Topics

Question 1

MTBF

Answer 1

Mean time between failures. It is the average time between system breakdowns.

Question 2

MTTR

Answer 2

Mean time to respond. It is the average time it takes to discover a security threat or incident

Question 3

RTO

Answer 3

Recovery time objective. It is the maximum tolerable length of time that a computer, system, network or application can be down after a failure or disaster occurs.

Question 4

RPO

Answer 4

Recovery point objective. It generally refers to calculating how much data loss a company can experience within a period most relevant to its business before significant harm occurs, from the point of a disruptive event to the last data backup.

Question 5

SCAP

Answer 5

Security content automation protocol. A multi-purpose framework of specifications supporting automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement.

Examples: Nessus, OpenSCAP, OpenVAS.

Question 6

CVE

Answer 6

Common vulnerabilities and exposures. The mission of CVE is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Question 7

CVSS

Answer 7

Common vulnerability scoring system. It provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

Question 8

CPE

Question 9

FDCC

Question 10

SAML

Question 11

IdP

Question 12

SP

Question 13

RP

Question 14

OVAL

Question 15

tcpdump -w -r -n -e

Answer 15

write, read, network address information in numeric format, option to include the data link (ethernet etc) when performing a packet capture.

Question 16

Insecure de-serialization vulnerability

Answer 16

When an attacker loads untrusted code into a serialized object, then forwards it to the web application.

Question 17

Rainbow Attack

Answer 17

Cracking method that uses a special table (a “rainbow” table) to crack the password hashes in a database.

Question 18

Dictionary Attack

Answer 18

Breaking into a password-protected system by systematically entering every word in a dictionary as a password.

Question 19

Hybrid Attack

Answer 19

Perpetrator blends two or more kinds of tools to carry out the assault. Example - dictionary + brute force attack = rover123, purple6!, 123Password

Question 20

Collecting evidence for forensic examination sequence

Answer 20

CPU Cache, RAM, SWAP, Hard Drive

Question 21

printenv

Answer 21

Linux command. Prints value of environment variable specified. (Like alias etc)

Question 22

COSO

Answer 22

Committee of sponsoring organizations. Safeguard organization’s assets against fraud.

Question 23

Serialized Object

Answer 23

Converting state of an object into a byte stream. Can create copies or save state into storage.

Question 24

De-serialized object

Answer 24

Is the reverse process where the byte stream recreates the actual object in memory.

Question 25

Non-Primitive Data types

Answer 25

Strings, arrays, user defined classes. Created by programmer and is not defined in language.

Question 26

Anomaly-based detection

Answer 26

Prescribes the baseline for expected patterns based on its observation of what normal looks like.

If large sums of money are spent one after another in one day and it is not your typical behavior, a bank can block your card.

Question 27

Trend-Analysis

Answer 27

Not used for detection, but instead to better understand capacity and the system’s normal baseline.

Question 28

Heuristic-Analysis

Answer 28

Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators. Method of detecting viruses by examining code for suspicious properties. Malware-like behavior patterns.

Heuristic-Analysis example: scans potential malware to find suspicious properties like junk-code or use of uncommon API’s. Sometimes uses signature based detection

Question 29

Behavior-based detection

Answer 29

(Statistical or profile-based detection) means that the engine is trained to recognize baseline traffic or expected events associated with a user account or network device. Anything that deviates from the baseline (outside a level of tolerance) generates an alert. Records expected patterns concerning the entity being monitored like user logins.

Examines results of something happening or potentially happening. Views results of a program for susicious activity. Disabling anti-virus, installing rootkits, deleting altering or adding system files. Might execute malware in sandbox environment before it can actually execute the behavior.