Phase 4

Question 1

What are the default windows event logs?

Answer 1

System, security, application

Question 2

Which default windows tool is used to view windows logs?

Answer 2

Event viewer

Question 3

What is the default location for log files in Linux?

Answer 3

/var/log

Question 4

In addition to event files (*evtx), in which formats can you save windows logs?

Answer 4

Xml(.xml), text(.txt), comma separated value (*.csv)

Question 5

Which two products were combined to create a SIEM?

Answer 5

Security event manager, security information manager

Question 6

What is the default port for communications with elasticsearch?

Answer 6

9200

Question 7

What is the default port for communications with kibana?

Answer 7

5601

Question 8

Which operational level do cyber professionals generally think at from three discussed in this lecture (introduction to strategy?

Answer 8

Tactical

Question 9

Which component of the log stash pipeline is closest to the raw data?

Input
Filters
Elastic search
Output

Answer 9

Input

Question 10

What level requires communication of a plan and organizational buy-in of the strategy?

Answer 10

Strategic

Question 11

What is the default port utilized by log stash to communicate with elastic search ?

Answer 11

9200

Question 12

At which level is the vision of the organization laid out?

Answer 12

Strategic

Question 13

After installing filebeats on a server to pull the syslog files, what port needs to be configured for communications on the log stash server, by default?

Answer 13

5443

Question 14

Strategy is: (5 things)

Answer 14

Built with consideration of the threat
Planned
Built upon experience
Holistic
The efficient use of resources

Question 15

What does the filter component accomplish in the log stash pipeline?

Answer 15

Allows customization of the search criteria used by kibana when pulling data from elastic search

Question 16

Does the national security strategy discuss tactics? ( true or false)

Answer 16

False

Question 17

all elastic stack components must be installed on the same server, true or false?

Answer 17

False

Question 18

Strategic leaders must balance and prioritize risk? True or false

Answer 18

True

Question 19

Which elastic stack component creates data visualizations?

Answer 19

Kibana

Question 20

What are the “must haves” for organizational strategy? 4 things

Answer 20

Vision
Practice
Include all sectors
Consider all levels

Question 21

Using the layered security model which tool is used at every layer?

Answer 21

SIEM

Question 22

Strategy is not : (3 choices)

Answer 22

Leadership
Benchmarking
Best practices

Question 23

How many pillars does the us 2017 national security strategy have?

Answer 23

4

Question 24

Who would find the national security strategy document useful?

Answer 24

Everyone

Question 25

Leaders of strategic planning map out objectives for 1-2 years and are classified as which level?

Answer 25

Operational

Question 26

Under the products of a strategic leader, match the first steps to what they include: 4 steps

Answer 26

1. Name the organization
2. Number of people and subunits
3. Major resources and capabilities
4. Identify significant facilities

Question 27

What can a well-communicated vision for an organization do? 4 things

Answer 27

Stretch aspirations
Unite the teams in a common effort(vision)
Establish and inspire performance
Set expectations

Question 28

What question does the mission answer?

Answer 28

Why do we exist?

Question 29

Name the seven factors for environmental analysis

Answer 29

International
Political
Economic/budget
Social
Technology
Demographic
Legal/regulatory

Question 30

Select the three devices level security tool examples using a bottom-up approach
Input validation
Identity access management
Intrusion prevention systems
Data loss prevention
2FA
firewalls

Answer 30

Intrusion prevention systems
2FA
firewalls

Question 31

Using the define the problem stage of operational design, who needs to contribute to the problem definition?

Answer 31

Everyone

Question 32

Operational environment can include: 3 things

Answer 32

Conditions
Influences
Circumstances

Question 33

During the first linked YouTube video, in the slides, on modern information warfare, what classi😾fication

Answer 33

State-sponsored against a private company

Question 34

Referencing the YouTube video, what device is used as a way to pay for everything in China?

Answer 34

Huawei phone

Question 35

During the second linked YouTube video on modern information warfare, how long has information warfare been used?

Answer 35

Since biblical times

Question 36

Select the variables that drive changes in the operational environment continuous assessment :

The refinement or a change in goals
Changes in the environment
The addition of new actors
Strategic context and systematic nature of the problem
Changes in resources, methods, or processes
Strategic trends
Strategic guidance

Answer 36

The refinement or a change in goals
Changes in the environment
The addition of new actors
Changes in resources, methods, or processes

Question 37

Name the two vital components that make up the most important steps in operational design

Answer 37

Describe the operational environment
Define the problem to be solved

Question 38

What is the 4th step of the basic operational approach?

Answer 38

Identify the operational limitations

Question 39

When building a business strategy, what questions are used to define (ENDS)?

Answer 39

What is the end state that must be achieved, how is it related to the strategic end state, and what objectives must be achieved to enable that end state?

Question 40

True or false
Operational design as a business strategy impairs dialog between leaders and staff

Answer 40

False

Question 41

True or false
A better understanding of the problem and its root causes is a direct potential value-added for business strategy using operational design

Answer 41

True

Question 42

Complex adaptive systems are unpredictable. True or false

Answer 42

True

Question 43

Name a model that uses a manned simulation

Answer 43

War games

Question 44

When developing an operational approach, what questions must the mission answer?

Answer 44

Who, what, when, where, and why

Question 45

What is the aim of framing the operational environment?

Answer 45

The aim is to understand existing conditions in order to drive the set of conditions we wish to see at the end of operations

Question 46

Define the term system used in operational design

Answer 46

A functionally physically and/or behaviorally related group Of regularly interacting or independent elements; that group of elements forming a unified whole

Question 47

What are the 2 framing stages of operational design methodology

Answer 47

Frame operational environment
Frame the problem

Question 48

What is the primary product of operational design when applied to the cybersecurity elements of a business?

Answer 48

Intelligence

Question 49

Using the OODA loop, what does the D stand for?

Answer 49

decide

Question 50

In a production environment, why is it important To know which version of splunk is installed?

Answer 50

Testing and compatibility with all components

Question 51

What is the default location for the splunk installation?

Answer 51

/opt/splunk

Question 52

During the Orient stage of the OODA loop, what is the spotlight put on for the blue force

Answer 52

Prioritized information needs of the decision maker

Question 53

Where is the splunk application (binary) located?

Answer 53

/opt/splunk/bin

Question 54

What is the default port to access the splunk web interface?

Answer 54

8000

Question 55

During the ACT stage of the OODA loop, what determines the results of the actions taken

Answer 55

Metrics and feedback

Question 56

What should the SPLUNK_HOME environment variable contain?

Answer 56

/opt/splunk

Question 57

Which stage would the red team observe from the blue team to drive movement

Act
Decide
Orient
Observe

Answer 57

Act
Decide

Question 58

Which criteria are used to measure the effectiveness of intelligence:

Answer 58

Usability
Timeliness
Accuracy

Question 59

Who created the 5 rings

Answer 59

Colonel John Warden

Question 60

Which ring of the 5 rings houses the electrical grid?

Answer 60

Infrastructure

Question 61

When intelligence is provided early, what does this prevent from occurring?

Answer 61

Threat actions

Question 62

What is the business equivalent of the population in warden’s 5 rings

Petroleum
Employees
Users
Staff

Answer 62

Employees
Users
Staff

Question 63

When must intelligence flow to the decision-maker in an operation?

Answer 63

During
Before
After

Question 64

Judging intelligence as successful requires which criteria?

Answer 64

Accuracy
Utilization
Timeliness
Actionability
Relevance

Question 65

Sun tzu said to match your strengths against their strengths, true or false?

Answer 65

False

Question 66

Who defines the level of precision required?

Answer 66

Customer

Question 67

Who can limit the level of precision possible?

Answer 67

Collector

Question 68

Parallel attacks are sequential attacks, true or false?

Answer 68

False

Question 69

The final criterion requiring the intelligence to be shared and disseminated in the format requested by the decision makers is called

Answer 69

Tailored

Question 70

What are the intangible elements of the domains of conflict in the information environment?

Answer 70

Information and cognitive

Question 71

According to the strategist, sun tzu, who do we need to know for our victory to not be endangered?

Answer 71

Know the enemy and know yourself

Question 72

Where in the sun tzu quote does the mission drive direction of effort and the allocation of resources?

Answer 72

Know yourself

Question 73

Of the motivations for intelligence, which of the following questions is NOT To be considered:
What authority do you have to collect the data and information?
How much time does it take to conduct the intelligence?
How is that data gathered?
What is done to and with the data?

Answer 73

How much time does it take to conduct the intelligence?

Question 74

What are the three components of understanding the role of threat intelligence?

Answer 74

Operating environment
Threats
Mission

Question 75

In the planning and direction stage, information consumers should NOT :

Answer 75

Dictate particular source or collection method

Question 76

In understanding the role of threat intelligence, the mission defined what exactly?

Answer 76

The equipment
The things you do
The personnel

Question 77

Which is not a transform in maltego?
Network CIDR
Email addresses from domain
Person from domain
Explore historical snapshots

Answer 77

Network CIDR

Question 78

When understanding the enemy’s role in threat intelligence, what type of field do these threats operate within?

Answer 78

Rapidly-changing

Question 79

True or false
Results from the transform are added as parent entities to the domain entity in maltego

Answer 79

False

Question 80

What term describes the space you operate in threat intelligence

Answer 80

Operating environment

Question 81

Which area of the mission/threat/operating environment do threat actors act within the role of threat intelligence?

Answer 81

The area of intersection between threat and operating environment

Question 82

The IP address in maltegobcan be found by running the “To IP Address [DNS]” transform from which of the following:
Email addresses
Domain entities
DNS entities
Phone numbers

Answer 82

DNS entities

Question 83

Why is the intersection of all three areas, mission/threat/operating environment, our point of greatest concern?

Answer 83

These are the threats relevant to the mission and that are active in the operating areas.

Question 84

What does strategy provide that enables the cyber security engineering topics to be cohesive?

Answer 84

The why
Framework
Purpose

Question 85

When defining a threat, what is the additional component that makes a threat more dangerous to the organization?

Answer 85

Knowledge

Question 86

Understanding the operating environment is one purpose of intelligence. True or false?

Answer 86

True

Question 87

Reducing risk is not the purpose of intelligence. True or false

Answer 87

False

Question 88

What does intelligence at the strategic level require more than tactical?

Answer 88

More analysis

Question 89

In the intelligence process cycle, how do all phases function after the cycle has begun?

Answer 89

Continuously

Question 90

In a healthy intelligence cycle, what occurs between every phase of the cycle?

Answer 90

Evaluation and feedback

Question 91

True or false
Karl Popper states: scientists must be willing to stand firm in their beliefs if the evidence shows otherwise.

Answer 91

False

Question 92

A conjectured relationship between two phenomena can be:
Causal
Non causal

Answer 92

Causal : a directly causes b
Non causal: a and b are caused by c ; hence a and b are correlated

Question 93

What are the steps in order to construct a theory: 4 steps

Answer 93

Induce
Deduce
Test
Revise

Question 94

What are the 3 curves used in models

Answer 94

Bell
S
Exponential

Question 95

What are the 3 curves used in models

Answer 95

Bell
S
Exponential

Question 96

What is a model

Answer 96

A replica or representation of an object idea or actual system

Question 97

What is data decomposition

Answer 97

Breaking down the problem or issue into its component parts so that each part can be considered separately

Question 98

What criteria for data evaluation are used to answer the question: what is the reason the data was made available?

Answer 98

Objectivity

Question 99

Name the 4 core features in the diamond model overview

Answer 99

Adversary
Victim
Infrastructure
Capabilities

Question 100

When using analytical thinking, what qualitative analysis would be used for unknown data?

Answer 100

Challenges and redrawing techniques
Structured analysis
Imagination techniques
Diagnostic techniques

Question 101

When using analytical thinking, what type of quantitative analysis tools can we employ when we have known data?

Answer 101

Empirical analysis
Visualization techniques
Data-based computer tools

Question 102

Match
Based on understanding of cases or objects by a researcher (qualitative/quantitative)
Based on statistical comparisons of the cases being studied (qualitative/quantitative)
Answers the questions, why, how or what happened (qualitative/quantitative)
Answers the questions how many, how much and how often (qualitative/quantitative)

Answer 102

Qualitative
Quantitative
Qualitative
Quantitative

Question 103

Analysis should be scientific and based on

Answer 103

Evidence

Question 104

True or false
Intuition is also very prone to be anti-biased

Answer 104

False