CertiProf Cyber Security Questions

Ans: All of the above

Ans: A
Ans: A

Ans: C
Ans: D
Ans: C
Ans: B

Ans: D… All the option

Ans: B

Ans: B
Ans: C

Ans: A
Ans: B

Ans: A
Ans: A

Ans: B
Ans: D

Ans: A
Ans: B

Ans: B
Ans: B

Ans: C
Ans: A

Ans: D
Ans: B

Ans: A
Ans: C

Ans: D
Ans: C

Ans: A
Ans: D

Ans: B
Ans: A
Ans: B

Ans: B
Ans: A

Ans: D
Ans: C

Ans: A
Ans: C
Answer – Extradition
Answer – Code of Conduct
Syslog provides a generic logging infrastructure that constitutes an extremely efficient data source for many uses. This
new specification introduces several improvements over the original implementation. A Syslog entry is a timestamped
text message coming from an identified source.

What is the information stored in Syslog?

• Authentication ID, Encryption and decryption info, and data privacy flag
• DNS and Routing info, Data security gateway ID
• Timestamp, Hostname, Process, Priority, and PID
• Routers CPU ID, Transport Layer Security protocol info, and Syslog current version

The pcap library needs the accessibility of a network interface that can be employed in alleged promiscuous mode,
which means that interface will recover all packets from the network, even those packets that are not requested to it.
Also, it is not required to bind an IP address to the network interface to capture traffic.

Binding of IP address to the network interface is essential to do what?

• Security and incident management

• Traffic configuration
• Capture traffic
• General maintenance and traffic monitoring

Which principle states that controls need to define and enable operations that can positively be identified as being in
accordance with a security policy, and reject all others?

• Penetration Testing
• Open design
• Fail-safe defaults
• Complete mediation

The analogy between quality management and security is not perfect because the

• System security is leaked

• Human errors
• Hardware is not powerful enough
• Threat environment is not static

The term ’jurisdiction’ is used to refer to a state, or any political sub-division of a state, that has the authority to do?

• Place probable cause

• Address conflict of law
• Enforce laws or regulations
• All of the above
Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks
cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the
understanding of explicit vulnerabilities.

This supposedly supports the detection of what?

• physical and real-time vulnerability

• environmental vulnerability
• 0-day attacks
• economic vulnerability and social vulnerability

The Domain Name System (DNS) translates domain names, significant bits of text, to IP addresses needed for
network communications. The DNS protocol is also a regular DDoS enhancer, as it is likely for an attacker to
impersonate the IP address of a target in a DNS request, thus triggering the DNS server to send unwanted traffic to the
target.

What other protocols are prone to amplification?

• Network Time Protocol (NTP)

• TCP/IP
• Address Resolution Protocol (ARP)
• S7 signaling protocol

Memory-resident malware such that if the computer is rebooted or the infected running program terminates, it no
longer exists anywhere on the system and can evade detection by many anti-virus systems that rely on file scanning.

What is the advantage of memory-resident malware?

• It can easily clean up its attack operations right after its execution
• It is difficult to clean up its attack operations if the compromised system is guarded by real-time anti-virus
programs
• A memory-resident malware has no advantage in the context of hiding its attack operations
• Cleaning up its attacks is possible, but it may require additional malware utilities

What is a common technique for permitting data processing without risk to individuals?

• Anonymization
• Generalization
• Data integrity
• Duplicity

What is a traditional method for obtaining custody of a cybercriminal who is not present within the state?

• Indictment
• Extradition
 • Impeachment
• Recrimination

Which is NOT a good Security Metric?

• Consistently measured, without subjective criteria

• Cheap to gather, preferably in an automated way
• Contextually specific and relevant enough to decision-makers that they can take action
• Express results with qualitative label units of measure

Malware essentially codifies the malicious activities intended by an attacker and can be analyzed using the Cyber Kill
Chain Model which represents (iterations of) steps typically involved in a cyberattack.

What is the first step in the Cyber Kill Chain Model that cyber attackers follow?

• Establishing a command-and-control channel for attackers to remotely commandeer the victim’s system
• Reconnaissance is the 1st step where an attacker identifies or attracts the potential targets by scanning
• Exploiting a vulnerability and executing malicious code on the victim’s system
• The 1st step is to gain access to the targets by sending crafted input to trigger a vulnerability

Before performing any penetration test, through legal procedure, which key points listed below is not mandatory?

• Characteristics of work done in the firm

• Type of broadband company used by the firm
• Know the nature of the organization
• System and network

Criteria by which usability is assessed?


• Incompetence
• Incapacity
• Indecision
• None of the above

The privacy knowledge area is structured in different sections, which is consider part of this paradigm?

• As informational control
• As confidentiality
• As transparency
• All of the above

What theme is of high relevance regarding the cost versus benefits trade-offs of security to user systems and
cybercriminals
 • Verification Methods
• Security Architecture
• Security Economics
• None of the above

Layer 3 information, such as IP addresses, the amount and timing of the data transferred, or the duration of the
connection, is accessible to observers even if communications are encrypted or obfuscated.

What type of metadata is this in reference to?

• Traffic metadata
• Wireshark metadata
• Host based metadata
• Network metadata

The early-day malware activities were largely nuisance attacks (such as defacing or putting graffiti on an
organization’s web page) but Present-day malware attacks are becoming full-blown cyberwars.

An underground eco-system has also emerged to support what?

• The 1st half of the malware lifecycle that includes only development & deployment
• The 2nd half of the malware lifecycle that includes only operations and monetization
• The full malware lifecycle that includes development, deployment, operations, and monetization
• The middle half of the malware lifecycle that includes only deployment & operations

________ is a principle where conditions appear from previous decisions about said systems.

• Precautionary conditions
• Latent design conditions
• NIST conditions
• None of the above

Cybercrime can be categorized into ________ types

• 6
• 4
• 2
• 3

Which of the following is not a NIST security architecture strategy

• Defense in Depth
• The Reference Monitor Concept
• Isolation
 • Behavior

Which of following is NOT a core concept of risk assessment?

• Risk Analysis
• Impact
• Vulnerability
• Likelihood

As Netflow was designed by network equipment providers, it is exceptionally well implemented in networks, and
extensively used for network management jobs. It is standardized, and even nonetheless the commercial names vary,
alike information is gathered by the manufacturers that are supportive of this technology.

Controlling Packets to calculate Netflow counters requires access to what?

• GPU designed for Visual AI

• Transit Gateway CPU
• Routers CPU
• TRX handlers

There are different categories for evidence depending upon what form it is in and possibly how it was collected.
Which of the following is considered supporting evidence?

• Best evidence
• Conclusive evidence
• Direct evidence
• Corroborative evidence

What is the best detection approach when dealing with DDoS

• Look for synchronized activities both in C&C like traffic and malicious traffic
• Use the layer 7 capability firewall for detection
• Include monitoring host activities involved in encryption
• Analyze the statistical properties of traffic

___ is the number of characters that most humans can commit to STM without overload

• 12
• 7
• 3
• 6

This method begins by asking “What is the overall goal of the system or enterprise”
 • The Open Group Architectural Framework (TOGAF)
• Systems-Theoretic Accident Model and Process (STAMP)
• Dependency Modelling
• SABSA

Which of the following is not done by cyber criminals?

• Unauthorized account access

• Report vulnerability in any system
• Email spoofing and spamming
• Mass attack using Trojans as botnets

Capturing the MAC layer is doable but needs an explicit configuration. Capturing the MAC layer is mandatory to
identify attacks like ARP poisoning. For the definite categories of industrial control networks that execute right on top
of the Ethernet layer, capturing traffic involves adding a node and could change the real-time conventions.

Understanding the information available in the MAC layer requires what?

• Design configuration of the whole network interface

• Understanding of network architecture.
• Network configuration in promiscuous mode.
• The configuration of the network segment to which the collection network interface is attached.

There are two principal approaches to formal modelling

• Logical, Mathematical
• Symbolic, Logical
• Mathematical, Statistical
• Computational, Symbolic

Component-driven methods are good for

• Establishing system security requirements before you have decided on the system’s exact physical design.
• Exploring security breaches which emerge out of the complex interaction of many parts of your system
• Bringing together multiple stakeholders’ views of what a system should and should not do
• Analyzing the risks faced by individual technical components

There are many benefits to analyzing malware. First, we can understand the intended malicious activities to be carried
out by the malware.

What is the benefit of understanding intended malicious activities?

• A) This will not allow us to update our network and endpoint sensors to detect and block such activities
• B) This will help to identify which machines have malware and take corrective actions
 • C) This will let us remove the malware or even completely wiping the computer clean and reinstalling
everything
• D) Both B and C are correct

Renn defines three basic abstract elements which are at the core of most risk assessment methods. Which element is
NOT part of Renn’s definition?

• Relationship between risk and security

• Combination of outcomes and possibility of occurrence
• Possibility of occurrence (uncertainty)
• Outcomes that have an impact on what human’s value

Which is NOT an aspect of Risk Communication with relation to compliance and accountability?

• Education
• Involvement
• Training and inducement of behavior change
• Password Policies

In Security Architecture and Lifecycle “to group users and data into broad categories using role-access requirements,
together with formal data classification and user clearance” is part of which step?

• Last Step
• Third Step
• First Step
• Second Step

Which of the following is not a type of peer-to-peer cyber-crime?

• Phishing
• Credit card details leak in deep web
• MiTM
• Injecting Trojans to a target victim

The 1st dimension of our taxonomy is whether malware is a standalone (or, independent) program or just a sequence
of instructions to be embedded in another program.

What assumption regarding the execution property of the standalone malware program is Correct?

• A Standalone Malware program is a complete software that can run on its own when installed on a target
system and executed
• It is an incomplete software and is used just for illustration of the Malware program life cycle
• Complete software and its working depend on the type of compromised Operating system
• An incomplete program and it needs the help of already installed programs to plan for attack
In a scenario where the data belong to the sender and the recipient acts as the data process is an example of?

• In house processing
• Outsourcing
• Data processing
• None of the above

A framework that acknowledges that current systems are interconnected, and provides basis on how to secure them

• NIST
• ITIL
• FAIR
• ISO

Software programs are protected from illegal distribution under what law?

• Copyright
• SPA
• Trademark
• Trade Secret

What is a good example of a security measure made ineffective due to its 0.1% utilization, and that has been
around for over 20 years?

• Email encryption
• Log management
• Software encryption
• Data backup