Ucertify Exam Prep Flashcards
The threat intelligence cycle is a five-step process. Here are the five steps of the threat intelligence cycle:
Requirements gathering Data collection Data processing and analysis: Intelligence dissemination: Feedback:
1-Requirements gathering:
Assess what security breaches or compromises a user faced.
2-Data collection:
Collect data from threat intelligence sources to meet intelligence requirements.
3-Data processing and analysis:
Process data to allow it to be consumed by whatever tools or processes a user intends to use and then the user must analyze data itself.
4-Intelligence dissemination:
Distribute data to leadership and operational personnel who will use data as part of their security operations role.
5-Feedback:
Gather feedback about reports and data users have gathered.
Which of the following open ports represents the most significant possible security vulnerability? A 23 B 22 C 443 D 161
Port 23 is used by Telnet, which is an insecure unencrypted communications protocol.
A ________ is a specialized tool used to find WPA and WPA2 passphrases specifically on networks that support the WPS feature.
reaver
What can be used to write a checklist and report results in a standardized fashion?
Extensible Configuration Checklist Description Format (XCCDF)
Data loss prevention (DLP) may be able to intercept and block unencrypted sensitive information, leaving the webserver but it does not
apply cryptography to web communications.
Packet sniffing monitors only the headers of packets to determine
what type of traffic is being sent.
Flow sends information about
all connections or sends a sampled dataset.
SNMP allows network devices to
send information about important events as SNMP traps.
During which phase of the software development life cycle (SDLC) model does user acceptance testing (UAT) occur?
testing and integration phase of the software development life cycle (SDLC) model
__________ is a form of structured and formal code review intended to find a variety of problems during the development process of the code.
Fagan inspection
___________ provides a searchable listing of vulnerable hosts, including details of the system that was scanned.
Shodan search engine
A _____________________ is a document that defines a bilateral or multilateral agreement between two parties
memorandum of understanding (MOU)
Succession planning is a security control that is designed to provide
continuity for security responsibilities.
The ALE value of a specific risk is calculated by multiplying an SLE by its ARO to determine the financial magnitude of this risk on an annual basis. Here’s the formula for calculating ALE:
ALE (annual loss expectancy) = SLE (single loss expectancy) X ARO (annual rate of occurrence)
________________ allows a user to deploy, configure, and manage data centers through scripts
Infrastructure as code (IaC)
Resource servers handle authenticated requests after the application has
obtained an access token
___________ analysis methods run potential malware applications and detect threats based on their behavior. This is good for zero day attacks
Heuristic analysis
Which protocol provides an encryption key and a digital signature that verifies that an email message was not forged or altered?
A. LDAP
B. DKIM
C. HTTPS
D. IPSecc
The DomainKeys Identified Mail (DKIM) protocol provides an encryption key and a digital signature that verifies that an email message was not forged or altered.
A qualitative risk assessment ranks the potential of a threat and sensitivity of assets
by grade or scale such as low, medium, or high.
quantitative risk assessment
measure threat exposure and likelihood with cost-based metrics.
Tamper-proof seals are used when it is necessary to prove that devices, systems, or spaces were not
accessed during your absence. They often include holographic logos that help to ensure that tampering is visible and cannot be easily hidden by replacing a logo.
Hashcat tool is a password-cracking utility that uses
graphics processing units (GPUs) to crack passwords at a very high rate of speed.
Sysinternals is a tool that includes resources and utilities Microsoft Windows environment.
to manage, diagnose, troubleshoot, and monitor a
____________ is unauthorized equipment that is attached to a network or assets which create a side channel for an attack. I
Rogue hardware
Accidental Threat
…
Physical Threat
…
Structural Threat
Resource exhaustion is a type of structural threat
SIFT SANS Investigative Forensic Tool Kit
…
Fagan Inspection
Formal Code review process
Mutation Testing
…
It allows cloud customers for the serverless application architecture. It is used to execute or trigger functions written by developers. It offers Amazon’s Lambda services. Which Cloud Service is this?
function as a service (FaaS)
OWASP
…
Which of the following statements are true of proper compensating controls?
They must meet the intent and rigor of the original requirement.
They must provide a similar level of defense as the original requirement.
They must be “above and beyond” other PCI DSS procedures.
In a pent test the _______ coordinates the exercise and serves as referees, arbitrating disputes between the team, maintaining the technical environment, and monitoring the results.
white team
The ________________ identifies potentially malicious external domains. ACLs can permit and deny traffics for a virtual machine endpoint.
access control list (ACL)
Secure Shell (SSH), uses port
22
database servers commonly run on ports
1433 (for Microsoft SQL Server),
Remote Desktop Protocol (RDP) services run on port.
3389
The _______model is a sequential model in which each phase is followed by the next phase. In this model, phases do not overlap and each logically leads to the next.
waterfall
The _____ model, which is an extension of the Waterfall model, pairs a testing phase with each development stage. Each phase starts only after the testing for the previous phase is done.
V model
The _______________ model doesn’t focus on any planning or a process. It focuses on making resources available and simply starting coding based on requirements as they are revealed.
big bang model
The _______________act is a United States law that requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results. SOX
Sarbanes-Oxley (SOX)
______ scanner is a commercial network vulnerability scanner that offers a unique deployment model using the software-as-a-service (SaaS) management console to run scans using appliances located both in on-premises datacenters and the cloud.
Qualys’s vulnerability
__________ is an agile software development technique that places two developers at one workstation. One developer writes code, while the other developer reviews their code as they write it.
Pair programming
Protected ______ ____________ (PHI)
Protected health information
____ ______ ________allows administrators to specify which hosts are allowed to send email messages from a given domain by creating a specific SPF record in the Domain Name System (DNS).
Sender Policy Framework (SPF)
NIST recommends using the following four categories to describe the functional impact of an incident:
None: No effect on an organization’s ability to provide all services to all users.
Low: Minimal effect an organization can still provide all critical services to all users but has lost efficiency.
Medium: An organization has lost the ability to provide a critical service to a subset of system users.
High: An organization is no longer able to provide some critical services to any users.
None: No effect on an organization’s ability to provide all services to all users.
Low: Minimal effect an organization can still provide all critical services to all users but has lost efficiency.
Medium: An organization has lost the ability to provide a critical service to a subset of system users.
High: An organization is no longer able to provide some critical services to any users.
________ for scanning a hard drive to view the deleted communication
Forensic Toolkit (FTK)
Tools in the _________ suite can capture packets from wireless networks, conduct packet injection attacks, and crack preshared keys used on wireless networks
Ettercap
Wireshark
Aircrack-ng
Wifiphisher
aircrack-ng
____ _______ is a process of extracting data from a computer when that data has no associated file system metadata
File carving
_______ can be used to open connections to both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) ports and services running on those ports.
Traceroute
Netstat
Netcat
TCPConn
Netcat
Common Configuration Enumeration
…
