Module 2: Threat Management & Cybersecurity Resources Q Flashcards
What is the primary goal of penetration testing?
Attempt to uncover deep vulnerabilities and then manually exploit them
The primary goal of penetration testing is to uncover deep vulnerabilities and then manually exploit them
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them
This is the correct difference between vulnerability scanning and penetration testing
Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats?
Purple team
The purple team provides real-time feedback between the red and blue teams to enhance the testing
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network?
Footprinting
Footprinting is the process of collecting as much information about the target system as possible to find ways to penetrate the system. Information such as IP address, whois records, DNS information, operating system, employee email id, phone numbers, etc., comes under this
Which of the following tools can be used to scan 16 IP addresses for vulnerabilities?
Nessus Essentials
Nessus has a free version called Nessus Essentials that scans 16 IP addresses
Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?
Gray box
Gray box testers have limited knowledge of the network and some elevated privileges
Which of the following is the most efficient means of discovering wireless signals?
War flying
War flying is the most efficient means of discovering a Wi-Fi signal. War flying uses drones, which are officially known as unmanned aerial vehicles. Because they can quickly cover a wider area, are not limited to streets and sidewalks, and can easily fly over security perimeters such as fences, drones are the preferred means of finding Wi-Fi signals
Which of the following techniques is a method of passive reconnaissance?
Open Source Intelligence (OSINT)
OSINT is used to search online for publicly accessible information. It is a method of passive reconnaissance
What is the primary difference between credentialed and non-credentialed scans?
Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials
Credentialed scans are the process where valid authentication credentials are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials. A non-credentialed scan provides no such authentication information
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?
Look at the priority and the accuracy of the vulnerability
Looking at the priority and the accuracy of the vulnerability is the most appropriate approach for Alice
Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?
A vulnerability scan is usually automated
A vulnerability scan is automated, while a penetration test is performed manually
A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take?
Scan the most important devices for as long as it takes for each device
When there is limited time to scan a network and provide efficient and effective results, it’s best to scan the most important devices, like internet-facing web, app, and DB servers, for as long as it takes for each device
A vulnerability assessment engineer performed vulnerability scanning on active directory servers and discovered that the active directory server is using a lower version of Kerberos. To alert management to the risk behind using a lower version of Kerberos, he needs to explain what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can the attacker perform after exploiting vulnerabilities in Kerberos?
Use privilege escalation
After compromising a low-level user account, privilege escalation is the only possible way to gain access to a highly privileged user, such as a domain admin or enterprise admin, so that the red teamer can do more damage to the network
Which of the following is NOT an automated vulnerability scanning tool?
ELK Stack
ELK Stack is a data monitoring tool used as an SIEM and threat hunting solution
What are the primary features of a security information event management (SIEM) tool?
Aggregation, correlation, event deduplication, time synchronization, and alerting
Aggregation, correlation, event deduplication, time synchronization, and alerting are the important features of a SIEM tool
What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation?
Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data
Sentiment analysis is the interpretation and classification of emotions (positive, negative, and neutral) within text data using text analysis techniques. Sentiment analysis has been used when tracking threat actor posts in discussion forums with other attackers to better determine threat actors’ behaviors and mindsets. SIEM tool is used to perform this analysis
Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected?
Threat hunting
Threat hunting is proactively searching for cyber threats that have thus far gone undetected in a network. Threat hunting begins with a critical, central premise: threat actors have already infiltrated our network
Which of the following technologies can be used together for data management in security infrastructure and collecting and analyzing data?
SIEM and SOAR
SIEM and SOAR together can be used for data management in security infrastructure and collecting and analyzing data
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS
PCIDSS was introduced to provide a minimum degree of security to organizations that handle customer information such as debit cards and credit card details daily
Which of the following offensive tools can be used by penetration testers post-exploitation or successful compromise of a user account in a network that dumps passwords from memory and hashes, PINs, and Kerberos tickets, and thus are used for privilege escalation attacks?
Mimikatz and hashcat
Mimikatz and hashcat dump passwords from memory, as well as hashes, PINs, and Kerberos tickets, and thus are used for privilege escalation attacks
Which of the following is the advantage of penetration testing over vulnerability scanning?
Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities
Penetration testing attempts to uncover deep vulnerabilities and exploit them manually with the mindset of a threat actor, while vulnerability scanning is able to discover surface vulnerabilities
Which of the following is a primary difference between a red team and a white team?
The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing
Red teams perform vulnerability scanning, and white teams set the rules for penetration testing
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team’s attacks and shore up security defenses as necessary?
Blue team
The blue team monitors for red team attacks and shores up defenses as necessary
Robert is a black box penetration tester who conducted pen testing attacks on all of the network’s application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next?
Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next
Mimikatz is used for credential harvesting, which will dump all the credentials stored in the OS’s memory. If an account with higher privilege, such as a domain admin or an enterprise admin, is discovered, then privilege escalation is performed to gain access to the account with elevated privileges
How can a configuration review reduce the impact of a vulnerability scan on the network’s overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels
A configuration review can reduce the impact of a vulnerability scan on the network’s overall performance in part because it defines a targeted group of devices to scan, ensures the scan is designed to meet its intended goals, determines the sensitivity level of the scan, and specifies the types of data that will be scanned
Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges?
Black box
The black box testers have no knowledge of the network and no special privileges
Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase?
Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations are the low hanging fruits (vulnerabilities, in context) that Keily should chase first
What is the fastest-running vulnerability scan, and why does this type of scan run so fast?
Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests
Non-credentialed scans run faster because they perform fundamental actions such as looking for open ports and finding software that will respond to requests
Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity?
Risk management framework (RMF)
NIST’s risk management framework (RMF) is considered a guidance document designed to help organizations assess and manage risks to their information and systems. It is viewed as a comprehensive roadmap for organizations to seamlessly integrate their cybersecurity, privacy, and supply chain risk management processes
Which of the following is considered an industry-specific cybersecurity regulation?
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains regulations protecting the privacy and security of certain personal health information (PHI)
