To Learn

Question 1

Regex

\b

Answer 1

Metacharacter matches at the beginning or end of a word

\bLO - matches LO at the beginning of a word

LO\b - matches LO at the end of a word

Question 2

Regex

( )

Answer 2

Defines and captures groups of characters.

^(IMG\d+.png)$

Question 3

Regex
[ ]

Answer 3

Matches a single instance of the specific characters.

[abc]
[A-F]
[0-5]

Question 4

Regex
?

Answer 4

Adds optionality to a character. It does not have to be present to match.
ab?c will match with abc or ac

Question 5

Regex
.

Answer 5

Escaped the period character to match the period.

The period charcter without the backslash is a wildcard for any character.

Question 6

Tombstone

Answer 6

The original file is quarantined and replaced with one describing the policy violation and how the user can release it again

Question 7

DLP Remediation Actions

Answer 7

Alert only
Block
Quarantine
Tombstone

Question 8

Heuristic Analysis

Answer 8

A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.

Question 9

Behavioral Analysis

Answer 9

A heuristic model of “typical” behavior is created. An alert is created for any behavior that is outside of the baseline.

Question 10

Anomaly Analysis

Answer 10

A network monitoring system that uses a baseline of acceptable outcomes or event patterns to identify events that fall outside the acceptable range.

Question 11

Trend Analysis

Answer 11

The proess of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events

Question 12

Data acquisition

Answer 12

The process of obtaining a forensically clean copy of data from a device held as evidence

Question 13

Order of data acquisition

Answer 13

1. CPU registers and cache memory
2. Contents of system memory (RAM)
3. Data on persistent mass storage devices
4. Remote logging and monitoring data
5. Physical configuration and network topology
6. Archival media

Question 14

Password spraying

Answer 14

A brute force attack in which multiple user accounts are tested with a dictionary of common passwords

Question 15

Credential stuffing

Answer 15

A brute force attack in which stolen user account names and passwords are tested against multiple websites

Question 16

Brute force attack

Answer 16

A hacking method that uses trial and error to crack passwords, login credentials, and encryption keys

Question 17

Hybrid attack

Answer 17

A type of attack where the perpetrator blends two or more kinds of tools to carry out the assault

Question 18

Rainbow attack

Answer 18

An attack that attempts to crack hashed passwords by comparing them against precomuted hashed plaintexts

Question 19

Dictionary attack

Answer 19

An attack that uses a dictionary file of possible passwords to crack accounts

Question 20

Risk prioritization

Answer 20

• Risk mitigation
• Risk avoidance
• Risk transference
• Risk acceptance

Question 21

Risk mitigation

Answer 21

The process of reducing exposure to, or the effects of, risk factors

Question 22

Risk avoidance

Answer 22

The practice of ceasing activity that presents risk

Question 23

Risk transference

Answer 23

The response of moving or sharing the responsibilit of risk to another entity (e.g., a vendor)

Question 24

Risk acceptance

Answer 24

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed

Question 25

Incident Response life cycle

Answer 25

1. Preparation
2. Detection and Analysis
3. Containment
4. Eradication and Recovery
5. Post-incident Activity

Question 26

Preparation

Incident Response Lifecycle

Answer 26

Preparing the network and machines to be resistant to attack
* Hardening systems
* Writing policies and procedures
* Setting up cponfidential lines of communication
* Creating response resources and procedures

Question 27

Detection and Analyis

Incident Response Lifecycle

Answer 27

Determine whether an incident has taken place andassessing how severe it might be (triage)

Also includes notifying stakeholders of the incident

Question 28

Containment

Incident Response Lifecycle

Answer 28

Limit the scope and magnitude of the incident.

Secure data while limiting the immediate impat on customers and business partners.

Question 29

Eradication and Recovery

Incident Response Lifecycle

Answer 29

Remove the cause of the incident and bring the system back to a secure state

Question 30

Post-incident activity

Incident Response Lifecycle

Answer 30

Analyze the incident and responses to identify whether procedures or systems could be improved

AKA lessons learned

Question 31

TPM

Answer 31

Trusted Platform Module

A specification for hardware-based storage of digital certificates, cryptographic keys, hashed passwords, and other user and platform ientification information.

Implemented as part of the chipset or a function of the CPU

Hard coded with a unique, unchangeable asymmetric private key called the enforsement key.

Question 32

HSM

Answer 32

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage

Question 33

eFUSE

Answer 33

An Intel-designed mechanism to allow a software instruction to blow a transistor in the hardware chip.

Prevents firmware downgrades

Question 34

SED

Answer 34

Self-encrypting drive

Question 35

Attack surface

Answer 35

All the points at which an adversary could interact with the system and potentially compromise it

Question 36

Attack vector

Answer 36

A specific means of exploiting some point on the attack surface

Question 37

Threat modeling

Answer 37

The process of identifying and assessing the possible threat actors and attack vectors that pose a risk to the security of an app, network, or other system

Question 38

Adversarial capabilities

Answer 38

A formal classification of the resources and expertise available to a threat actor

Question 39

Fuzzing

Answer 39

A technique designed to test software for bugs and vulnerabilities. It involved