Explanation: In the command and control phase of the Cyber Kill Chain, the threat actor establishes command and control (CnC) with the target system. With the two-way communication channel, the threat actor
is able to issue commands to the malware software installed on the target
.
What is the main purpose of exploitation by a threat actor through the weapon delivered to a target during the Cyber Kill Chain exploitation phase?
Exploitation: The threat actor uses the weapon delivered
to break the vulnerability and gain control of the target
. 5. Installation: The threat actor establishes a backdoor into the system to allow for continued access to the target.
What is the objective the threat actor in establishing a two way communication?
Explanation: In the command and control phase of the Cyber Kill Chain, the threat actor establishes command and control (CnC) with the target system. With the two-way communication channel, the threat actor
is able to issue commands to the malware software installed on the target
.
What is the purpose of the policy element in a computer security incident response capability of an organization as recommended by NIST?
What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?
It provides a roadmap for maturing the incident response capability
. It details how incidents should be handled based on the organizational mission and functions.
Which meta feature element in the diamond model describes tools and information?
Which meta-feature element in the Diamond Model describes information gained by the adversary? Explanation: The meta-feature element results are
used
to delineate what the adversary gained from the intrusion event.
What are two security implementations that use biometrics?
- voice recognition.
- fob.
- phone.
- fingerprint.
- credit card. Explanation: Biometric authentication can be used through the use of a fingerprint, palm print, and facial or voice recognition.
What information is gathered by the Csirt to determine the scope of a security incident?
What information is gathered by the CSIRT when determining the scope of a security incident? Explanation: The scoping activity performed by the CSIRT after an incident
determines which networks, systems, or applications are affected
; who or what originated the incident; and how the incident is occurring.
What is the last stage of Cyber Kill Chain?
The Cyber Kill Chain consists of 7 steps: Reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally,
actions on objectives
.
What are the seven 7 steps of the Cyber Kill Chain?
- Step 1: RECONNAISSANCE. Harvesting email addresses, conference information, etc. …
- Step 2: WEAPONIZATION. …
- Step 3: DELIVERY. …
- Step 4: EXPLOITATION. …
- Step 5: INSTALLATION. …
- Step 6: COMMAND AND CONTROL. …
- Step 7: Actions on Objectives.
What is an example of Cyber Kill Chain?
One example is
Lockheed Martin’s Cyber Kill Chain framework
which was developed as part of the Intelligence Driven Defense model for identification and prevention of cyberattacks and data exfiltration. The term ‘kill chain’ originates from the military and defines the steps an enemy uses to attack a target.
What is the incident response life cycle?
The NIST incident response lifecycle breaks incident response down into four main phases:
Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-Event Activity
.
What is the most important aspect of incident response?
The most important aspect of incident response is
a well-documented and approved response plan
.
What are the two types of security incidents?
- Brute force attacks—attackers use brute force methods to breach networks, systems, or services, which they can then degrade or destroy. …
- Email—attacks executed through an email message or attachments. …
- Web—attacks executed on websites or web-based applications.
What is the main purpose of cyberwarfare?
What are the goals of cyberwarfare? According to the Cybersecurity and Infrastructure Security Agency, the goal of cyberwarfare is
to “weaken, disrupt or destroy” another nation
. To achieve their goals, cyberwarfare programs target a wide spectrum of objectives that might harm national interests.
Which approach can help block potential malware?
Which approach can help block potential malware delivery methods, as described in the Cyber Kill Chain model, on an Internet-facing web server?
Build detections for the behavior of known malware
. Collect malware files and metadata for future analysis. Analyze the infrastructure path used for files.
What are two monitoring tools that capture network traffic and forward it to network monitoring devices?
Answers Explanation & Hints:
A network tap
is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and forwards all traffic including physical layer errors to an analysis device.
