Certiprof Cyber Security Foundation Exam Answers – CertiProf CSFP Exam Answers

Related Articles

Field Sales Trainee Hiring by Swiggy | Swiggy Jobs | Swiggy Internships

14 hours ago

IBM SkillsBuild Training Program | Google Career Certificate Scholarship Program

2 days ago

Infosys Springboard Fundamentals of Information Security Free Certification Program

2 days ago

Enroll Now: Cyber Security Foundation Certiprof Certification

Follow my Telegram Channel and Whatsapp Group for Free Courses and Certification

Subscribe to my Youtube Channel for updates on free courses , free certifications, scholarships , internships and Job related Content

Certiprof Cyber Security Foundation – CSFPC™ Exam Answers

Question 1: What physical characteristics can affect the usability of security mechanisms?

• Ambient temperature
• Pollution
• Noise
• All of the above

Question 2: __________ reflects on the potential harmful effect of design choices before technological innovations are put into large-scale deployment

• Saltzer and Schroeder Principles
• The Precautionary Principle
• Latent Design Conditions
• NIST Principles

Question 3: One of the main benefits of analyzing the malware structure that may include the libraries and toolkits and coding techniques, we may find some important data that is possibly helpful to attribution.

What is the prime importance of the above-mentioned benefit?

• Which means being able to identify the likely author and operator
• To understand what damage can be done due to the malware program
• To be able to know the amount of data that has been lost or corrupted
• Both B and C are correct, and A is incorrect

Question 4: The process of developing and evaluating options to address exposure is called?

• Threat Management
• Failure Management
• Incident Management
• Risk Management

Question 5: In Security Architecture and Lifecycle “to group users and data into broad categories using role-access requirements, together with formal data classification and user clearance” is part of which step?

• First Step
• Second Step
• Last Step
• Third Step

Question 6: Syslog provides a generic logging infrastructure that constitutes an extremely efficient data source for many uses. This new specification introduces several improvements over the original implementation. A Syslog entry is a timestamped text message coming from an identified source.

What is the information stored in Syslog?

• Timestamp, Hostname, Process, Priority, and PID
• DNS and Routing info, Data security gateway ID
• Authentication ID, Encryption and decryption info, and data privacy flag
• Routers CPU ID, Transport Layer Security protocol info, and Syslog current version

Question 7: According to The US Government NIST guidelines, “Conduct” is the phase where

• Threats, vulnerabilities, likelihood and impact are identified
• Inform about the actions
• Continually update the risk assessment
• Identifying the purpose

Question 8: With regards to large numbers of unique passwords, what is a way to support people in managing them?

• Limit number of characters to 9
• Expire only passwords with more than 6 characters
• Provide flash drives to save a list of passwords
• Use of password managers

Question 9: Systems benefit from a uniform approach to security infrastructure. Which is NOT a part of this approach?

• User Access
• Reconnaissance
• Roles
• Intrusion detection

Question 10: What is a common technique for permitting data processing without risk to individuals?

• Data integrity
• Data integrity
• Anonymization
• Duplicity

Question 11: This method begins by asking “What is the overall goal of the system or enterprise”

• Systems-Theoretic Accident Model and Process (STAMP)
• The Open Group Architectural Framework (TOGAF)
• SABSA
• Dependency Modelling

Question 12: Which of the following options is not an element of Information Security?

• Reliability
• Integrity
• Confidentiality
• Availability

Question 13: _______ allows scholars, engineers, auditors, and regulators to examine how security controls operate to ensure their correctness, or identify flaws, without undermining their security.

• Least common mechanism
• Open design
• Least privilege
• Least access

Question 14: GDPR brought about a significant change in the ______________ jurisdiction of European data protection law

• Territorial prescriptive
• Territorial assertive
• Territorial data protection
• None of the above

Question 15: The pcap library needs the accessibility of a network interface that can be employed in alleged promiscuous mode, which means that interface will recover all packets from the network, even those packets that are not requested to it. Also, it is not required to bind an IP address to the network interface to capture traffic.

Binding of IP address to the network interface is essential to do what?

• General maintenance and traffic monitoring
• Capture traffic
• Security and incident management
• Traffic configuration

Question 16: The privacy knowledge area is structured in different sections, which is consider part of this paradigm?

• As informational control
• As confidentiality
• As transparency
• All of the above

Question 17: Criteria by which usability is assessed?

• Incompetence
• Incapacity
• Indecision
• None of the above

Question 18: Memory-resident malware such that if the computer is rebooted or the infected running program terminates, it no longer exists anywhere on the system and can evade detection by many anti-virus systems that rely on file scanning.

What is the advantage of memory-resident malware?

• It can easily clean up its attack operations right after its execution ANS
• A memory-resident malware has no advantage in the context of hiding its attack operations
• Cleaning up its attacks is possible, but it may require additional malware utilities
• It is difficult to clean up its attack operations if the compromised system is guarded by real-time anti-virus programs

Question 19: What theme is of high relevance regarding the cost versus benefits trade-offs of security to user systems and cybercriminals

• Verification Methods
• Security Architecture
• Security Economics
• None of the above

Question 20: The golden arches of McDonald’s are protected under what intellectual property law?

• Trade secret
• Copyright
• Logo protection
• Trademark

Question 21: Software programs are protected from illegal distribution under what law?

• SPA
• Trade Secret
• Copyright
• Trademark

Question 22: Which is NOT an aspect of Risk Communication with relation to compliance and accountability?

• Involvement
• Education
• Password Policies
• Training and inducement of behavior change

Question 23: Renn defines three basic abstract elements which are at the core of most risk assessment methods. Which element is NOT part of Renn’s definition?

• Possibility of occurrence (uncertainty)
• Combination of outcomes and possibility of occurrence
• Relationship between risk and security
• Outcomes that have an impact on what human’s value

Question 24: Confidentiality based on the __________ of data, is meant to provide a way to control the extent to which an adversary can make inferences about users’ sensitive information

• Encryption
• Coding
• Cryptography
• Obfuscation

Question 25: Which is a type of onion router used to forward data making use of an anonymous communication network?

• Exit
• Entry
• Middle
• All of the above

Question 26: There are many benefits to analyzing malware. First, we can understand the intended malicious activities to be carried out by the malware.

What is the benefit of understanding intended malicious activities?

• This will not allow us to update our network and endpoint sensors to detect and block such activities
• This will help to identify which machines have malware and take corrective actions
• This will let us remove the malware or even completely wiping the computer clean and reinstalling everything
• Both B and C are correct

Question 27: The 1st dimension of our taxonomy is whether malware is a standalone (or, independent) program or just a sequence of instructions to be embedded in another program.

• Complete software and its working depend on the type of compromised Operating system
• It is an incomplete software and is used just for illustration of the Malware program life cycle
• An incomplete program and it needs the help of already installed programs to plan for attack
• A Standalone Malware program is a complete software that can run on its own when installed on a target system and executed

Question 28: Flaws caused by humans frequently arise in design and code which lead to security vulnerabilities. Which discipline has made a big effort in minimizing these faults?

• Information Technology discipline
• CISO
• Security Architecture
• Software Engineering

Question 29: What is a traditional method for obtaining custody of a cybercriminal who is not present within the state?

• Extradition
• Indictment
• Impeachment
• Recrimination

Question 30: The injection of fake data points into data made available in order to hide real samples is called

• Dummy addition
• Data injection
• Suppression
• None of the above

Question 31: The detection issue is a classification job. The assessment of an IDS, therefore, equates the outcome of the detector with the base reality identified to the evaluator, but not to the detector.

  What are the possible outcomes of the detection process?

• True Negatives are normal actions that occur in the trace and should not be stated in alerts by the detector
• True Positives are attack actions that should be stated in alerts by the detector         
• False positives are also known as false alerts & False negatives also known as miss or type II errors
• All of the above

Question 32: Layer 3 information, such as IP addresses, the amount and timing of the data transferred, or the duration of the connection, is accessible to observers even if communications are encrypted or obfuscated.

What type of metadata is this in reference to?

• Traffic metadata
• Network metadata
• Wireshark metadata
• Host based metadata

Question 33: There are two principal approaches to formal modelling

• Mathematical, Statistical
• Computational, Symbolic
• Logical, Mathematical
• Symbolic, Logical

Question 34: Most modern malware uses some form of obfuscation to avoid detection as there is a range of obfuscation techniques and there are tools freely available on the Internet for a malware author to use.

polymorphism can be used to defeat detection methods that are based on ‘signatures’

or patterns of malware code which mean?

• The identifiable malware features are changed to be unique to each instance of the malware
• Malware instances look different from each other, but they all maintain the same malware functionality
• Some common polymorphic malware techniques include packing
• All A, B & C are correct.

Question 35: With reference to law, which school of thought has universally prevailed with state authorities

• Second school
• Third school
• First school
• Harvard University

Question 36: There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence?

• Best evidence
• Corroborative evidence
• Conclusive evidence
• Direct evidence

Question 37: Encrypted traffic, and particularly TLS, is common and TLS guarantees both the validation of the server to the client and the privacy of the exchange over the network. But it is difficult to evaluate the payload of packets. The solution is to put a supplementary dedicated box near to the application server, usually named the Hardware Security Module (HSM).

What is the purpose of HSM?

• The HSM is designed to establish the TLS session beforehand the application server delivers any information
• HSM transfers the burden of establishing the TLS session external to the application server
• TLS secured traffic is encrypted and decrypted at the HSM, and streams in clear to the server, and triggers IDPSes and WAFs to evaluate the traffic
• All the options A, B & C include the working functionality of HSM

Question 38: The analogy between quality management and security is not perfect because the

• Threat environment is not static
• Hardware is not powerful enough
• System security is leaked
• Human errors

Question 39: The early-day malware activities were largely nuisance attacks (such as defacing or putting graffiti on an organization’s web page) but Present-day malware attacks are becoming full-blown cyberwars.

An underground eco-system has also emerged to support what?

• The full malware lifecycle that includes development, deployment, operations, and monetization
• The middle half of the malware lifecycle that includes only deployment & operations
• The 2nd half of the malware lifecycle that includes only operations and monetization
• The 1st half of the malware lifecycle that includes only development & deployment

Question 40: Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.

This supposedly supports the detection of what?

• environmental vulnerability
• 0-day attacks
• economic vulnerability and social vulnerability
• physical and real-time vulnerability

Question 41: “The effectiveness , efficiency and satisfaction with which specified users achieve specified goals in particular environment”

This is the definition of “usability” by

• ANSI
• OWASP
• ISO
• NIST

Question 42: Consist of principles which refer to securitu architecture , precise controls and engineering process management?

• Security Architecture and Design
• Security Capability and Intrinsic Behaviors
• Life Cycle Security
• All of the above

Question 43: ________ is the number of characters that most humans can commit to STM without overload

• 12
• 3
• 7
• 6

Question 44: In a scenario where the data belongs to the sender and the recipient acts as the data process is an example of?

• In house processing
• Outsourcing
• Data processing
• None of the above

Question 45: Component-driven methods are good for

• Bringing together multiple stakeholders views of what a system should and should not do
• Exploiting security breaches which emerge out of the complex interactions of many parts og your system
• Establishing system security requirements before you have decided on the system is exact physical design
• Analysing the risks faced by individua;s technical components

Question 46: “International and national statutory and regulatory requirements , compliance obligations and security ethics including data protections and developing doctrines on cyber warfare “

Which of the following option describes the above – mentioned statement?

• Human Factors
• Privacy & Online Rights
• Risk Management & Governance
• Law & Regulations

Question 47: In SIEM data collection , the transport protocol defines how the alert bilstring is migrated from one place to another .

What are the examples of transport protocols?

• Syslog , IDXP , HTTP or AMQP
• CLNP Connections Networking Protocol & HSRP Hot Standby Router Protocol
• VRRP Virtua; Router Redundancy Protocol &S7 signing protocol
• Ethernet and TCP / Ip

Question 48: _________ is a principle where conditions appear from previous decisions about said systems

• Precautionary Conditions
• Latent Design Conditions
• NIST conditions
• None of the above

Question 49: Which is an incident management functions specific to cybersecurity?

• BAckup and Restore
• Security Monitoring
• Recovery files
• None of the above

Question 50: Which of the following is NOT a core Concept of risk Assessment?

• Impact
• Risk Analysis
• Likelihood
• Vunerability

Question 51: The Domain NAme System translates domain names, significantly bits of text to IP addresses needed for network communications . The DNS protocol is also a regular DDOs enhancer as it is likely for an attacker to impersonate the IP address of a target in a DNS request , this triggering the DNS server to send unwanted traffic to the target

What other protocols are prone to amplification

• S7 Signifing protocol
• NTP Network Time Protocol
• TCP /IP
• ARP

Question 52: Which is not a Good Security Metric?

• consistently measured without subjective criteria
• Cheap to gather prefarbly in an automated way
• Express results with quantitative label units of measure
• Contextually specific and relevant enough to decision makers that they can take a decision

Question 53: Which one is NOT part of the risk governance model?

• Emblematic
• Transparent
• Secisiontic
• Technocratic

Question 54: Which is NOT an aspect of RISK Communication with rekation to compliance and accountability

• Password Policies
• Training and inducement behaviour Change
• Education
• Involvement

Question 55: Which is a valuable framework for the system engineers and who probe deficiencies and vunerabilities within such systems?

• Procedures
• Policies
• IT Service Management
• Code of conduct

Question 56: Which principle states that controls mneed to define and enable operatiosn that can postevily be identified as being in accordance with a security policy and reject all others?

• Penestration testing
• Complete  Mediation
• Open Deisgn
• Fail Safe Defaults

Question 57: Experts Proposed a framework to systematize the attribution efforts of cyberattacks which of the following is NOT a Layer of the framework

• Operational
• Analytical
• Strategic
• Tactical

Question 58: What is the good example of a security measure made ineffective due to its 0.1 % utilization and that has been around for over 20 years?

• Log Management
• Email Encrytion
• Software Encrytion
• Data backup

Question 59: Which of the following is not a NIST security architecture strategy?

• The Referance Monitor Concept
• Defense in Depth
• Isolation
• Behaviour

Question 60: The third Dimension generally applies to only persistent malware based on the layers that include firmware , boot- sector ,operating System kernel , drivers and Application programming Interfaces (APi’s) and user Applications

All the above mentioned layers are presented in which order?

• All are in the order in which they are implemented
• They are in random Order
• in the context of persistent malware the order of system stack layers does nit matter
• All layer of the system slack are mentioned in the ascending order

Question 61: As Netflow was designed by the network equipment providers it is exceptionaaly well implemented in networks and extensively used for network angement jobs . It is Standardized and even nonetheless the commercial names vary alike information is gathered by the manufacturers that are supportive of theis technology.

Controlling Packets to calculate Netflow Counters Requires access to what?

• GPU Designed for visual AI
• Routers CPU
• Transit Gateway CPU

Question 62: Situations where risks are less clear cut there may be a need to include a broadet set of evidence and consider a comparitive approach such as cost benefit analysis or cost eefectiveness . This is all true with regards to

• Ambiguous risks
• Uncertain risks
• Complex Risks
• Routine Risks

Question 63: ____________ is the result of a threat exploitying a vunerability , which has a negative effect on the success on the objectives for which we are assessing the risk

• Impact
• Likelihood
• Attack
• Threat

Question 64: Which of the following is not done by Cyber Criminals?

• Mask Attack using Trojans as Botnets
• Unauthorized accound Access
• Email Spoofing and spamming
• Report vunerability in any system

Question 65: In legal research , this term can refer to any systemaized collection of primary legislation , secondary legislation , model laws or merely a set of rules publised by public or private organizations

• Codes
• Ethics
• Compliance
• Contracts

Question 66: TLS guarantees both the validation to the server to the client and the privacy of the exchange over the network . But it is difficult to evaluate the payload of pockets . The solution is to put a supplementart dedicated box neae to the application server , usually named as Hardware Security Module (HSM)

What is the purpose of HSM?

• The HSM is designed to establish the TLS session beforehand the application server delivers any information
• HSM tranfers the burden of establishing the TLS session ecternal the application server
• TLS secured traffic is encrypted and decrypted at the HSM and strams in clear to the server and triggers IDPSes and WAFs to evaluate the traffic
• All the Options A, B, & C include the working functionality of HSm

Question 67: MAlware essentially Codifies the malicious activities intended by an attacker and can be analyzed using the Cyber Kill Chain Model which represents ( iterations of ) steps typically involved in a cybersttack

What is the forst step in the Cyber Kill Chain Model that Cyber Attackers Follow?

• Establishing a command-and-control channel for attackers to remotely commander the victims system
• Reconnaissance is the 1st step where an attacker identifies or attracts the potential targets by scanning
• Exploiting a vunerability and executing malicious code on the victims system
• The 1st Step is to gain access to the targets by sending crafted input to trigger a vunerability

Question 68: Which concept addresses information flows with different privacy needs depending on the entities exchanging the information or the environment in which it is exchanged.

• PII
• PHI
• Integrity of the information
• Contextual integrity

Question 69: A framework that acknowledges that current systems are interconnected, and provides basis on how to secure them

• NIST
• FAIR
• ISO
• ITIL

Question 70: An adversary cannot determine which candidate a user voted for, this is true for

• Ballot Secrecy
• Ballot anonymity
• Vote confidence
• Vote secrecy

Question 71: The term ’jurisdiction’ is used to refer to a state, or any political sub-division of a state, that has the authority to do?

• Place probable cause
• Address conflict of law
• Enforce laws or regulations
• All of the above

Question 72: Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.

• This supposedly supports the detection of what?
• economic vulnerability and social vulnerability
• environmental vulnerability
• physical and real-time vulnerability
• 0-day attacks

Question 73: _________ is oriented towards operational risk and security practices rather than technology.

• STRIDE
• Attack Trees
• FAIR
• Octave Allegro

Question 74: Cybercrime can be categorized into ________ types

• 3
• 2
• 6
• 4

Question 75: What is the best detection approach when dealing with DDoS

• Include monitoring host activities involved in encryption
• Use the layer 7 capability firewall for detection
• Analyze the statistical properties of traffic
• Look for synchronized activities both in C&C like traffic and malicious traffic

Question 76: Before performing any penetration test, through legal procedure, which key points listed below is not mandatory?

• Type of broadband company used by the firm
• System and network
• Characteristics of work done in the firm
• Know the nature of the organization

Question 77: Capturing the MAC layer is doable but needs an explicit configuration. Capturing the MAC layer is mandatory to identify attacks like ARP poisoning. For the definite categories of industrial control networks that execute right on top of the Ethernet layer, capturing traffic involves adding a node and could change the real-time conventions.

Understanding the information available in the MAC layer requires what?

• The configuration of the network segment to which the collection network interface is attached.
• Understanding of network architecture.
• Design configuration of the whole network interface
• Network configuration in promiscuous mode.

Question 78: As with any process of risk management, a key calculation relates to expected impact, being calculated from some estimate of likelihood of events that may lead to impact, and an estimate of the impact arising from those events.

Which is NOT an element of likelihood?

• Command and control
• Presence of vulnerability
• Nature of the threat
• All of the above

Question 79: Systems benefit from a uniform approach to security infrastructure . Which is NOT a part of this approach?

• Intrusion Detection
• Reconnaisance
• Roles
• user Access

Question 80: Which of the following is not a type of peer-to-peer cyber-crime?

• Injecting trojans to a target victim
• MiTM
• Phising
• Credit Card details mask in deep web

Question 81: Why are chances in passive security indicators often missed by human , particularly if they are on the edges of the screen?

• Humans do not have the physical and mental capacity to review such indicators
• Humans are decting anomates
• Human are busy with alert signals
• Human can only focus on one back at any one time

Question 82: Criteria by which usability is assessed?

• Incompetence
• Incapacity
• indecision
• None of the above

Question 83: The collection,analysis & reporting of digital analysis in  support of incidents or criminal events

• Cryptography
• Adversarial Behaviours
• Law 7 Regulations
• Forensics

Question 84: Which of the following is not a type of cybercrime?

• Forgery
• Data Theft
• Installing antivirus for protection
• Damage to data and systems

Question 85: Experts proposed a framework to systematize the attribution efforts of cyberattacks, which of the following is NOT a layer of this framework

• Operational
• Strategic
• Tactical
• Analytical

Question 86: The very noticeable zone where autonomous network-oriented mitigation is essential is Denial of Service (DoS), and principally large-scale Dis

DDoS attacks have increased ___

• In terms of volume and number of sources
• In the context of vulnerability
• With respect to loss of data
• None of the above

Question 87: A __________ is a machine which is offered as bait to attackers.

• Hub
• Honeypot
• Honeywall
• Honeywell

Question 88: Since the late 1990s, machine learning (ML) has been applied to automate the process of building models for detecting malware and attacks. The benefit of machine learning is its ability to generalize over a population of samples.

Which of the following is an example of machine learning?

• After providing an ML algorithm samples of different malware families for ‘training’, the resultant model can classify new, unseen malware as belonging to one of those families
• Instructions, control flow graphs, and call graphs
• system call sequences and other statistics (e.g., frequency and existence of system calls), system call parameters, data flow graphs & network payload features
• Both B and C are examples of machine learning

Question 89: While browsing the internet David saw the advertisement of a used car in great condition, low miles, and below market price, he contact the car owner and made a small payment upfront before the final delivery. After some time, he didn’t hear back from the car owner. This is an example of?

• Advance Fee Fraud
• Social Media Fraud
• E-Commerce Fraud
• Automobile Fraud

Question 90: Criminals exploit vulnerabilities in organizations websites they disagree with and use them to change the home page of the website to a politically charged one to spread their message. This hacktivism type is called

• Denial of services
• Low Orbit Ion Cannon (LOIC) Program
• Netstrickes
• Web Defacements

Question 91: The source code of the malware is often not available and, therefore, the first step of static analysis is to disassemble malware binary into assembly code and the most commonly used code obfuscation technique is packing.

Packing is part of the malware program?

• Compressing and encrypting part of the malware
• Operating system kernel, drivers, and Application Programming Interfaces (APIs)
• Uncompressed and decrypted part of the malware program
• Static and run-time libraries in n the infected machine

Question 92: There are several types of takedowns to disrupt malware operations. If the malware uses domain names to look up and to communicate with centralized C&C servers.

What is the line of action in the above scenario?

• As the botmaster has little control of the IP address diversity and down-time for compromised machines in a fast-flux network, we can use these features to detect fast-flux
• we perform takedown of C&C domains by ‘sinkhole’ the domains, i.e., making the C&C domains resolve to the defender’s servers so that botnet traffic is ‘trapped’ (that is, redirected) to these servers
• Among the algorithm-generated domains, the botmaster can pick a few to register (e.g., daily) and make them resolve to the C&C servers
• we can partition the P2P botnet into isolated sub-networks, create a sinkhole node, or poison the communication channel by issuing commands to stop the malicious activities

Question 93: If malware is not detected during its distribution state, i.e., a detection system misses its presence in the payloads of network traffic or the filesystem and memory of the end-host, it can still be detected?

• During Packing
• By Applying Dynamic Dataflow
• When It Dissembled
• When It Executes

Question 94: In IDS, _________ are attack events that should be reported in alerts by the detector.

• True Positives (TP)
• True Negatives (TN)
• False positives (FP)
• False negatives (FN)

Question 95: At the core network, MPLS provides an interesting option to mitigate DDoS attacks

• They pass all legitimate traffic through firewall
• They deploy IDS system between links
• They reserve bandwidth and bandwidth usage control for legitimate traffic
• They stop all traffic for some time

Question 96: From a commercial point of view, attack graphs and vulnerability management techniques facilitate risk management and compliance with governance.

As the potential for cyber-attacks surge, and possibly becomes a risk to human life or corporate stability, regulators enforce protection and detection methods to confirm what?

• Network threats are occasionally monitored
• The technical staff is well educated in detecting malware
• Cyber-risk is effectively controlled in organizations
• Top management is properly trained regarding cybersecurity

Question 97: Code-based architecture emulation is Easy to use, Fine-grained introspection, Powerful control over the system state.

As compared to Type1 & Type 2 Hypervisor, what is the main drawback of the machine emulator?

• Low transparency, Unreliability support of architecture semantics.
• Low transparency, Artifacts from paravirtualization
• Less control over the system state
• Lack of fine-grained introspection, Scalability and cost issues, Slower to restore to clean state

Question 98: These are people who are recruited by criminals to perform money laundering operations

• Money Mules
• Contractual Partners
• Outsource Criminal
• White-Hat Hacker

Question 99: Malware analysis is an important step in understanding malicious behaviors and properly updating our attack prevention and detection systems. 

Which of the following employs a wide range of evasion techniques?

• Detecting the analysis environment.
• Obfuscating malicious code
• Trigger-conditions to execute
• Options A, B & C

Question 100: A method for discovering vulnerabilities, bugs and crashes in software by feeding randomized inputs to programs is called

• Concolic Execution
• Fuzzing
• Dynamic analysis
• Static Analysis

Question 101: What is the main problem with Domain Name System (DNS)

• Confidentiality
• Authorization
• Integrity
• Authentication

Question 102: The Security Procedures and Incident Supervision field contain many subjects. From a technical perspective, SOIM requires the capability to witness the activity of an Information System or network, by gathering traces that are illustrative of this activity.

Real-time traces analysis is required to detect what?

• Malicious events
• Internet worms, Browser Hijacker and Web Scripting Virus
• Instant Messaging Worms, Overwrite Virus and File Infector
• Computer worms and Multipartite Virus

Question 103: Which of the following provides a way to reference specific vulnerabilities attached to specific versions of products?

• SRE—
• NIST
• CVE
• CTI

Question 104: Static analysis involves examining the code (source, intermediate, or binary) to assess the behaviors of a program without actually executing it and a wide range of malware analysis techniques fall into the category of static analysis.

What is/are the main limitations of this technique?

• The analysis output may not be consistent with the actual malware behaviors (at runtime)
• It is not possible to precisely determine a program’s behaviors statically (i.e. without the actual run-time input data)
• The packed code cannot be statically analyzed as it is encrypted and compressed data until unpacked into executable code at run-time
• All the above reasons are the main limitations of static analysis–

Question 105: A technique used by cybercriminals where they use multiple servers associated with the Command-and-Control infrastructure and rotate them quickly to make their infrastructure more resilient, is called?

• Rotate Flux
• Fast Flux
• Shut Down Flux–
• Domain Flux

Question 106: _____________ targets a specific organization rather than aiming to launch large-scale attacks.

• Spam and Phish Emails
• PowerShell to Inject Malware
• Advanced Persistent Threats (APTs)
• Distributed Denial-of-Service (DDoS) Attack–

Question 107: What are Potentially Unwanted Programs (PUPs)?

• A kind of malicious .exe file that is downloaded within a movie
• A third-party software that is harmful for Operating Systems–
• A plugin installed in a Web Browser
• A piece of code that is part of a useful program downloaded by a user