Phase 4 Flashcards
What are the default windows event logs?
System, security, application
Which default windows tool is used to view windows logs?
Event viewer
What is the default location for log files in Linux?
/var/log
In addition to event files (*evtx), in which formats can you save windows logs?
Xml(.xml), text(.txt), comma separated value (*.csv)
Which two products were combined to create a SIEM?
Security event manager, security information manager
What is the default port for communications with elasticsearch?
9200
What is the default port for communications with kibana?
5601
Which operational level do cyber professionals generally think at from three discussed in this lecture (introduction to strategy?
Tactical
Which component of the log stash pipeline is closest to the raw data?
Input
Filters
Elastic search
Output
Input
What level requires communication of a plan and organizational buy-in of the strategy?
Strategic
What is the default port utilized by log stash to communicate with elastic search ?
9200
At which level is the vision of the organization laid out?
Strategic
After installing filebeats on a server to pull the syslog files, what port needs to be configured for communications on the log stash server, by default?
5443
Strategy is: (5 things)
Built with consideration of the threat
Planned
Built upon experience
Holistic
The efficient use of resources
What does the filter component accomplish in the log stash pipeline?
Allows customization of the search criteria used by kibana when pulling data from elastic search
Does the national security strategy discuss tactics? ( true or false)
False
all elastic stack components must be installed on the same server, true or false?
False
Strategic leaders must balance and prioritize risk? True or false
True
Which elastic stack component creates data visualizations?
Kibana
What are the “must haves” for organizational strategy? 4 things
Vision
Practice
Include all sectors
Consider all levels
Using the layered security model which tool is used at every layer?
SIEM
Strategy is not : (3 choices)
Leadership
Benchmarking
Best practices
How many pillars does the us 2017 national security strategy have?
4
Who would find the national security strategy document useful?
Everyone
Leaders of strategic planning map out objectives for 1-2 years and are classified as which level?
Operational
Under the products of a strategic leader, match the first steps to what they include: 4 steps
- Name the organization
- Number of people and subunits
- Major resources and capabilities
- Identify significant facilities
What can a well-communicated vision for an organization do? 4 things
Stretch aspirations
Unite the teams in a common effort(vision)
Establish and inspire performance
Set expectations
What question does the mission answer?
Why do we exist?
Name the seven factors for environmental analysis
International
Political
Economic/budget
Social
Technology
Demographic
Legal/regulatory
Select the three devices level security tool examples using a bottom-up approach
Input validation
Identity access management
Intrusion prevention systems
Data loss prevention
2FA
firewalls
Intrusion prevention systems
2FA
firewalls
Using the define the problem stage of operational design, who needs to contribute to the problem definition?
Everyone
Operational environment can include: 3 things
Conditions
Influences
Circumstances
During the first linked YouTube video, in the slides, on modern information warfare, what classi😾fication
State-sponsored against a private company
Referencing the YouTube video, what device is used as a way to pay for everything in China?
Huawei phone
During the second linked YouTube video on modern information warfare, how long has information warfare been used?
Since biblical times
Select the variables that drive changes in the operational environment continuous assessment :
The refinement or a change in goals
Changes in the environment
The addition of new actors
Strategic context and systematic nature of the problem
Changes in resources, methods, or processes
Strategic trends
Strategic guidance
The refinement or a change in goals
Changes in the environment
The addition of new actors
Changes in resources, methods, or processes
Name the two vital components that make up the most important steps in operational design
Describe the operational environment
Define the problem to be solved
What is the 4th step of the basic operational approach?
Identify the operational limitations
When building a business strategy, what questions are used to define (ENDS)?
What is the end state that must be achieved, how is it related to the strategic end state, and what objectives must be achieved to enable that end state?
True or false
Operational design as a business strategy impairs dialog between leaders and staff
False
True or false
A better understanding of the problem and its root causes is a direct potential value-added for business strategy using operational design
True
Complex adaptive systems are unpredictable. True or false
True
Name a model that uses a manned simulation
War games
When developing an operational approach, what questions must the mission answer?
Who, what, when, where, and why
What is the aim of framing the operational environment?
The aim is to understand existing conditions in order to drive the set of conditions we wish to see at the end of operations
Define the term system used in operational design
A functionally physically and/or behaviorally related group Of regularly interacting or independent elements; that group of elements forming a unified whole
What are the 2 framing stages of operational design methodology
Frame operational environment
Frame the problem
What is the primary product of operational design when applied to the cybersecurity elements of a business?
Intelligence
Using the OODA loop, what does the D stand for?
decide
In a production environment, why is it important To know which version of splunk is installed?
Testing and compatibility with all components
What is the default location for the splunk installation?
/opt/splunk
During the Orient stage of the OODA loop, what is the spotlight put on for the blue force
Prioritized information needs of the decision maker
Where is the splunk application (binary) located?
/opt/splunk/bin
What is the default port to access the splunk web interface?
8000
During the ACT stage of the OODA loop, what determines the results of the actions taken
Metrics and feedback
What should the SPLUNK_HOME environment variable contain?
/opt/splunk
Which stage would the red team observe from the blue team to drive movement
Act
Decide
Orient
Observe
Act
Decide
Which criteria are used to measure the effectiveness of intelligence:
Usability
Timeliness
Accuracy
Who created the 5 rings
Colonel John Warden
Which ring of the 5 rings houses the electrical grid?
Infrastructure
When intelligence is provided early, what does this prevent from occurring?
Threat actions
What is the business equivalent of the population in warden’s 5 rings
Petroleum
Employees
Users
Staff
Employees
Users
Staff
When must intelligence flow to the decision-maker in an operation?
During
Before
After
Judging intelligence as successful requires which criteria?
Accuracy
Utilization
Timeliness
Actionability
Relevance
Sun tzu said to match your strengths against their strengths, true or false?
False
Who defines the level of precision required?
Customer
Who can limit the level of precision possible?
Collector
Parallel attacks are sequential attacks, true or false?
False
The final criterion requiring the intelligence to be shared and disseminated in the format requested by the decision makers is called
Tailored
What are the intangible elements of the domains of conflict in the information environment?
Information and cognitive
According to the strategist, sun tzu, who do we need to know for our victory to not be endangered?
Know the enemy and know yourself
Where in the sun tzu quote does the mission drive direction of effort and the allocation of resources?
Know yourself
Of the motivations for intelligence, which of the following questions is NOT To be considered:
What authority do you have to collect the data and information?
How much time does it take to conduct the intelligence?
How is that data gathered?
What is done to and with the data?
How much time does it take to conduct the intelligence?
What are the three components of understanding the role of threat intelligence?
Operating environment
Threats
Mission
In the planning and direction stage, information consumers should NOT :
Dictate particular source or collection method
In understanding the role of threat intelligence, the mission defined what exactly?
The equipment
The things you do
The personnel
Which is not a transform in maltego?
Network CIDR
Email addresses from domain
Person from domain
Explore historical snapshots
Network CIDR
When understanding the enemy’s role in threat intelligence, what type of field do these threats operate within?
Rapidly-changing
True or false
Results from the transform are added as parent entities to the domain entity in maltego
False
What term describes the space you operate in threat intelligence
Operating environment
Which area of the mission/threat/operating environment do threat actors act within the role of threat intelligence?
The area of intersection between threat and operating environment
The IP address in maltegobcan be found by running the “To IP Address [DNS]” transform from which of the following:
Email addresses
Domain entities
DNS entities
Phone numbers
DNS entities
Why is the intersection of all three areas, mission/threat/operating environment, our point of greatest concern?
These are the threats relevant to the mission and that are active in the operating areas.
What does strategy provide that enables the cyber security engineering topics to be cohesive?
The why
Framework
Purpose
When defining a threat, what is the additional component that makes a threat more dangerous to the organization?
Knowledge
Understanding the operating environment is one purpose of intelligence. True or false?
True
Reducing risk is not the purpose of intelligence. True or false
False
What does intelligence at the strategic level require more than tactical?
More analysis
In the intelligence process cycle, how do all phases function after the cycle has begun?
Continuously
In a healthy intelligence cycle, what occurs between every phase of the cycle?
Evaluation and feedback
True or false
Karl Popper states: scientists must be willing to stand firm in their beliefs if the evidence shows otherwise.
False
A conjectured relationship between two phenomena can be:
Causal
Non causal
Causal : a directly causes b
Non causal: a and b are caused by c ; hence a and b are correlated
What are the steps in order to construct a theory: 4 steps
Induce
Deduce
Test
Revise
What are the 3 curves used in models
Bell
S
Exponential
What are the 3 curves used in models
Bell
S
Exponential
What is a model
A replica or representation of an object idea or actual system
What is data decomposition
Breaking down the problem or issue into its component parts so that each part can be considered separately
What criteria for data evaluation are used to answer the question: what is the reason the data was made available?
Objectivity
Name the 4 core features in the diamond model overview
Adversary
Victim
Infrastructure
Capabilities
When using analytical thinking, what qualitative analysis would be used for unknown data?
Challenges and redrawing techniques
Structured analysis
Imagination techniques
Diagnostic techniques
When using analytical thinking, what type of quantitative analysis tools can we employ when we have known data?
Empirical analysis
Visualization techniques
Data-based computer tools
Match
Based on understanding of cases or objects by a researcher (qualitative/quantitative)
Based on statistical comparisons of the cases being studied (qualitative/quantitative)
Answers the questions, why, how or what happened (qualitative/quantitative)
Answers the questions how many, how much and how often (qualitative/quantitative)
Qualitative
Quantitative
Qualitative
Quantitative
Analysis should be scientific and based on
Evidence
True or false
Intuition is also very prone to be anti-biased
False
