Question 1

A security firm hires a new cybersecurity analyst. The CIO mentions that he hired the candidate due to having exceptional soft skills. Which relevant skills to the position does the CIO refer to? Select all that apply.

A.Creative thinking

B.Problem solving

C.Software development

D.Information protection

**  Soft skills are just as important as technical skills. Creative thinking skills allow an individual to envision and consider different approaches to an issue at hand.

Problem solving skills are useful in approaching and considering a resolution to an incident. Such skills allow for an individual to consider all possibilities, both traditional and non-traditional, and the steps required within to remedy a situation.

Software development is a technical skill required to create functional software applications.

Information protection refers to the steps and processes that enable the safekeeping and security of electronic data **

Question 2

A security firm establishes an office in a new building. In the office, security analysts monitor and manage client systems for security concerns. The office functions as which type of facility?

  1. ISAC
  2. NOC
  3. SOP
  4. SOC

** A Security Operations Center (SOC) is a location where security professionals monitor and protect critical information assets in an organization.

Information Sharing and Analysis Centers (ISAC) gather and produce data from member systems in sector-specific areas. The resulting data is highly industry-specific and relevant in researching threat intelligence.

A Network Operations Center (NOC) is a location where personnel monitor and maintain the health of server systems, including communication and connectivity.

A Standard Operating Procedure (SOP) is a set of documented steps and notes used as a guideline for a process. **

Question 3

A client asks a security analyst to construct a security plan for a small business. The resulting plan outlines several suggested controls. One such control is the placement of a security guard outside of a high-profile datacenter. Evaluate the control classes and determine which one the analyst specifies.

  1. Managerial
  2. Technical
  3. Operational
  4. Detective

** People, rather than systems, implement an operational control. For example, security guards and training programs are operational controls.

A managerial control gives oversight of the information system. Examples could include risk identification or a tool allowing the evaluation of other controls.

Systems (hardware, software, or firmware), implement a technical control. For example, firewalls, anti-virus software, and OS access control models are technical controls.

A detective control is a functional control that may not prevent or deter access. It will identify and record any attempted or successful intrusion. A system log is an example of a detective control. **

Question 4

A technology firm configures a backup system that protects several Windows servers. The backup runs a full job once over the weekend, and differential jobs, daily, during the week. In the event of an attack on a system, which security function does the backup system perform?

  1. Corrective
  2. Preventative
  3. Detective
  4. Compensating

** After an attack, a system uses a corrective control. A good example is a backup system that can restore data damaged during an intrusion.

A preventive control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place. An access control list (ACL) is an example of a preventive control.

A detective control may not prevent or deter access, but it will identify and record any attempted or successful intrusion. A detective control operates during the progress of an attack. Systems logs are an example of a detective control.

A compensating control serves as a substitute for a principal control, as recommended by a security standard, and affords the same (or better) level of protection. **

Question 5

The IT department at a medium-sized manufacturer, deals with cyber threats daily. In response to the growing level of malicious activity, the IT manager establishes guidelines based on the security intelligence lifecycle. Which phase of the lifecycle does the IT manager use to distribute information to executives?

  1. Feedback
  2. Dissemination
  3. Analysis
  4. Collection

** The dissemination phase refers to publishing information produced by analysis, to consumers who need to act on the insights developed.

The final phase of the cycle is one of feedback and review, utilizing the input of both intelligence producers and intelligence consumers. A goal of this phase is to improve the implementation of the requirements.

Once the system captures and normalizes the data, admin analyzes the data to identify anomalies that may point to a potential problem.

Software suites usually implement the lifecycle collection, such as security information and event management (SIEM). **

Question 6

The CIO of a financial datacenter creates a threat assessment matrix. Which factor helps to identify threats as they relate to specific industries?

  1. Timeliness
  2. Accuracy
  3. Confidence
  4. Relevancy

** Some threat intelligence sources highly focus on specific industries, such as healthcare, and the insights generated may not be as relevant to other sectors.

Threats diminish or change and evolve. Admin should make assessments as to whether an intelligence source can research and disseminate updates in a timely manner.

Accuracy means showing that any information produced is validated and true. Accuracy can also refer to whether any intelligence is of a general or specific nature.

When publishing a data point or analyst observation, the act of publishing lends the point a certain authority. **

Question 7

The IT security engineer at a large auto dealership implements tools to monitor and detect attempted attacks that are specific and relevant to the organization. Evaluate the varying approaches and determine which one the engineer utilizes when implementing such tools.

  1. Acquiring information about attacks suffered by organizations working in similar industries.
  2. Establishing an up-to-date model of threat sources and their motivations, capabilities, and tactics.
  3. Identifying previously unrecognized sources of vulnerabilities.
  4. Using threat intelligence to identify priorities for remediation.

** Acquiring relevant information about attacks suffered by organizations in similar industries improves automated detection and monitoring systems, although some increased risk of false positive alerts and notifications may occur.

Strategic threat intelligence is important for establishing an up-to-date model of threat sources and actors, and their motivations, capabilities, and tactics. Security has used this model as part of a risk management framework.

At a strategic level, threat intelligence can identify previously unrecognized sources of vulnerabilities, such as embedded systems, Internet of Things (IoT) home automation devices, deep fakes, and more.

At an operational level, threat intelligence can identify priorities for remediation, such as a campaign targeting a vulnerability in web server software. **

Question 8

Management at a large legal firm establishes a policy that warns of legal penalties for unauthorized access to any internal computer system. Considering security controls and their functions, which safeguard does management put in place?

  1. Detective
  2. Compensating
  3. Deterrent
  4. Preventative

** A deterrent control may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion. This could include signs and warnings of legal penalties.

A detective control may not prevent or deter access, but it will identify and record any attempted or successful intrusion. A detective control operates during the progress of an attack. Systems logs are an example of a detective control.

A compensating control serves as a substitute for a principal control, as recommended by a security standard, and affords the same (or better) level of protection.

A preventive control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place. An access control list (ACL) is an example of a preventive control. **

Question 9

Which of the following formats are typically produced by cyber threat intelligence? Select all that apply.

  1. Vulnerability management
  2. Narrative reports
  3. Security engineering
  4. Data feeds

** Narrative reports can contain analysis of certain adversary groups, or a malware sample provided as a written document. These provide valuable information and knowledge, but only in a format assimilated manually by analysts.

Data feeds may contain lists of known bad indicators, such as domain names or IP addresses associated with spam or distributed denial of service (DDoS) attacks, or hashes of exploit code.

Admins can use Vulnerability Management to provide ongoing monitoring and analysis of vulnerabilities.

Security engineering focuses on the design and architecture of hardware, software, and network platforms to reduce their attack surface. **

Question 10

90.0% completeQuestion

The security intelligence lifecycle includes the process of identifying anomalies that may point to a potential problem. In which phase does this activity take place?

  1. Feedback
  2. Analysis
  3. Dissemination
  4. Collection

** Once a system captures and normalizes data, an admin uses analysis to identify anomalies that may point to a potential problem.

The final phase of the cycle is one of feedback and review, utilizing the input of both intelligence producers and intelligence consumers. A goal of this phase is to improve the implementation of the requirements.

The dissemination phase refers to publishing information produced by analysis to consumers who need to act on the insights developed.

Software suites usually implement the collection phase in the life cycle, such as security information and event management (SIEM). **