Network Security Assessment

Question 1

Describe the Steps of Threat Hunting:
1) Hypothesis
2) Collect and process
3) Trigger
4) Investigation
5) Response

Answer 1

1) Make assumptions using TTPs.
2) Collect and analyze data using threat intelligence.
3) Threat-detection tolls trigger anomaly.
4) Investigate and eliminate identified threats.
5) Generate a report for future detection.

Question 2

What is Cyber Threat Intelligence (CTI)?

Answer 2

The collection and analysis of information about threats and adversaries for the preparedness, prevention, and response against cyber-attacks.

Question 3

Describe these types of Threat Intelligence:
1) Strategic
2) Tactical
3) Operational
4) Technical

Answer 3

1) High-level information on changing risks.
2) Information on attacker’s TTPs
3) Information on specific incoming attacks.
4) Information on specific indicators of compromise.

Question 4

Describe these Threat Intelligence Sources:
1) OSINT
2) HUMINT
3) SIGINT
4) TECHINT
5) SOCMINT
6) CCI

Answer 4

1) Informaiton collected from publicly available sources.
2) Information collected from interpersonal contacts.
3) Information collected by intercepting signals.
4) Information collected from adversay’s equipment.
5) Information collected from social media sites.
6) Information collected from established security infrastructure.

Question 5

Describe the following:
1) Surface Web
2) Deep Web
3) Dark Web

Answer 5

1) Web pages and content that are stored on normal browsers.
2) Web pages and content that are hidden and unindexed from traditional browsers and search engines.
3) Subset of deep web where anyone can navigate anonymously without being traced.

Question 6

What is Vulnerability Assessment?

Answer 6

is the in-depth examination of a system or application to withstand exploitation.

Question 7

Describe these types of scanning:
1) Active Scanning
2) Passive Scanning

Answer 7

1) Attacker interacts directly with the target network to find vulnerabilities. Attacks send probes/packets to network.
2) Attack finds vulnerabilties without direct contact with the network. Attacker guesses details by observing TCP connection.

Question 8

Describe these types of Vulnerability Assessments:
1) Active
2) Passive
3) External
4) Internal

Answer 8

1) Uses a network scanner to find hosts, networks, services and vulnerabilities.
2) Sniffs network traffic to discover host, networks, services and vulnerabilities.
3) Assess the network from a hacker’s perspective, from the outside world.
4) Scans the internal infrastructure to discover exploits and vulnerabilties.

Question 9

Describe these types of Vulnerability Assessments:
1) Host-based
2) Network-based
3) Application
4) Database

Answer 9

1) Conducts a configuration-level check to evaluate the possibility of compromise.
2) Determines network security attacks that may occur.
3) Tests the web infrastructure for known vulnerabilities.
4) Focuses on testing databases.

Question 10

Describe these types of Vulnerability Assessments:
1) Wireless Network
2) Credentialed
3) Manual
4) Distrubuted
5) Non-Credentialed
6) Automated

Answer 10

1) Determines vulnerabilities on wireless networks.
2) Assesses the network by obtaining all credentials present in the network.
3) Manually assessing the vulnerabilities, ranking, and score.
4) Assesses the organizations distrubted assets like client-server apps.
5) Assesses the network without any credentials.
6) Automated tools are used to assess vulnerabilities.

Question 11

What are the six steps of the Vulnerability-Management Life Cycle?

Answer 11

1) Identify assets and create a baseline.
2) Vulnerability Scan
3) Risk Assessment
4) Remediate
5) Verification
6) Monitor

Question 12

Describe the following:
1) Security Audit
2) Vulnerability Assessment
3) Penetration Testing

Answer 12

1) Checks whether an organization follows a set of security policies and procedures.
2) Discovers the vulnerabilities in an information system.
3) Methodical approach that covers both Security Audit and Vulnerability Asessment.

Question 13

Describe the following teams:
1) Blue Team
2) Red Team
3) Purple Team
4) White Team

Answer 13

1) Detect and mitigate attackers activities.
2) Detect network and system vulnerabilities from the attacker’s perspective.
3) Comprised of both the blue and red teams.
4) Acts a negotiator between blue and red teams, does not perform any tests, only monitors.

Question 14

Describe the following:
1) Black Box
2) White Box
3) Grey Box

Answer 14

1) The tester has no knowledge if the system.
2) The tester has all knowledge of the system.
3) The tester has partial knowledge of the system.

Question 15

What’s invloved in these phases of Penetration Testing:
1) Pre-Attack
2) Attack
3) Post-Attack

Answer 15

1) Research (Information Gathering)
2) Testing/Exploitation
3) Documentation and Reporting

Question 16

What are these Asset identifcation Methods?
1) Standard Naming Conventions
2) IP Schema

Answer 16

1) Used to identify each asset individually with a unique name.
2) Stores subnet information of an IP address space and the range of IPs within each subnet.

Question 17

Describe these Configuration Management Activities:
1) Management and Planning
2) Identification
3) Control
4) Status Accounting
5) Verification and Auditing

Answer 17

1) Sets direction, expectations and configuration strategies.
2) Describes the settings and baselines.
3) The assessment of change recommendations and tracks aprove/deny status.
4) Records and reports baselines on individuals.
5) Review of software/hardware to assess compliance.

Question 18

What are the five steps of the Change Management Cycle?

Answer 18

1) Request Changes
2) Analyze impact
3) Approve/Deny
4) Implement
5) Document and Monitor