100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CTI Midterm 2 (1) Questions & 100% Verified Correct Answers with complete solutions (Latest update CA$11.60   Add to cart

Exam (elaborations)

CTI Midterm 2 (1) Questions & 100% Verified Correct Answers with complete solutions (Latest update

 4 views  0 purchase

CTI Midterm 2 (1) Questions & 100% Verified Correct Answers with complete solutions (Latest update

Preview 3 out of 26  pages

  • August 14, 2024
  • 26
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
All documents for this subject (40)
avatar-seller
topgradesdr
CTI Midterm 2
cyber kill chain - ANS-One of the first ways to analyze all the threat data is to map the event
data to a _

a systematic process to target and engage an object to create desired effects - ANS-Kill chain

Find, Fix, Track, Target, Engage, Assess - ANS-the US military targeting doctrine defines the
steps of the kill chain process as:

any one deficiency will interrupt the entire process - ANS-the kill chain integrated end-to-end
process is described as a "chain" because _

fit cyber applications - ANS-the kill "chain" has been adapted to _

trying to get into your network - ANS-ATT&CK tactic: Initial Access

trying to run malicious code - ANS-ATT&CK tactic: Execution

trying to maintain their foothold - ANS-ATT&CK tactic: Persistence

trying to gain higher-level permissions - ANS-ATT&CK tactic: Privilege Escalation

trying to avoid being detected - ANS-ATT&CK tactic: Defense Evasion

trying to steal account names and passwords - ANS-ATT&CK tactic: Credential Access

trying to figure out your environment - ANS-ATT&CK tactic: Discovery

trying to move through your environment - ANS-ATT&CK tactic: Lateral Movement

trying to gather data of interest to their goal - ANS-ATT&CK tactic: Collection

trying to communicate with compromised systems to control them - ANS-ATT&CK tactic:
Command and Control

trying to steal data - ANS-ATT&CK tactic: Exfiltration

trying to manipulate, interrupt, or destroy your systems and data - ANS-ATT&CK tactic: Impact

1. Reconnaissance, 2. Weaponization,
3. Delivery,

,4. Exploit,
5. Installation,
6. Command and Control,
7. Actions on Objectives - ANS-Lockheed Martin Cyber Kill Chain (order of phases)

(IDENTIFY THE TARGETS)

research, identification, and selection of targets within organization,
ex: Facebook, Twitter, and LinkedIn searches - ANS-Reconnaissance

(PREPARE THE OPERATION)

coupling exploit with backdoor into deliverable payload, ex: coupling a remote access Trojan
(RAT) to a PDF file - ANS-Weaponization

(LAUNCH THE OPERATION)

delivering a weaponized bundle to the victim, ex: emailing the PDF to targeted user(s) -
ANS-Delivery

(GAIN ACCESS TO VICTIM)

exploiting a vulnerability to execute code on victim's system, ex: PDF file executes malicious
program - ANS-Exploit

(ESTABLISH BEACHHEAD AT THE VICTIM)

installing malware on the asset, ex: RAT installs on machine(s) - ANS-Installation

(REMOTELY CONTROL THE IMPLANTS)

creates an outbound connection to attacker machine to allow hackers to remotely control
machine(s) - ANS-Command and Control

(ACHIEVE THE MISSION'S GOAL)

with 'Hands on Keyboard' access, intruders accomplish their original goals, ex: lateral
movement to domain controller - ANS-Actions on Objectives

linked to courses of action - ANS-the cyber kill chain can provide powerful actionable
intelligence when _

particular measures that can be used for particular stages of an attack - ANS-courses of action
identify _

, 1. Detect,
2. Deny,
3. Disrupt,
4. Degrade,
5. Deceive,
6. Destroy - ANS-6 potential cyber kill chain courses of action

-planning phase
-research to understand which targets will enable them to meet their objectives -
ANS-Reconnaissance: Adversary (description)

1. harvest email addresses
2. identify employees on social media networks
3. collect press releases, contract awards, conference attendee lists
4. discover internet-facing servers - ANS-Reconnaissance: Adversary (4 actions)

-detecting reconnaissance as it happens can be very difficult
-discovering recon (even well after the fact) can reveal the adversaries' intent -
ANS-Reconnaissance: Defender (description)

1. Collect website visitor logs for alerting and historical searching
2. Collaborate with web admins to utilize their existing browser analytics
3. Build detections for browsing behaviors unique to recon
4. Prioritize defenses around particular technologies for people based on recon activity -
ANS-Reconnaissance: Defender (4 actions)

-prep and staging phase
-likely use automated tools for malware generation
-a weaponizer couples malware and exploit into a deliverable payload - ANS-Weaponization:
Adversary (description)

1. Obtain a weaponizer, either in-house or obtain through public or private channels
2. For file-based exploits, select "decoy" document to present to the victim
3. Select backdoor implant and appropriate command and control infrastructure for operation
4. Designate a specific "mission id" and embed in the malware
5. Compile the backdoor and weaponize the payload - ANS-Weaponizer: Adversary (5 actions)

-essential phase for defenders to understand
-though they can't detect weaponization as it happens, they can infer it by analyzing malware
artifacts - ANS-Weaponization: Defender (description)

1. Conduct full malware analysis - not just what payload it drops, but how it was made

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller topgradesdr. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$11.60. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77254 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$11.60
  • (0)
  Add to cart