Last Updated on June 14, 2021 by Admin

Modules 1 – 2: Threat Actors and Defenders Group Exam Answers Full 100%

  1. An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation?

    • cracking
    • denial of service
    • rogue access point
    • spoofing
      Answers Explanation & Hints:

      Configuring the cell phone to act as a wireless access point means that the cell phone is now a rogue access point. The employee unknowingly breached the security of the company network by allowing a user to access the network without connecting through the company access point. Cracking is the process of obtaining passwords from data stored or transmitted on a network. Denial of service attacks refer to sending large amounts of data to a networked device, such as a server, to prevent legitimate access to the server. Spoofing refers to access gained to a network or data by an attacker appearing to be a legitimate network device or user.

  2. What websites should a user avoid when connecting to a free and open wireless hotspot?

    • websites to check product details
    • websites to make purchases
    • websites to check stock prices
    • websites to check account fees
      Answers Explanation & Hints:

      Many free and open wireless hotspots operate with no authentication or weak authentication mechanisms. Attackers could easily capture the network traffic in and out of such a hotspot and steal user information. Therefore, users who use free and open wireless hotspots to connect to websites should avoid giving any personal information to the websites.

  3. A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

    • rogue access point
    • password policy
    • user error
    • user laptop
    • weak password
      Answers Explanation & Hints:

      Man-in-the-middle attacks are a threat that results in lost credentials and data. These type of attacks can occur for different reasons including traffic sniffing.

  4. What type of cyberwarfare weapon was Stuxnet?

    • worm
    • virus
    • ransomware
    • botnet
      Answers Explanation & Hints:

      The Stuxnet worm was an excellent example of a sophisticated cyberwarfare weapon. In 2010, it was used to attack programmable logic controllers that operated uranium enrichment centrifuges in Iran.

  5. When a user turns on the PC on Wednesday, the PC displays a message indicating that all of the user files have been locked. In order to get the files unencrypted, the user is supposed to send an email and include a specific ID in the email title. The message also includes ways to buy and submit bitcoins as payment for the file decryption. After inspecting the message, the technician suspects a security breach occurred. What type of malware could be responsible?

    • adware
    • ransomware
    • spyware
    • Trojan
      Answers Explanation & Hints:

      Ransomware requires payment for access to the computer or files. Bitcoin is a type of digital currency that does not go through a particular bank.

  6. Why do IoT devices pose a greater risk than other computing devices on a network?

    • Most IoT devices do not require an Internet connection and are unable to receive new updates.
    • IoT devices require unencrypted wireless connections.
    • IoT devices cannot function on an isolated network with only an Internet connection.
    • Most IoT devices do not receive frequent firmware updates.
      Answers Explanation & Hints:

      IoT devices commonly operate using their original firmware and do not receive updates as frequently as laptops, desktops, and mobile platforms.

  7. Which cyber attack involves a coordinated attack from a botnet of zombie computers?

    • DDoS
    • MITM
    • ICMP redirect
    • address spoofing
      Answers Explanation & Hints:

      DDoS is a distributed denial-of-services attack. A DDoS attack is launched from multiple coordinated sources. The sources of the attack are zombie hosts that the cybercriminal has built into a botnet. When ready, the cybercriminal instructs the botnet of zombies to attack the chosen target.

  8. A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?

    • botnet
    • rootkit
    • spyware
    • virus
      Answers Explanation & Hints:

      A botnet is a network of infected computers called a zombie network. The computers are controlled by a hacker and are used to attack other computers or to steal data.

  9. A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic. This traffic rendered the server inoperable. How would a certified cybersecurity analyst classify this type of threat actor?

    • amateur
    • state-sponsored
    • terrorist
    • hacktivist
      Answers Explanation & Hints:

      Amateurs or script kiddies use common, existing tools found on the internet to launch attacks. Hacktivists disrupt services in protest against organizations or governments for a particular political or social idea. State-sponsored threat actors use cyberspace for industrial espionage or interfering with another country in some way. Terrorist groups attack for a specific cause.

  10. In a smart home, an owner has connected many home devices to the Internet, such as the refrigerator and the coffee maker. The owner is concerned that these devices will make the wireless network vulnerable to attacks. What action could be taken to address this issue?

    • Disable the SSID broadcast.
    • Install the latest firmware versions for the devices.
    • Configure mixed mode wireless operation.
    • Assign static IP addresses to the wireless devices.
      Answers Explanation & Hints:

      The Internet of Things (IoT) is facilitating the connection of different kinds of devices to the internet, like home devices such as coffee makers and refrigerators, and also wearable devices. In order to make these devices secure and not vulnerable to attacks, they have to be updated with the latest firmware.

  11. Which statement describes cyberwarfare?

    • Cyberwarfare is an attack carried out by a group of script kiddies.
    • It is simulation software for Air Force pilots that allows them to practice under a simulated war scenario.
    • It is a series of personal protective equipment developed for soldiers involved in nuclear war.
    • It is Internet-based conflict that involves the penetration of information systems of other nations.
      Answers Explanation & Hints:

      Cyberwarfare is Internet-based conflict that involves the penetration of the networks and computer systems of other nations. Organized hackers are typically involved in such an attack.

  12. What is the main purpose of cyberwarfare?

    • to protect cloud-based data centers
    • to gain advantage over adversaries
    • to develop advanced network devices
    • to simulate possible war scenarios among nations
      Answers Explanation & Hints:

      Cyberwarfare is Internet-based conflict that involves the penetration of the networks and computer systems of other nations. The main purpose of cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

  13. What are two examples of personally identifiable information (PII)? (Choose two.)

    • credit card number
    • first name
    • street address
    • language preference
    • IP address
      Answers Explanation & Hints:

      Personally identifiable information (PII) is any data that could potentially identify and track a specific individual. A credit card number and street address are the best examples of PII.

  14. Which regulatory law regulates the identification, storage, and transmission of patient personal healthcare information?

    • GLBA
    • HIPAA
    • FISMA
    • PCI-DSS
      Answers Explanation & Hints:

      The Health Insurance Portability and Accountability Act (HIPAA) requires that all patient personally identifiable healthcare information be stored, maintained, and transmitted in ways that ensure patient privacy and confidentiality.

  15. A worker in the records department of a hospital accidentally sends a medical record of a patient to a printer in another department. When the worker arrives at the printer, the patient record printout is missing. What breach of confidentiality does this situation describe?

    • PSI
    • PHI
    • PII
    • EMR
      Answers Explanation & Hints:

      Protected Health Information (PHI) includes patient name, addresses, visiting dates and more. The Health Insurance Portability and Accountability Act (HIPAA) regulates and provides severe penalties for breaches of PHI. EMRs (Electronic Medical Records) are documents created and maintained by the medical community that contain PHI. Personally identifiable information (PII) is any information that can be used to positively identify an individual, such as name and social security number. Personal Security Information (PSI) is related to information about an individual such as passwords, access keys, and account details.

  16. What is the dark web?

    • It is a website that reports the most recent activities of cybercriminals all over the world.
    • It is part of the internet that can only be accessed with special software.
    • It is a website that sells stolen credit cards.
    • It is part of the internet where a person can obtain personally identifiable information from anyone for free.
      Answers Explanation & Hints:

      One of the more lucrative goals of cybercriminals is obtaining lists of personally identifiable information that can then be sold on the dark web. The dark web can only be accessed with special software and is used by cybercriminals to shield their activities. Stolen PII can be used to create fake accounts, such as credit cards and short-term loans.

  17. Which example illustrates how malware might be concealed?

    Modules 1 - 2 Threat Actors and Defenders Group Exam Answers 01
    Modules 1 – 2 Threat Actors and Defenders Group Exam Answers 01
    • A botnet of zombies carry personal information back to the hacker.
    • A hacker uses techniques to improve the ranking of a website so that users are redirected to a malicious site.
    • An attack is launched against the public website of an online retailer with the objective of blocking its response to visitors.
    • An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.
      Answers Explanation & Hints:

      An email attachment that appears as valid software but actually contains spyware shows how malware might be concealed. An attack to block access to a website is a DoS attack. A hacker uses search engine optimization (SEO) poisoning to improve the ranking of a website so that users are directed to a malicious site that hosts malware or uses social engineering methods to obtain information. A botnet of zombie computers is used to launch a DDoS attack.

  18. Which three are major categories of elements in a security operations center? (Choose three.)

    • people
    • processes
    • data center
    • technologies
    • database engine
    • Internet connection
      Answers Explanation & Hints:

      The three major categories of elements of a security operations center are people, processes, and technologies. A database engine, a data center, and an Internet connection are components in the technologies category.

  19. Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?

    • SOC Manager
    • Tier 1 Analyst
    • Tier 2 Incident Reporter
    • Tier 3 SME
      Answers Explanation & Hints:

      In a SOC, Tier 3 SMEs have expert-level skills in network, endpoint, threat intelligence, and malware reverse engineering (RE). They are deeply involved in hunting for potential security threats and implementing threat detection tools.

  20. The term cyber operations analyst refers to which group of personnel in a SOC?

    • SOC managers
    • Tier 1 personnel
    • Tier 2 personnel
    • Tier 3 personnel
      Answers Explanation & Hints:

      In a typical SOC, the Tier 1 personnel are called alert analysts, also known as cyberoperations analysts.

  21. How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?

    • by analyzing logging data in real time
    • by dynamically implementing firewall rules
    • by combining data from multiple technologies
    • by integrating all security devices and appliances in an organization
      Answers Explanation & Hints:

      A security information and event management system (SIEM) combines data from multiple sources to help SOC personnel collect and filter data, detect and classify threats, analyze and investigate threats, and manage resources to implement preventive measures.

  22. Which three technologies should be included in a SOC security information and event management system? (Choose three.)

    • proxy service
    • log management
    • firewall appliance
    • threat intelligence
    • security monitoring
    • intrusion prevention
      Answers Explanation & Hints:

      Technologies in a SOC should include the following:
      Event collection, correlation, and analysis
      Security monitoring
      Security control
      Log management
      Vulnerability assessment
      Vulnerability tracking
      Threat intelligence
      Proxy server, VPN, and IPS are security devices deployed in the network infrastructure.

  23. An SOC is searching for a professional to fill a job opening. The employee must have expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering in order to search for cyber threats hidden within the network. Which job within an SOC requires a professional with those skills?

    • Alert Analyst
    • Incident Responder
    • Threat Hunter
    • SOC Manager
      Answers Explanation & Hints:

      Tier 3 professionals called Threat Hunters must have expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering. They are experts at tracing the processes of malware to determine the impact of the malware and how it can be removed.

  24. What job would require verification that an alert represents a true security incident or a false positive?

    • Alert Analyst
    • Incident Reporter
    • Threat Hunter
    • SOC Manager
      Answers Explanation & Hints:

      A Cybersecurity Analyst monitors security alert queues and uses a ticketing system to assign alerts to a queue for an analyst to investigate. Because the software that generates alerts can trigger false alarms, one job of the Cybersecurity Analyst would be to verify that an alert represents a true security incident.

  25. Which KPI metric does SOAR use to measure the time required to stop the spread of malware in the network?

    • MTTD
    • MTTR
    • MTTC
    • Time to Control
      Answers Explanation & Hints:

      The common key performance indicator (KPI) metrics compiled by SOC managers are as follows:
      • Dwell Time: the length of time that threat actors have access to a network before they are detected and the access of the threat actors stopped
      • Mean Time to Detect (MTTD): the average time that it takes for the SOC personnel to identify that valid security incidents have occurred in the network
      • Mean Time to Respond (MTTR): the average time that it takes to stop and remediate a security incident
      • Mean Time to Contain (MTTC): the time required to stop the incident from causing further damage to systems or data
      • Time to Control: the time required to stop the spread of malware in the network

  26. Match the SOC metric to the description. (Not all options are used.)

    Modules 1 - 2 Threat Actors and Defenders Group Exam Answers 001
    Modules 1 – 2 Threat Actors and Defenders Group Exam Answers 001
    Answers Explanation & Hints:

    SOCs use many metrics as performance indicators of how long it takes personnel to locate, stop, and remediate security incidents.

    • Dwell Time
    • Mean Time to Detect (MTTD)
    • Mean Time to Respond (MTTR)
    • Mean Time to Contain (MTTC)
    • Time to Control
  27. What is a benefit to an organization of using SOAR as part of the SIEM system?

    • SOAR would benefit smaller organizations because it requires no cybersecurity analyst involvement once installed.
    • SOAR was designed to address critical security events and high-end investigation.
    • SOAR automates incident investigation and responds to workflows based on playbooks.
    • SOAR automation guarantees an uptime factor of “5 nines”.
      Answers Explanation & Hints:

      SIEM systems are used for collecting and filtering data, detecting and classifying threats, and analyzing and investigating threats. SOAR technology does the same as SIEMs but it also includes automation. SOAR integrates threat intelligence and automates incident investigation. SOAR also responds to events using response workflows based on previously developed playbooks.

  28. Which organization is an international nonprofit organization that offers the CISSP certification?

    • IEEE
    • GIAC
    • (ISC) 2
    • CompTIA
      Answers Explanation & Hints:

      (ISC)² is an international nonprofit organization that offers the CISSP certification.

5 1 vote
Article Rating
Subscribe
Notify of
guest
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments