question archive QUESTION 1 Created by Victor Alvarez at VirusTotal, a _________ is a rule set to identify malware inside of strings or binary files
QUESTION 1 Created by Victor Alvarez at VirusTotal, a _________ is a rule set to identify malware inside of strings or binary files
Subject:Computer SciencePrice: Bought3
QUESTION 1
Created by Victor Alvarez at VirusTotal, a _________ is a rule set to identify malware inside of strings or binary files. the standard will take three parameters: metadata, strings, and conditions.
QUESTION 2
The ___________ is a conceptual model that measures the utility of threat intelligence by identifying areas and costs to an adversary that require they expend to replace discovered tools, techniques, and procedures used in their cyber operations.
QUESTION 3
What is the Berkley Packet Filter we would use if we wanted to see only traffic from a computer with IP address 192.168.0.1 communicating over ports 20, 21, 139, or 445?
Write you answer here.
QUESTION 4
_____is a technique used to inspect the content (application data) in the innermost payload of a network packet.
QUESTION 5
_____is the most well-known network discovery tool, which can scan a range of IP addresses and, when combined with the GUI version, will display a visual of the network.
QUESTION 6
_____ is the penetration testing method where you are not provided any information about the organization’s network, systems, or configurations.
QUESTION 7
The first 3 octets/6 characters in a network card's MAC address represent the manufacturer’s _______
QUESTION 8
Symantec in their June 2017 publication, “living off the land”, identified that attackers are taking advantage of powerful task and network automation and configuration management software called __________, which minimizes an attacker’s footprint since it uses preinstalled tools on the victim’s computer to support its cyber operation.
QUESTION 9
A rootkit modifies the Windows task manager’s doubly-linked process list. This suggests that the rootkit is running in ______ mode.
QUESTION 10
______ type of encryption do malware authors employ when packing their malware, requiring the attacker to provide the key as one of the parameters to unpack its malware?
QUESTION 11
Which of the following entries should be disabled in the msconfig screen capture below since it is almost certainly malicious?
In blank enter which Startup item? ________
QUESTION 12
The current value set in the registry key below is almost certainly malicious.
True
False
QUESTION 13
The Diamond Model of Intrusion Analysis helps cyber threat analysts and network defenders understand certain cyber threat groups and their playbook.
True
False
QUESTION 14
An attacker who steals an organization’s user’s password hash can use it, without decrypting it, to authenticate to other systems on the network through what’s considered to be a “pass-the-hash” attack.
True
False
QUESTION 15
The Ntuser.dat file loads registry information for the current user logged onto a system in the HKEY_CURRENT_USER (HKCU) registry hive.
True
False
QUESTION 16
Forensic analysis of memory allows cyber security researchers to examine malware, which otherwise might not be accessible due to file packing and other anti-forensic techniques the malware author employed.
True
False
QUESTION 17
What is most likely being displayed in the image below?
a. Base64 encoded text
b. Randomly generated ASCII strings
c. Encrypted text
d. A software executable
QUESTION 18
Which of the following tool(s) are not used as part of behavioral analysis?
|
|
TCPView |
||||||||||||||||||||||||||||
|
|
Metasploit |
||||||||||||||||||||||||||||
|
|
PowerShell |
||||||||||||||||||||||||||||
|
|
WireShark |
||||||||||||||||||||||||||||
|
|
Process Explorer |
||||||||||||||||||||||||||||
|
QUESTION 19 An attacker compromises the Washington Post's web server and proceeds to modify the homepage slightly by inserting a 1x1 pixel iframe that directs all website visitors to a webpage of his choosing that then installs malware on the visitors' computers. The attacker did this explicitly because he knows that US policymakers frequent the website. This would be an example of a ___________ attack. Man-in-the-middle Remote Code Execution Waterholing Replay QUESTION 20 While reviewing data in your SIEM, you detected the following string "VGhpcyBtZXNzYWdlIGlzIGJhc2U2NCBlbmNvZGVkLg==". What can we infer based off of this payload? An attacker has employed a ROT-13 shift to the payload It is Base64 encoded The payload is double encrypted The sub-string "BtZXNzYWdl" is a known indicator of compromise QUESTION 21 Port scanning is considered what form of an attack?
QUESTION 22 One of Susan’s attacks during a penetration test involved inserting false ARP data into a system’s ARP cache. When that system attempted to send traffic belonging to what it thought was a legitimate system, it instead sent the traffic to Susan’s system. What is this attack called?
QUESTION 29 What can be factually said about the following VirusTotal submission and what can be inferred based off of this data (SHA-256 == 2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525)?
|
|||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||
QUESTION 30
APT 34 uses the following series of commands strung together in a batch file that it runs on a victim’s computer. Explain what each of these commands does and how the results would benefit APT 34 ?
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1
