaissance: This phase involves an attacker gathering information about the target, such as IP addresses, domain names, email addresses, and user accounts.

Weaponization: In this phase, the attacker creates a malware payload or other type of exploit and bundles it into a deliverable format, such as a malicious email attachment or a website.

Delivery: This phase involves the attacker delivering the weaponized payload to the target, typically through phishing emails or other social engineering tactics.

Exploitation: In this phase, the attacker exploits a vulnerability in the target system to execute the payload and gain a foothold on the system.

Installation: Once the attacker gains a foothold on the target system, they can install additional tools and malware to establish persistence and maintain access to the system.

Command and Control (C2): After establishing persistence, the attacker creates a communication channel between the compromised system and a C2 server, which allows them to remotely control the system and execute further commands.

Actions on Objective: In the final phase, the attacker achieves their ultimate goal, which could include stealing sensitive data, disrupting operations, or deploying additional malware to other systems on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following IoC categories is useful for command and control, malware delivery, and identifying details about the operating system, browser type, and other computer-specific information?

A. Network indicators
B. Behavioral indicators
C. Host-based indicators
D. Email indicators

A

Answer: A. Network indicators

Explanation:
Network Indicators: They are useful for command and control, malware delivery, and identifying details about the operating system, browser type, and other computer-specific information.

Host-based Indicators: Host-based indicators are found by performing an analysis of the infected system within the organizational network.

Behavioral Indicators: Behavioral IoCs are used to identify specific behavior related to malicious activities such as code injection into the memory or running the scripts of an application.

Email Indicators: Socially engineered emails are preferred due to their ease of use and comparative anonymity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A phase of the cyber kill chain methodology triggers the adversary’s malicious code, which utilizes a vulnerability in the operating system, application, or server on a target system. At this stage, the organization may face threats such as authentication and authorization attacks, arbitrary code execution, physical security threats, and security misconfiguration.

Which is this phase of the cyber kill chain methodology?

A. Exploitation
B. Weaponization
C. Reconnaissance
D. Installation

A

Answer: A. Exploitation

Reconnaissance: An adversary performs reconnaissance to collect as much information about the target as possible to probe for weak points before attacking.

Weaponization: The adversary selects or creates a tailored deliverable malicious payload (remote-access malware weapon) using an exploit and a backdoor to send it to the victim.

Exploitation: Exploitation triggers the adversary’s malicious code to exploit a vulnerability in the operating system, application, or server on a target system. At this stage, the organization may face threats such as authentication and authorization attacks, arbitrary code execution, physical security threats, and security misconfiguration.

Installation: The adversary downloads and installs more malicious software on the target system to maintain access to the target network for an extended period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Lisa, a security analyst, was tasked with analyzing and documenting the possibility of cyberattacks against an organization. In this task, she followed the diamond model of intrusion analysis. During the initial analysis, Lisa started determining the strategies, methods, procedures, or tools that an attacker might use against the organization’s network.

Which of the following features of the diamond model did Lisa employ in the above scenario?

A. Adversary
B. Victim
C. Infrastructure
D. Capability

A

Answer: D. Capability

Victim: The victim is the target that has been exploited or the environment where the attack was performed. The adversary exploits the vulnerabilities or security loopholes in the victim’s infrastructure by using their resources.

Adversary: An adversary often refers to an opponent or hacker responsible for the attack event. An adversary takes advantage of a capability against the victim to perform a malicious activity for financial benefit or to damage the reputation of the victim.

Capability: Capability refers to all the strategies, methods, and procedures associated with an attack. It can also be malware or a tool used by an adversary against the target.

Infrastructure: Infrastructure refers to the hardware or software used in the network by the target that has a connection with the adversary. It refers to “what” the adversary has used to reach the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which meta-feature of the diamond model can help a security analyst analyze how an attacker was routed to the target network or system?

A. Resource
B. Result
C. Timestamp
D. Direction

A

Answer: D. Direction

Resource: Resource feature entails the use of external resources like tools or technology used to perform the attack. It includes hardware, software, access, knowledge, data, etc.

Timestamp: This feature can reveal the time and date of an event. It is important as it can indicate the beginning and end of the event. It also helps in analysis and determining the periodicity of the event.

Result: The result is the outcome of any event. For example, the result of an attack can be success, failure, or unknown.

Direction: This feature refers to the direction of the attack. For instance, the direction can indicate how the adversary was routed to the victim. This feature can be immensely helpful when describing network-based and host-based events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which meta-feature of the diamond model helps a security analyst in determining the progress of an attack or any malicious activity?

A. Phase
B. Direction
C. Resource
D. Timestamp

A

Answer: A. Phase

Timestamp: This feature can reveal the time and date of an event. It is important as it can indicate the beginning and end of the event.

Phase: The phase helps in determining the progress of an attack or any malicious activity. The different phases of an attack include the phases used in the cyber kill chain framework: reconnaissance, weaponization, delivery, exploitation, etc.

Resource: Resource feature entails the use of external resources like tools or technology used to perform the attack. It includes hardware, software, access, knowledge, data, etc.

Direction: This feature refers to the direction of the attack. For instance, the direction can indicate how the adversary was routed to the victim. This feature can be immensely helpful when describing network-based and host-based events.

25
Q

John, a security professional, was tasked with intrusion analysis on a compromised system. For this purpose, John followed the diamond model of intrusion analysis. In this process, John analyzed the hardware and software used by the target and verified whether they have any connection with the attacker. This verification helped John in determining what the attacker used to reach the victim.

Which of the following features of the diamond model did John employ in the above scenario?

A. Result
B. Timestamp
C. Infrastructure
D. Direction

A

Answer: C. Infrastructure

Timestamp: This feature can reveal the time and date of an event. It is important as it can indicate the beginning and end of the event. It also helps in analyzing and determining the periodicity of the event.

Direction: This feature refers to the direction of the attack. For instance, the direction can indicate how the adversary was routed to the victim.

Result: The result is the outcome of any event. For example, the result of an attack can be success, failure, or unknown.

Infrastructure: Infrastructure refers to the hardware or software used in the network by the target that has a connection with the adversary. It refers to “what” the adversary has used to reach the victim.

26
Q

Which meta-feature of the diamond model can assist a security analyst in describing the relationship between infrastructure and capability?

A. Technology
B. Socio-political
C. Direction
D. Result

A

Answer: A. Technology

Socio-political meta-feature: The socio-political meta-feature describes the relationship between the adversary and victim.

Direction: This feature refers to the direction of the attack. For instance, the direction can indicate how the adversary was routed to the victim.

Technology Meta-feature: The technology meta-feature describes the relationship between the infrastructure and capability. This meta-feature describes how technology can enable both infrastructure and capability for communication and operation.

Result: The result is the outcome of any event. For example, the result of an attack can be success, failure, or unknown.

27
Q

Nick, a security professional, was tasked with performing intrusion analysis on a compromised network of an organization. For this purpose, Nick employed the diamond model of intrusion analysis. As part of the analysis, Nick determined the periodicity of the event and documented the occurrence details of that event. These details helped him correlate similar events and trace the duration of the attack on the target network.

Identify the event meta-feature of the diamond model implemented by Nick in the above scenario.

A. Phase
B. Timestamp
C. Resource
D. Direction

A

Answer: B. Timestamp

Phase: The phase helps in determining the progress of an attack or any malicious activity.

Direction: This feature refers to the direction of the attack. For instance, the direction can indicate how the adversary was routed to the victim.

Resource: Resource feature entails the use of external resources like tools or technology used to perform the attack. It includes hardware, software, access, knowledge, data, etc.

Timestamp: This feature can reveal the time and date of an event. It is important as it can indicate the beginning and end of the event. It also helps in analysis and determining the periodicity of the event.

28
Q

Which meta-feature of the diamond model helps security professionals determine whether an attack was successful?

A. Timestamp
B. Resource
C. Methodology
D. Result

A

Answer: D. Result

Resource: Resource feature entails the use of external resources like tools or technology used to perform the attack. It includes hardware, software, access, knowledge, data, etc.

Timestamp: This feature can reveal the time and date of an event. It is important as it can indicate the beginning and end of the event. It also helps in analysis and determining the periodicity of the event.

Result: The result is the outcome of any event. For example, the result of an attack can be success, failure, or unknown.

Methodology: The methodology refers to any technique that is used by the adversary to perform an attack. This feature allows the analyst to define the overall class of action performed.

29
Q

Given below are the various phases of the cyber kill chain methodology.

1.Installation
2.Reconnaissance
3.Weaponization
4.Exploitation
5.Actions on objectives
6.Delivery
7.Command and control

What is the correct sequence of phases involved in the cyber kill chain methodology?

A. 3 -> 1 -> 2 -> 6 -> 7 -> 4 -> 5
B. 2 -> 4 -> 3 -> 5 -> 6 -> 1 -> 7
C. 1 -> 2 -> 3 -> 4 -> 5 -> 6 -> 7
D. 2 -> 3 -> 6 -> 4 -> 1 -> 7 -> 5

A

Answer: D. 2 -> 3 -> 6 -> 4 -> 1 -> 7 -> 5

Reconnaissance: Gather data on the target to probe for weak points.

Weaponization: Create a deliverable malicious payload using an exploit and a backdoor.

Delivery: Send weaponized bundle to the victim using email, USB, etc.

Exploitation: Exploit a vulnerability by executing code on the victim’s system.

Installation: Install malware on the target system.

Command and Control: Create a command and control channel to communicate and pass data back and forth.

Actions on Objectives: Perform actions to achieve intended objectives/goals.

30
Q

Which category of PRE-ATT&CK techniques is associated with the MITRE ATT&CK framework for describing attacks?

A. Deliver
B. Weaponize
C. Execute
D. Exploit

A

Answer: B. Weaponize

PRE-ATT&CK Techniques:
Recon
Weaponize

Enterprise ATT&CK Techniques:
Deliver
Exploit
Control
Execute
Maintain

31
Q

Which category of hackers can increase awareness of their social or political agendas and boost their reputations in online and offline arenas?

A. Suicide hackers
B. White hats
C. Script kiddies
D. Hacktivists

A

Answer: D. Hacktivists

White hats: White hats or penetration testers are individuals who use their hacking skills for defensive purposes.

Hacktivists: Hacktivism is when hackers break into government or corporate computer systems as an act of protest.

Script Kiddies: Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers.

Suicide hackers: Suicide hackers are similar to suicide bombers who sacrifice their life for an attack and are thus not concerned with the consequences of their actions.

32
Q

Which of the following types of hackers compromise systems by running scripts, tools, and software developed by real hackers and usually focus on the quantity rather than quality of the attacks they initiate?

A. State-sponsored hackers
B. Cyber terrorists
C. Script kiddies
D. Suicide hackers

A

Answer: C. Script kiddies

Suicide Hackers: Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide bombers who sacrifice their life for an attack and are thus not concerned with the consequences of their actions.

Cyber Terrorists: Cyber terrorists are individuals with a wide range of skills, motivated by religious or political beliefs, to create fear of large-scale disruption of computer networks.

State-Sponsored Hackers: State-sponsored hackers are individuals employed by the government to penetrate, gain top-secret information from, and damage the information systems of other governments.

Script Kiddies: Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. They usually focus on the quantity rather than the quality of the attacks that they initiate.

33
Q

Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for more than 15 years and has become very successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years; he just wants the company to pay for what they are doing to him. What would Yancey be considered?

Quiz: What would Yancey be considered?

A. Yancey would be considered a suicide hacker.
B. Yancey is a hacktivist hacker since he is standing up to a company that is downsizing.
C. Since he does not care about going to jail, he would be considered a black hat.
D. Because Yancey works for the company currently, he would be a white hat.

A

Answer: A. Yancey would be considered a suicide hacker.

Explanation:

Black hats are individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers.

Individuals professing to have hacker skills and using them for defensive purposes and are security analysts are known as white hats.

Hacktivists are individuals who promote a political agenda by hacking, especially by defacing or disabling websites.

Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment.

34
Q

Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate.

A. Gray hats
B. Hacktivist
C. Script kiddies
D. Suicide hackers

A

Answer: C. Script kiddies

Explanation:

Hacktivist: Hacktivists are individuals who promote a political agenda by hacking, especially by defacing or disabling websites.

Script Kiddies: Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate.

Gray Hats: Gray hats are the individuals who work both offensively and defensively at various times. Gray hats fall between white and black hats.
Gray hats might help hackers in finding various vulnerabilities of a system or network and at the same time help vendors to improve products (software or hardware) by checking limitations and making them more secure.

Suicide Hackers: Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide bombers, who sacrifice their life for an attack and are thus not concerned with the consequences of their actions.

35
Q

Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and gain access to an AIX server to show the results to his boss.

What kind of role is shown in the scenario?

A. Gray hat hacker
B. White hat hacker
C. Black hat hacker
D. Annoying employee

A

Answer: A. Gray hat hacker.

Explanation:

Gray Hats:
Gray hats are the individuals who work both offensively and defensively at various times. Gray hats fall between white and black hats. Gray hats might help hackers in finding various vulnerabilities of a system or network and at the same time help vendors to improve products (software or hardware) by checking limitations and making them more secure.

Hacktivist:
Hacktivists are individuals who promote a political agenda by hacking, especially by defacing or disabling websites.

Script Kiddies:
Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. They usually focus on the quantity of attacks rather than the quality of the attacks that they initiate.

Suicide Hackers:
Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide bombers, who sacrifice their life for an attack and are thus not concerned with the consequences of their actions.

36
Q

Which of the following terms refers to a person or security professional who employs their hacking skills for defensive purposes?

A. Hacker
B. Ethical hacker
C. Cracker
D. Adversary

A

Answer: B. Ethical hacker.

Explanation:

The noun “hacker” refers to a person who enjoys learning the details of computer systems and stretching their capabilities.

The terms “cracker” and “Adversary” refer to persons who employ their hacking skills for offensive purposes.

The term “ethical hacker” refers to security professionals who employ their hacking skills for defensive purposes.

37
Q

Jake, an ethical hacker, was appointed by an organization to run a security audit and to test for possible loopholes and vulnerabilities on its network. Jake has completed all the necessary steps for performing the security audit and disclosed the vulnerabilities in the network.

Given below are the steps for performing a security audit of an organization.

  1. Organize an ethical hacking team and prepare the schedule for testing.
  2. Analyze the results of the testing and prepare a report.
  3. Talk to the client and discuss the needs to be addressed during the testing.
  4. Present the findings to the client.
  5. Prepare and sign NDA documents with the client.
  6. Conduct the test.
    What is the correct sequence of steps involved in performing a security audit?

A. 3 -> 5 -> 2 -> 1 -> 6 -> 4
B. 1 -> 3 -> 4 -> 2 -> 5 -> 6
C. 3 -> 5 -> 1 -> 6 -> 2 -> 4
D. 2 -> 1 -> 3 -> 5 -> 4 -> 6

A

Answer: C. 3 -> 5 -> 1 -> 6 -> 2 -> 4

Explanation:

The following steps provide a framework for performing a security audit of an organization, which will help in ensuring that the test is organized, efficient, and ethical:

  1. Talk to the client and discuss the needs to be addressed during the testing
  2. Prepare and sign NDA documents with the client
  3. Organize an ethical hacking team and prepare the schedule for testing
  4. Conduct the test
  5. Analyze the results of the testing and prepare a report
  6. Present the report findings to the client
38
Q

Anonymous, a known hacker group, claims to have taken down 20,000 Twitter accounts linked to the Islamic State in response to the Paris attacks that left 130 people dead.

How can you categorize this attack by Anonymous?

A. Cracking
B. Hacktivism
C. Spoofing
D. Social engineering

A

Answer: B. Hacktivism.

Explanation:

Hacktivism is when hackers break into government or corporate computer systems as an act of protest. In the above scenario, the hacker group breaks into the Islamic State corporate computer system in response to the Paris attack. Hence, Hacktivism is the correct option.

39
Q

Individuals who promote security awareness or a political agenda by performing hacking are known as:

A. Script kiddies
B. Hacktivists
C. Suicide hackers
D. Cyber terrorists

A

Answer: B. Hacktivists.

Explanation:

Hacktivists: Hackers who break into government or corporate computers as an act of protest or to increase awareness.

Cyber terrorists: Individuals motivated by religious or political beliefs to create fear of large-scale disruption.

Script kiddies: Unskilled hackers who compromise systems by running scripts, tools, and software developed by other hackers.

Suicide hackers: Hackers who aim to bring down critical infrastructure and do not worry about being caught and facing jail terms or any other kind of punishments.

40
Q

Highlander, Incorporated, decides to hire an ethical hacker to identify vulnerabilities at the regional locations and ensure system security.

What is the main difference between a hacker and an ethical hacker when they are trying to compromise the regional offices of Highlander, Incorporated?

A. Hackers don’t have any knowledge of the network before they compromise the network.
B. Ethical hackers have the permission of upper management.
C. Hackers have more sophisticated tools.
D. Ethical hackers have the permission of the regional server administrators.

A

Answer: B. Ethical hackers have the permission of upper management.

Explanation:

Ethical hackers have the permission of upper management (those with authority to approve the test)

41
Q

Which of the following phases of incident handling and response helps responders prevent the spread of infection to other organizational assets and avoid additional damage?

A. Recovery
B. Incident recording and assignment
C. Incident triage
D. Containment

A

Answer: D. Containment.

Explanation:

Incident Triage: In this phase, the identified security incidents are analyzed, validated, categorized, and prioritized.

Incident Recording and Assignment: In this phase, the initial reporting and recording of the incident take place.

Containment: This phase helps to prevent the spread of infection to other organizational assets, preventing additional damage.

Recovery: After eliminating the causes for the incidents, the IH&R team restores the affected systems, services, resources, and data through recovery.

42
Q

Given below are the four key steps of the risk management phase.

  1. Risk treatment
  2. Risk tracking and review
  3. Risk assessment
  4. Risk identification

What is the correct sequence of steps involved in the risk management phase?

A. 3 -> 4 -> 2 -> 1
B. 2 -> 1 -> 3 -> 4
C. 1 -> 2 -> 3 -> 4
D. 4 -> 3 -> 1 -> 2

A

Answer: D. 4 -> 3 -> 1 -> 2

Explanation:

The four key steps commonly termed as risk management phases are:

Risk Identification: The initial step of the risk management plan. Its main aim is to identify the risks—including the sources, causes, and consequences of the internal and external risks affecting the security of the organization before they cause harm.

Risk Assessment: This phase assesses the organization’s risks and estimates the likelihood and impact of those risks. Risk assessment is an ongoing iterative process that assigns priorities for risk mitigation and implementation plans, which in turn help to determine the quantitative and qualitative value of risk.

Risk Treatment: Risk treatment is the process of selecting and implementing appropriate controls on the identified risks in order to modify them. The risk treatment method addresses and treats the risks according to their severity level. Decisions made in this phase are based on the results of a risk assessment.

Risk Tracking and Review: An effective risk management plan requires a tracking and review structure to ensure effective identification and assessment of the risks as well as the use of appropriate controls and responses.

43
Q

Given below are different steps in the threat modeling process.

  1. Identify threats
  2. Identify security objectives
  3. Decompose the application
  4. Application overview
  5. Identify vulnerabilities

What is the correct sequence of steps in the threat modeling process?

A. 5 -> 2 -> 3 -> 1 -> 4
B. 1 -> 2 -> 3 -> 4 -> 5
C. 2 -> 1 -> 5 -> 3 -> 4
D. 2 -> 4 -> 3 -> 1 -> 5

A

Answer: D. 2 -> 4 -> 3 -> 1 -> 5.

Explanation:

The threat modeling process involves five steps:

  1. Identify security objectives.
  2. Application overview.
  3. Decompose the application.
  4. Identify threats.
  5. Identify vulnerabilities.
44
Q

Jude, a security professional in an organization, was instructed to strengthen the security of the organization. In the process, to prevent direct attacks against an information system, Jude implemented a strategy based on the military principle that it is more difficult for an enemy to defeat a complex and multi-layered security system.

What is the security strategy that Jude has implemented to prevent direct attacks against the information system?

A. Information assurance
B. Incident management
C. Threat modeling
D. Defense-in-depth

A

Answer: D. Defense-in-depth.

Explanation:

Threat Modeling: Threat modeling is a risk assessment approach for analyzing the security of an application by capturing, organizing, and analyzing all the information that affects it. The threat model consists of three major building blocks: understanding the adversary’s perspective, characterizing the security of the system, and determining threats.

Incident Management: Incident management is a set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore the system to normal service operations as soon as possible, and prevent recurrence of the incident.

Information Assurance: IA refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during the usage, processing, storage, and transmission of information. Security experts accomplish information assurance with the help of physical, technical, and administrative controls.

Defense-in-Depth: Defense-in-depth is a security strategy in which security professionals use several protection layers throughout an information system. This strategy uses the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defense system than to penetrate a single barrier. Defense-in-depth helps to prevent direct attacks against an information system and its data because a break in one layer only leads the attacker to the next layer.

45
Q

In machine-learning classification techniques, which of the following is a subcategory of supervised learning that is used when the data classes are not separated or the data are continuous?

A. Clustering
B. Classification
C. Dimensionality reduction
D. Regression

A

Answer: D. Regression.

Explanation:

Dimensionality reduction: Dimensionality reduction is the process of reducing the dimensions (attributes) of data.

Classification: Classification includes completely divided classes. Its main task is to define the test sample to identify its class.

Clustering: Clustering divides the data into clusters based on their similarities, regardless of class information.

Regression: Regression is used when data classes are not separated, such as when the data is continuous.

46
Q

If the final set of security controls does not eliminate all the risk in a system, what could be done next?

A. If the residual risk is low enough, it can be accepted.
B. Ignore any remaining risk.
C. Continue to apply controls until there is zero risk.
D. Remove current controls since they are not completely effective.

A

Answer: A. If the residual risk is low enough, it can be accepted.

Explanation:

Risk refers to a probability of the occurrence of a threat or an event that may damage, cause loss, or have other negative impact either from internal or external liabilities.

To reduce or eliminate the risk, organizations implement various information security controls to prevent unwanted events from occurring, but some risks will remain at a certain level, and this is what residual risks are.

If the securing controls fail in eliminating the complete risk, then reusing the same or removing them does not make any sense.

Once you find out what residual risks are, what do you do with them? Basically, you have these three options:

  1. If the level of risks is below the acceptable level of risk, then you do nothing—the management needs to formally accept those risks.
  2. If the level of risks is above the acceptable level of risk, then you need to find out some new (and better) ways to mitigate those risks.
  3. If the level of risks is above the acceptable level of risk, and the costs of decreasing such risks would be higher than the impact itself, then you need to propose to the management to accept these high risks.
47
Q

Which security strategy requires using several, diverse methods to protect IT systems against attacks?

A. Exponential backoff algorithm
B. Covert channels
C. Three-way handshake
D. Defense in depth

A

Answer: D. Defense in depth.

Explanation:

Defense in depth is a security strategy in which several protection layers are placed throughout an information system. This strategy uses the military principle that it is more difficult for an enemy to defeat a complex and multilayered defense system than to penetrate a single barrier. Defense in depth helps to prevent direct attacks against an information system and its data because a break in one layer leads the attacker only to the next layer.

48
Q

In which phase of the risk management process does an analyst calculate the organization’s risks and estimate the likelihood and impact of those risks?

A. Risk identification
B. Risk treatment
C. Risk monitoring and review
D. Risk assessment

A

Answer: D. Risk assessment.

Explanation:

Risk management is the process of reducing and maintaining risk at an acceptable level by means of a well-defined and actively employed security program. It involves identifying, assessing, and responding to the risks by implementing controls to help the organization manage the potential effects.

The four key steps commonly termed as risk management phases are:

Risk Identification: It is the initial step of the risk management plan. The main aim is to identify the risks - sources, causes, consequences, etc. of the internal and external risks affecting the security of the organization before they cause harm to the organization.

Risk Assessment: This phase assesses the organization’s risks and estimates the likelihood and impact of those risks. Risk assessment is an ongoing iterative process and assigns priorities for risk mitigation and implementation plans, which help to determine the quantitative and qualitative value of risk.

Risk Treatment: Risk treatment is the process of selecting and implementing appropriate controls on the identified risks in order to modify them. The risk treatment method addresses and treats the risks, according to their severity level.

Risk Tracking and Review: The tracking and review process should determine the measures adopted, the procedures adopted, and ensure that information gathered for undertaking the assessment was appropriate. The review phase evaluates the performance of the implemented risk management strategies.

49
Q

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications.

As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network.

The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their devices.

Management at Highlander, Incorporated, has agreed to develop an incident management process after discovering laptops were compromised and the situation was not handled in an appropriate manner.

What is the first phase that Highlander, Incorporated, needs to implement within their incident management process?

A. Preparation for incident handling and response
B. Containment
C. Classification and prioritization
D. Forensic investigation

A

Answer: A. Preparation for incident handling and response.

Explanation:

Highlander, Incorporated, has to train their staff on the type of incidents they may encounter and how to use appropriate tools before they begin handling actual incidents.

Classification and prioritization occur after an incident has been reported, and the severity of the incident is being figured out.

Containment happens after the appropriate subject matter experts are notified and advise on what steps to take.

Forensic investigation begins after the initial containment.

50
Q

Bayron is the CEO of a medium size company with regional operations in America. He recently hired a security analyst to implement an Information Security Management System (ISMS) to minimize risk and limit the impact of a security breach. The analyst was asked to design and implement patch management, vulnerability management, IDS deployment, and security incident handling procedures for the company.

Which of these is a reactive process?

A. Patch management
B. Security incident handling
C. Vulnerability management
D. IDS deployment

A

Answer: B. Security incident handling.

Explanation:

The preventive controls/processes consist of methods or techniques that help in avoiding incidents.

Examples of preventive processes:

Patch management
Vulnerability management
IDS deployment
The reactive controls consist of methods or techniques that help in responding to incidents.

Examples of reactive processes:

Incident handling
Forensics
Disaster recovery

51
Q

Which of the following is the type of threat intelligence that provides contextual information about security events and incidents to help defenders disclose potential risks and provide greater insight into attacker methodologies?

A. Technical threat intelligence
B. Tactical threat intelligence
C. Strategic threat intelligence
D. Operational threat intelligence

A

Answer: D. Operational threat intelligence

52
Q

Which of the following tasks DOES NOT fall under the scope of ethical hacking?

A. Pen testing
B. Vulnerability scanning
C. Defense-in-depth implementation
D. Risk assessment

A

Answer: C. Defense-in-depth implementation

53
Q

Which of the following countries’ cyber laws include the Patents (Amendment) Act, 1999; Trademarks Act, 1999; and The Copyright Act, 1957?

A. USA
B. UK
C. India
D. China

A

Answer: C. India.

Explanation:

Cyber Law in Different Countries

USA: The Lanham (Trademark) Act (15 USC §§ 1051 - 1127)

China: Copyright Law of the People’s Republic of China (Amendments on October 27, 2001)

India: The Patents (Amendment) Act, 1999, Trade Marks Act, 1999, The Copyright Act, 1957

UK: The Copyright, Etc. and Trademarks (Offenses And Enforcement) Act 2002

54
Q

Which of the following titles of SOX consists of four sections; defines practices to restore investor confidence in securities analysts; defines the SEC’s authority to censure or bar securities professionals from practice; and defines the conditions to bar a person from practicing as a broker, advisor, or dealer?

A. Title III: Corporate Responsibility
B. Title VII: Studies and Reports
C. Title V: Analyst Conflicts of Interest
D. Title VI: Commission Resources and Authority

A

Answer: D. Title VI: Commission Resources and Authority

Explanation:

Title V: Analyst Conflicts of Interest: Title V consists of only one section that discusses the measures designed to help restore investor confidence in the reporting of securities analysts. It defines the code of conduct for securities analysts and requires that they disclose any knowable conflicts of interest.

Title VI: Commission Resources and Authority: Title VI consists of four sections and defines practices to restore investor confidence in securities analysts. It also defines the SEC’s authority to censure or bar securities professionals from practice and defines the conditions to bar a person from practicing as a broker, advisor, or dealer.

Title VII: Studies and Reports: Title VII consists of five sections and requires the Comptroller General and the Securities and Exchange Commission (SEC) to perform various studies and to report their findings.

Title III: Corporate Responsibility: Title III consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports.

55
Q

Which of the following guidelines or standards governs the credit card industry?

A. Control Objectives for Information and Related Technology (COBIT)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Payment Card Industry Data Security Standards (PCI DSS)

A

Answer: D. Payment Card Industry Data Security Standards (PCI DSS).

Explanation:

Control Objectives for Information and Related Technology (COBIT): According to ISACA “The COBIT 5 framework for the governance and management of enterprise IT is a leading-edge business optimization and growth roadmap that leverages proven practices, global thought leadership and ground-breaking tools to inspire IT innovation and fuel business success.”

Sarbanes-Oxley Act (SOX): According to https://www.sec.gov, the Act mandates a number of reforms to enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud, and created the “Public Company Accounting Oversight Board,” also known as the PCAOB, to oversee the activities of the auditing profession.

Health Insurance Portability and Accountability Act (HIPAA): According to https://www.hhs.gov, HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs and establishes the national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers.

Payment Card Industry Data Security Standards (PCI DSS): According to https://www.pcisecuritystandards.org, the Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data.

56
Q

Which of the following act contains “electronic transactions and code set standards” to transfer information between two parties for specific purposes?

A. GLBA
B. SOX
C. HIPAA
D. PCI–DSS

A

Answer: C. HIPAA.

Payment Card Industry Data Security Standard (PCI–DSS): The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. This standard offers robust and comprehensive standards and supporting materials to enhance payment card data security.

Health Insurance Portability and Accountability Act (HIPAA): Electronic Transactions and Code Set Standards: Transactions are electronic exchanges involving the transfer of information between two parties for specific purposes. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) designated certain types of organizations as covered entities, including health plans, health care clearinghouses, and certain health care providers. In the HIPAA regulations, the Secretary of Health and Human Services (HHS) adopted certain standard transactions for the Electronic Data Interchange (EDI) of health care data. These transactions are claims and encounter information, payment and remittance advice, claim status, eligibility, enrollment and disenrollment, referrals and authorizations, coordination of benefits, and premium payment.

Sarbanes Oxley Act (SOX): According to https://www.sec.gov, the Act mandates a number of reforms to enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud, and created the “Public Company Accounting Oversight Board,” also known as the PCAOB, to oversee the activities of the auditing profession.

Gramm-Leach-Bliley Act (GLBA): The Gramm-Leach-Bliley Act (GLB Act or GLBA) is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information. The Act requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to explain their information sharing practices to their customers and to safeguard sensitive data. The objective of the GLBA is to ease the transfer of financial information between institutions and banks, while making the rights of the individual through security requirements more specific.

57
Q

Which of the following acts was enacted to produce several key security standards and guidelines required by Congressional legislation and provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets?

A. GLBA
B. FISMA
C. HIPAA
D. PCI–DSS

A

Answer: B. FISMA.

Health Insurance Portability and Accountability Act (HIPAA): The HIPAA Privacy Rule provides federal protections for the individually identifiable health information held by covered entities and their business associates and gives patients an array of rights to that information. At the same time, the Privacy Rule permits the disclosure of health information needed for patient care and other necessary purposes.

Federal Information Security Management Act (FISMA): The Federal Information Security Management Act of 2002 was enacted to produce several key security standards and guidelines required by Congressional legislation. The FISMA provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets.

Gramm-Leach-Bliley Act (GLBA): The Gramm-Leach-Bliley Act (GLB Act or GLBA) is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information.

Payment Card Industry Data Security Standard (PCI DSS): The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.

58
Q

Identify the SOX title that consists of four sections and defines practices to restore investor confidence in securities analysts.

A. Auditor independence
B. Corporate responsibility
C. Studies and reports
D. Commission resources and authority

A

Answer: D. Commission resources and authority

Explanation:
Commission Resources and Authority: Title VI of the Sarbanes-Oxley Act consists of four sections that define practices to restore investor confidence in securities analysts. It also defines the authority of the Securities and Exchange Commission (SEC) to censure or bar securities professionals from practice and specifies the conditions to bar a person from practicing as a broker, advisor, or dealer.

Corporate Responsibility: Title III of the Act consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports. It defines the interaction between external auditors and corporate audit committees and specifies the responsibility of corporate officers for the accuracy and validity of corporate financial reports. It also enumerates specific limits on the behaviors of corporate officers and describes specific forfeitures of benefits and civil penalties for non-compliance.

Auditor Independence: Title II of the Act consists of nine sections and establishes standards for external auditor independence to limit conflicts of interest. It also addresses new auditor approval requirements, audit partner rotation, and auditor reporting requirements. Additionally, it restricts auditing companies from providing non-audit services (such as consulting) for the same clients they audit.

Studies and Reports: Title VII of the Act consists of five sections and requires the Comptroller General and the SEC to perform various studies and report their findings. The required studies and reports include the effects of the consolidation of public accounting firms, the role of credit rating agencies in the operation of securities markets, securities violations, enforcement actions, and whether investment banks assisted Enron, Global Crossing, and others to manipulate earnings and obfuscate true financial conditions.