Module 4 Endpoint App Dev Security EXAM 2023 REAL EXAM QUESTIONS AND CORRECT ANSWERS(VERIFIED ANSWERS)|AGRADE
0 view 0 purchase
Course
Endpoint App Dev Security
Institution
Endpoint App Dev Security
Module 4 Endpoint App Dev Security EXAM 2023 REAL EXAM QUESTIONS AND CORRECT ANSWERS(VERIFIED ANSWERS)|AGRADE
Key risk indicators (KRIs) - Answer -a metric of the upper and lower bounds of specific indicators of normal network activity.
- indicators may include the total network logs per second...
Module 4 Endpoint App Dev Security
EXAM 2023 REAL EXAM QUESTIONS AND CORRECT
ANSWERS(VERIFIED ANSWERS)|AGRADE
Key risk indicators (KRIs) - Answer -a metric of the upper and lower bounds of specific
indicators of normal network activity.
- indicators may include the total network logs per second, number of failed remote
logins, network bandwidth, and outbound email traffic
- one of these that exceeds its normal bounds could be an indicator of compromise
(IOC)
An IOC (indicator of compromise) occurs when what metric exceeds its normal bounds?
- Answer -The KRI (key risk indicator)
indicator of compromise (IOC) - Answer -An indicator that malicious activity is occurring
but is still in the early stages.
- making this info available to others can prove to be of high value as it may indicate a
common attack that other organizations are also experiencing or will soon experience.
- this info aids others in their predictive analysis or discovering an attack before it occurs
predictive analysis - Answer -An evaluation used for discovering an attack before it
occurs.
- indicators of compromise (IOCs) are used to aid in this
- helps determine when and where attacks may occur.
open source information - Answer -Anything that could be freely used without
restrictions.
- category of threat intelligence sources
open source threat intelligence information (OSINT) - Answer -threat intelligence
information that is freely available to the public
public information sharing centers - Answer -A repository by which open source
cybersecurity information is collected and disseminated.
- ex. the U.S. Department of Homeland Security (DHS) Cyber Information Sharing and
Collaboration Program (CISCP)
- enables actionable, relevant, and timely unclassified information exchange through
trusted public-private partnerships across all critical infrastructure sectors.
- enables its members to not only share threat and vulnerability information but also
take advantage of the DHS's cyber resources
two major concerns around public information sharing centers - Answer -1. the privacy
of shared information
, - An organization that is the victim of an attack must be careful not to share proprietary
or sensitive information
2. the speed at which the information is shared
- automated indicator sharing (AIS) can help speed up the distribution of threat
intelligence information
automated intelligence sharing (AIS) - Answer -A technology that enables the exchange
of cyberthreat indicators between parties through computer-to-computer
communication.
- NOT email communication
- Threat indicators such malicious IP addresses or the sender address of a phishing
email can be quickly distributed to enable others to repel these attacks.
- Those participating in AIS generally are connected to a managed system controlled by
the public information sharing center that allows bidirectional sharing of cyberthreat
indicators. Not only do participants receive indicators, but they can also share indicators
they have observed in their own network defenses to the public center
- 2 tools facilitate this:
1. structured threat information expression (STIX)
2. trusted automated exchange of intelligence information (TAXII)
Structured Threat Information Expression (STIX) - Answer -A language and format used
to exchange cyberthreat intelligence.
- All information about a threat can be represented with objects and descriptive
relationships.
- information can be visually represented for a security analyst to view or stored in a
lightweight format to be used by a computer.
Trusted Automated Exchange of Intelligence Information (TAXII) - Answer -An
application protocol for exchanging cyberthreat intelligence over Hypertext Transfer
Protocol Secure (HTTPS).
- defines an application protocol interface (API) and a set of requirements for clients and
servers exchanging cybersecurity threat information
closed source information - Answer -Proprietary information owned by an entity that has
an exclusive right to it.
- Organizations that are participants in this are part of private information sharing
centers that restrict both access to data and participation
private information sharing centers - Answer -Organizations participating in closed
source information that restrict both access to data and participation.
- are similar to public sharing centers in that members share threat intelligence
information, insights, and best practices, private sharing centers are restrictive
regarding who may participate.
- All candidates must go through a vetting process and meet certain criteria.
, (T/F) AIS is used more extensively with public information sharing centers than private
centers. - Answer -true
vulnerability database - Answer -A repository of known vulnerabilities and information as
to how they have been exploited.
- These databases create "feeds" of the latest cybersecurity incidences.
- Common cybersecurity data feeds include vulnerability feeds that provide information
on the latest vulnerabilities and threat feeds that outline current threats and attacks
- Source of Threat Intelligence
adversary tactics, techniques, and procedures (TTP) - Answer -a database of the
behavior of threat actors and how they orchestrate and manage attacks.
- Source of Threat Intelligence
threat map - Answer -An illustration of cyberthreats overlaid on a diagrammatic
representation of a geographical area.
- help in visualizing attacks and provide a limited amount of context of the source and
the target countries, the attack types, and historical and near real-time data about
threats.
- may look impressive, but in reality, they provide limited valuable information.
- Many maps claim that they show data in real time, but most are simply a playback of
previous attacks.
- Because threat maps show anonymized data, it is impossible to know the identity of
the attackers or the victims.
- many cybersecurity professionals question the value of these
- Source of Threat Intelligence
File and code repositories - Answer -A storage area in which victims of an attack can
upload malicious files and software code that can then be examined by others to learn
more about these attacks and craft their defenses.
- Several entities of the U.S. government—including the Federal Bureau of Investigation
(FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department
of Defense (DoD) U.S. Cyber Command—are particularly active in posting to these
- Often samples of recently discovered malware variants are uploaded to the VirusTotal
malware aggregation repository along with published detailed malware analysis reports
(MARs) containing IOCs for each malware variant.
- Source of Threat Intelligence
clear web - Answer -includes ordinary websites (social media, ecommerce, news, etc.)
that most users access regularly and can be located by a search engine
deep web - Answer -includes exclusive and protected websites (corporate email,
material behind a digital paywall, cloud hosting services, etc.) that are hidden from a
search engine and cannot be accessed without valid credentials
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NURSINGSTUDYSTORE. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.89. You're not tied to anything after your purchase.
