Sec +

Question 1

A new E- commerce company is interested in being PCI DSS compliant. What are the three most common rules?

Answer 1

Testing security systems and processes regularly
All user accounts must be unique
Never store CVV

Question 2

What is ISO 27001

Answer 2

Information Security Management Systems

Question 3

What is ISO 27701

Answer 3

Privacy Information Management

Question 4

What is ISO 27002

Answer 4

Information Security Best Practices

Question 5

What is ISO 31000

Answer 5

Risk Management Best Practices

Question 6

An Employee installed a new service on the domain controller without consent or approval from the IT department and change managment. What is this type of threat?

Answer 6

Shawdow IT: refers to information technology syustems deployed by departments othert than the central IT department

Question 7

What kind of threat compromises a system and maintains a long term remore access without being detected

Answer 7

APT Advanced Persistent Threat

Question 8

MITRE ATT&CK

Answer 8

globally accessible knowledge base of adversary tatics and techniques based on real-word observations

Question 9

which should a security manager review that would allow them to remain proactive in understanding the types of threats their company faces

Answer 9

ISAC Industry specific groups on sharing threat information

Question 10

What does Netstat do?

Answer 10

shows all active connections and open/listening ports
can show what is currently running prcoiesses/services opened those connections/ports (-o)

Question 11

Attacker uses one comprosed network device to access another network device

Answer 11

pivoting

Question 12

attacker gains permissions/access to files, folders or systems they shouldnt have access to

Answer 12

Privaliage escaltion

Question 13

walking around a building to discover where security devices are or scanning a network to deteremine what computers/devices are on it

Answer 13

footprinting

Question 14

hides malware on the device in such a way that it wil remain after a restart or after basic attempts are made to remove it

Answer 14

Persistence

Question 15

What type of scan can access the device and see how it is configured. Giving a detailed and accurate scan, with minimal risk

Answer 15

Credentialed

Question 16

List of known vulerabilities and attributes, including affected platforms

Answer 16

CVE Common Vulnerability Enumerations

Question 17

assigns severity scores to vulerabilities which allows prioritization of response and manage resouces

Answer 17

CVSS Common Vulnerability Scoring System

Question 18

Packet scans =

Answer 18

Wireshark

Question 19

Red Team

Answer 19

Attackers

Question 20

Blue Team

Answer 20

defenders

Question 21

White team

Answer 21

monitors and rule makers

Question 22

Purple team

Answer 22

but attack and defend collaboration

Question 23

Service/SW that gathers network and application logs in real-time and analyzes them

Answer 23

SIEM Security Information and Event Management

Question 24

autoamtes and improves response time when a SIEM detects a threat/anomaly on the network

Answer 24

SOAR Security Orchestration Automation and response (Next gen SIEM)

Question 25

native SW
Basic vuilnerability scanning
maps network

Answer 25

NMAP (Network mapper) scans network and determines what services are running on any host that is detected and can do basic vulnerability scans

Question 26

DNSEnum

Answer 26

Command-line tool that automatically identies basic DNS records

Question 27

20/21

Answer 27

FTP TCP

Question 28

22

Answer 28

SSH TCP: Encrypted CLI to remote devices (SCP and SFTP use this)

Question 29

23

Answer 29

TelNet TCP:Plaintext CLI to remore deviceds (not secure)

Question 30

25

Answer 30

SMTP TCP: Outgoing email (plaintext)

Question 31

49

Answer 31

TACACS TCP or UDP: AAA system for network access control

Question 32

53

Answer 32

DNS TCP : Queries
DNS UDP: Zone Transfers

Question 33

69

Answer 33

TFTP TCP: web traffic, plaintext, no encryption

Question 34

80

Answer 34

HTTP TCP: Web traffic, plaintext, no encryption

Question 35

88

Answer 35

Kerberos TCP/UDP: Network authentication

Question 36

110

Answer 36

POP3 TCP: Incoming email, plaintext, no encryption

Question 37

123

Answer 37

NTP UDP: Netowrk time protocol

Question 38

137-137.445

Answer 38

SMB Either: Server Message block, NetBIOS

Question 39

143

Answer 39

IMAP TCP: Incoming email, plaintext, no encryption

Question 40

161-162

Answer 40

SNMP UDP: Simple Network management protocol

Question 41

389

Answer 41

LDAP Either: Directory Access, no encryption

Question 42

443

Answer 42

HTTPS TCP: Web traffic, encrypted with SSL/TLS

Question 43

587

Answer 43

SMTPS TCP: Outgoing email, encrypted with SSL/TLS

Question 44

636

Answer 44

LDAPS TCP: Directory access, encrypted with SSL/TLS

Question 45

993

Answer 45

IMAPS TCP: incoming email, encrypted with SSL/TLS

Question 46

995

Answer 46

POP3S TCP: Incoming email, encrypted with SSL/TLS

Question 47

1812

Answer 47

RADIUS UDP: AAA, Authentication and Authorization

Question 48

1813

Answer 48

AAA, Accounting

Question 49

3389

Answer 49

RDP TCP: Remote Desktop Protocol, encrypted