UNIX
What are the two mechanisms of process instantiation on UNIX systems?
a. exec() and fork()
b. execu () and clone ()
c. executive () and fork ()
d. exec () and spawn ()
a. exec() and fork()
Who is the authority to execute a pre-approved action?
a. 460 CS DOA/CC
b. 460 OG/CC
c. Cyber Crew CC/Chief
d. SOC/CC
c. Cyber Crew CC/Chief
Which layer of the OSI model handles error detection and physical addressing?
a. Physical Layer
b. Data Link Layer
c. Transport Layer
d. Network Layer
b. Data Link Layer
Which Wireshark filter is most correct?
a. ip == 192.168.0.1
b. ip.addr == 192.168.0.1
c. addr == 192.168.0.1
d. ip = 192.168.0.1
b. ip.addr == 192.168.0.1
What is PBED?
a. Plan, Brief, Execute, Debate
b. Plan, Brief, Exercise, Debrief
c. Plan, Brief, Execute, Debrief
d. Plan, Brief, Engage, Debrief
c. Plan, Brief, Execute, Debrief
What directory on a *nix system normally holds log files?
a. /var/log
b. /mnt/log
c. /etc/logd. /usr/log
a. /var/log
The Master Station Log at a minimum will contain:
a. Significant communications
b. Identification of on-duty personnel
c. Major operational activities
d. All of the above.
d. All of the above
What are the two ways IP addresses are assigned?
a. setip & dynamicip
b. Ipconfig & Ifconfig
c. DHCP & Route
d. Static & DHCP
d. Static & DHCP
Dynamic malware analysis involves:
a. Identifying malware connectivity using PCAPs
b. Sending malware to forensics experts
c. Post-execution analysis in a virtual machine
d. All of the above
c. Post-execution analysis in a virtual machine
Who is tasked to manage DOA crew scheduling to include timelines for crew ops, sortie execution, evaluations, training classes, exercises and operational events.
a. DOC
b. DOO
c. DOK
d. DOT
b. DOO
Which file can be used to create scheduled jobs on Linux systems?
a. /etc/crontab
b. /etc/schtasks
c. /etc/jobs
d. /etc/inet.d
a. /etc/crontab
What does a MDT member need to provide to complete a Request for Information (RFI)?
a. A request for general information about any Advanced Persistent Threats (APT) that exist worldwide
b. Clearly stated specific requirement, strong justification, parameters for the answer, reasonable suspense
c. A request for T/S-SCI level information, with an immediate suspense
d. One (1) white common access card, completed SF-86, note from CC
b. Clearly stated specific requirement, strong justification, parameters for the answer, reasonable suspense
What is the purpose of ARP?
a. Used to resolve hardware addresses to network addresses
b. Used to resolve network addresses to hardware addresses
c. Used to resolve hostnames to network addresses
d. Used to resolve network addresses to hostnames
b. Used to resolve network addresses to hardware addresses
A good IPS/IDS signature rule will:
a. Generate more alerts, with greater frequency
b. Provide alerts on several operating systems
c. Alert only when specific criteria has been met
d.All of the above
c. Alert only when specific criteria has been met
Which Windows registry key is a location for persistence
a. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
b. HKLM\System\CurrentControlSet\Services
c. HKLM\system\CurrentControlSet\enum\usb
d. HKLM\Software\Microsoft\Windows\Currentversion\Run
d. HKLM\Software\Microsoft\Windows\Currentversion\Run
In a *nix system, which command displays network interface parameters?
a. nic -a
b. ipconfig
c. ifconfig
d. netstat -ano
c. ifconfig
What do we call any piece of information that objectively describes an intrusion?
a. APT
b. CRL
c. PAA
d. IOC
In the IPv4 packet header, what is the Time to Live (TTL) field for?
a. The total length of the IP packet datagram, which also includes the header
b. Method of classifying network traffic for manageability and provide quality of service
c. Limits the lifespan or lifetime of data packets in a computer network
d. Indicates the bit position of where the data field begins
c. Limits the lifespan or lifetime of data packets in a computer network
Network mapping is the process of discovering the devices connected to a network and how they are interconnected.
a. True
b. False
a. True
Which crew position researches emerging intelligence from various data feeds and communicates the relevant information to the MDT-CCC/CCCH. They are responsible for being the Cyber Intel subject matter expert and tuning/applying emerging signatures to the MDT detection platform with approval from the MDT-CCC/CCCH, directly affecting the efficiency of Surveillance Sorties.
a. I&W
b. DO
c. IR
d. Cyber Intel Analyst
a. I&W
a Linux OS, what file contains the encrypted password hash of each user?
a. /etc/shadow
b. /etc/passwd
c. /etc/usr
d. /etc/hosts
a. /etc/shadow
At a minimum, on what occasion(s) will the crews perform briefs to leadership?
a. Monday/Thursday operations standup
b. Tuesday/Wednesday WOMs requirements
c. Wednesday/Thursday training working group
d. None of the above
a. Monday/Thursday operations standup
Which is a standard port for SSH connections?
a. 445
b. 80
c. 23
d. 22
c. 22
Which best describes a bot and a botnet?
a. A bot is a compromised host that contains malware
b. A bot is a compromised network that contains malware
c. A botnet is a collection of bots
d. Both A & B
e. Both A & C
e. Both A & C
ATT&CK is largely a knowledge base of adversarial techniques, a breakdown and classification of offensively oriented actions that can be used against particular platforms, such as Windows.
a. True
b. False
a. True