MSBs

Question 1

What is the key input to the secure stage of a secure mission?

Answer 1

Risk Mitigation Plan

Question 2

This provides the final report to capture all of the lessons learned from the survey and secure stages of a secure mission.

Answer 2

Summary Reporting

Question 3

Serves to complete COA selection and deploy approved risk mitigation’s as outlined in the RMP.

Answer 3

COA Implementation

Question 4

Provides the final evaluation of deployed risk mitigation’s

Answer 4

Risk mitigation validation

Question 5

Focused on conducting the training necessary to educate Local Cyber Defenders on the technical and procedural mitigation’s employed.

Answer 5

Education and Training

Question 6

What are the 4 supporting objectives executed during a secure mission?

Answer 6

Education and Training
Course of action implementation
Risk mitigation validation
Summary reporting

Question 7

What are the key outputs of the Secure Mission?

Answer 7

Mission Defense Plan

Summary Report

Question 8

This outlines the residual risks after implementation.

Answer 8

Mission Defense Plan

Question 9

This is the final product of the secure stage which captures all of the lessons learned.

Answer 9

Summary Report

Question 10

Any piece of information that objectively describes an intrusion.

Answer 10

Indicator of Compromise

Question 11

Three types of Indicators of Compromise

Answer 11

Atomic, Computed, Behavioral

Question 12

Ip, addresses and email addresses

Answer 12

Atomic IOC

Question 13

A method an adversary uses to get to a target.

Answer 13

Threat Vector

Question 14

3 phases of a network attack.

Answer 14

Access, persistence, control

Question 15

Utilizing any number of tricks to hide nefarious means.

Answer 15

Malicious software.

Question 16

One day exploits or improperly configured server software.

Answer 16

Unpatched software.

Question 17

Adversary gains legitimate credentials of an account users access to a system.

Answer 17

Stolen Credentials

Question 18

Psychological manipulation of people into performing actions of divulging confidential information.

Answer 18

Social engineering

Question 19

Fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in an electronic communication (email)

Answer 19

Phishing

Question 20

Adversary exploits a website known to be visited by its target

Answer 20

Watering hole

Question 21

Two different entities that trust each other

Answer 21

Trust relationship

Question 22

Attacker uploads nefarious code.

Answer 22

SQL injection

Question 23

Scripts executed within the users browser under the security context of the site they are visiting

Answer 23

Cross-Site Scripting (XSS)

Question 24

What are the four vertices of the diamond mode of intrusion analysis?

Answer 24

Adversary, victim, capability, infrastructure

Question 25

Enables analysis to detect and mitigate intrusions.

Answer 25

Cyber kill chain

Question 26

What are the seven phases of the cyber kill chain?

Answer 26

Reconnaissance 
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives

Question 27

Captures network traffic from a mission partner, generate logs and stores Pcap data

Answer 27

DIP Sensor

Question 28

Passive open source traffic analyzer that performs live analysis of network events and creates log files . Conn, HTTP,DNS,FTP, Weird

Answer 28

Bro(Zeek)

Question 29

A real time network intrusion detection system (NIDS)

Parses network traffic against a set of user-defined signatures

Answer 29

Suricata

Question 30

An application that monitors and captures network traffic on an interface
Uses internal elastic search for indexing separate from the ELK stack on the collector

Answer 30

Atkins (Moloch) Capture

Question 31

This tool parses and normalizes data

Answer 31

Logstash

Question 32

Indexes logs , also known as heart of ELK Stack

Answer 32

Elastic search

Question 33

Visualization plugin for elastic search and dashboard tool, performs queries on indexed data

Answer 33

Kibana

Question 34

Monitor and detect suspicious activities on hosts
Agent based
Aggregate event data

Answer 34

Endgame

Question 35

Tool to view/search pcap data

Answer 35

Arkime (Moloch) viewer

Question 36

Open source firewall /router
Used for IPSec tunneling
Segregates the dip systems from mission partner network

Answer 36

pfsense

Question 37

Separate infrastructure from the mission partner network

Allows management through uncontested network

Answer 37

Out of Band

Question 38

Relays management across a possible contested network

Answer 38

In-band

Question 39

A text document that contains all the commands required to build an image

Answer 39

Dockerfile

Question 40

A read-only template with instructions for creating a docket container

Answer 40

Image

Question 41

A running instance of an image

Answer 41

Container

Question 42

A mapping of container data to docker file system data

Answer 42

Volume

Question 43

Containers can talk to each other, but they are isolated from the host

Answer 43

Bridge

Question 44

Containers are not isolated and may use the hosts network directly

Answer 44

Host

Question 45

Files are lost when the container turns on

Answer 45

Docker non persistence

Question 46

Store the data where docker chooses

Answer 46

Volume

Question 47

Stores the data in a specific spot

Answer 47

Bind-mount

Question 48

Tool for managing multiple containers from one configuration file

Answer 48

Docker compose