Detection and Response: Quiz 5

Detection and Response: Quiz 5

Professional Development

14 Qs

quiz-placeholder

Similar activities

M365 Security Pillar 1 (Identity & Access Management)

M365 Security Pillar 1 (Identity & Access Management)

Professional Development

10 Qs

Cloud computing

Cloud computing

Professional Development

10 Qs

aXQtMjktMTEtMjAyMg==

aXQtMjktMTEtMjAyMg==

Professional Development

10 Qs

CHFI-Post-Assessment

CHFI-Post-Assessment

Professional Development

10 Qs

Cycle 4: Session 8 Review.

Cycle 4: Session 8 Review.

Professional Development

12 Qs

Jarkom

Jarkom

1st Grade - Professional Development

11 Qs

Day 1 - Basics of Java

Day 1 - Basics of Java

Professional Development

14 Qs

Roblox z Lua 10-12 - II QUIZ

Roblox z Lua 10-12 - II QUIZ

Professional Development

10 Qs

 Detection and Response: Quiz 5

Detection and Response: Quiz 5

Assessment

Quiz

Computers

Professional Development

Practice Problem

Hard

Created by

John Coder

FREE Resource

AI

Enhance your content in a minute

Add similar questions
Adjust reading levels
Convert to real-world scenario
Translate activity
More...

14 questions

Show all answers

1.

FILL IN THE BLANK QUESTION

1 min • 1 pt

During the Detection and Analysis Phase of the incident response lifecycle, security teams are notified of a possible incident and work to inve_________ and ver_________ the incident by collecting and analyzing data. As a reminder, ? refers to the prompt discovery of security events and ? involves the investigation and validation of alerts.

2.

FILL IN THE BLANK QUESTION

1 min • 1 pt

Threat hunting is the proa___________ search for threats on a network. Security professionals use threat hunting to uncover malicious activity that was not identified by detection tools and as a way to do further analysis on detections. Threat hunting is also used to detect threats before they cause damage. For example, fileless malware is difficult for detection tools to identify. It’s a form of malware that uses sophisticated evasion techniques such as hiding in memory instead of using files or applications, allowing it to bypass traditional methods of detection like signature analysis. With threat hunting, the combination of active human analysis and technology is used to identify threats like fileless malware.

3.

FILL IN THE BLANK QUESTION

1 min • 1 pt

Organizations can improve their detection capabilities by staying updated on the evolving threat landscape and understanding the relationship between their environment and malicious actors. One way to understand threats is by using threat intelligence, which is evi________-based threat information that provides context about existing or emerging threats.

4.

FILL IN THE BLANK QUESTION

1 min • 1 pt

Threat intelligence can come from private or public sources like:

indu_________ reports: These often include details about attacker's tactics, techniques, and procedures (TTP).

government advisories: Similar to industry reports, government advisories include details about attackers' TTP.

threat data fe______: Threat data fe______ provide a stream of threat-related data that can be used to help protect against sophisticated attackers like advanced persistent threats (APTs). APTs are instances when a threat actor main________ unauthorized access to a system for an extended period of time. The data is usually a list of indicators like IP addresses, domains, and file hashes.

5.

FILL IN THE BLANK QUESTION

1 min • 1 pt

Cyber deception involves techniques that deliberately deceive malicious actors with the goal of increasing detection and improving defensive strategies.

Honeypots are an example of an active cyber defense mechanism that uses deception technology. Honeypots are systems or resources that are created as dec________ vulnerable to attacks with the purpose of attracting potential intruders. For example, having a fake file labeled Client Credit Card Information - 2022 can be used to capture the activity of malicious actors by tricking them into accessing the file because it appears to be legitimate. Once a malicious actor tries to access this file, security teams are alerted.

6.

FILL IN THE BLANK QUESTION

1 min • 1 pt

Indicators of comp___________ are observable evidence that suggests signs of a potential security incident. IoCs chart specific pieces of evidence that are associated with an attack, like a file name associated with a type of malware. You can think of an IoC as evidence that points to something that's already happened, like noticing that a valuable has been stolen from inside of a car.

7.

FILL IN THE BLANK QUESTION

1 min • 1 pt

Indicators of at_______ (IoA) are the series of observed events that indicate a real-time incident. IoAs focus on identifying the behavioral evidence of an threat actor, including their methods and intentions.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Google

Continue with Google

Email

Continue with Email

Classlink

Continue with Classlink

Clever

Continue with Clever

or continue with

Microsoft

Microsoft

Apple

Apple

Others

Others

Already have an account?