Guardians of the Grid
What term is used to describe the groups of related organizations that pool resources to share cybersecurity threat information and analyses?
What is Information Sharing and Analysis Centers (ISACs)
What is the default Nmap scan type, when Nmap is not provided with a scan type flag?
What is TCP SYN scan
Betsy wants to review the security logs on her Windows workstation. What tool should she use to do this?
What is Event Viewer
What type of agreement between two organizations is a common inhibitor to remediation because of uptime requirements?
What is service level agreement (SLA)
While reviewing network flow logs, Jared sees that network flow on a particular segment suddenly dropped to zero. What is the most likely cause of this?
What is a link failure
Abby wants to gather network traffic from systems on her network. What tool can she use to best achieve this goal?
What is Wireshark
Brandon's pen test requires him to use passive mapping techniques to discover network topology. Which tool is suited for this task?
What is wireshark
What common incident response follow-up activity includes asking questions like "What additional tools or resources are needed to detect or analyze future events?"
What is lessons learned review
What information is typically included in a list of affected hosts in a vulnerability management report?
As part of her SOC analyst duties, Emma is tasked with monitoring intrusion detection systems that cover her employer's corporate headquarters network. During her shift, Emma's IDS alarms report that a network scan has occurred from a system with IP address 10.0.11.19 on the organization's WPA3 Enterprise wireless network aimed at systems in the finance division. What data source should she check first?
What is Wireless Authentication logs
Suzy needs to test thousands of submitted binaries. She needs to ensure that the applications do not contain malicious code. What technique is best suited to this need?
Greg is configuring a new vulnerability scanner for use in his organization's datacenter. What would be considered best practice for the scanner's update frequency?
What is Daily Update Frequency
During an incident response process, Samantha heads to a compromised system and disconnects its network cable. What phase of their incident response process is Samantha performing?
What is Containment
What NIST standard provides information on incident handling practices?
What is NIST SP 800-61
Jeremy's organization suffers an outage of its point-to-point encrypted VPN because of a system compromise at its ISP. What type of issue is this?
What is availability
What technology is most commonly used to protect data in transit for modern web applications?
What is TLS
Sara is designing a new vulnerability scanning system for her organization. She must scan a network that contains hundreds of unmanaged hosts. What technique would be most effective at detecting system configuration issues in her environment?
Server-based monitoring
What is space between the last sector containing logical data and the end of the cluster called?
What is Slack Space
Karen's organization has discovered that their Windows workstations have a vulnerability that was discovered more than a year ago. What solution is best suited to handling this known vulnerability?
What is Patching
Mya is evaluating the security of an application developed within her organization. She would like to assess the application's security by supplying it with invalid inputs. What technique is Mya planning to use?
What is Fuzz testing
Bob is working on a threat classification exercise, analyzing known threats and assessing the possibility of unknown threats. What threat actor is most likely to be associated with an advanced persistent threat (APT)?
What is Nation-State
Bob recently reviewed a vulnerability report and determined that an insecure direct object reference vulnerability existed on the system. He implemented a remediation to correct the vulnerability. After doing so, he verifies that his actions correctly mitigated the vulnerability. What term best describes the initial vulnerability scan?
What is True Positive
Roger wants to validate his recovery efforts and intends to scan a web server he is responsible for with a scanning tool. What tool should he use to get the most useful information about system vulnerabilities?
What is OpenVas
A company that Jake works for uses an embedded system as part of manufacturing process. The system relies on an operating system created by the machine's vendor and Jake's team has identified vulnerabilities during a network scan. What type of system should Jake identify this device as?
What is a proprietary system
Marry wants to use a security benchmark that is widely used throughout the industry to baseline her systems as part of hardening process. What organization provides a set of freely available benchmarks for operating systems?