CyberOps Associate Security Concepts Questions

Correct Answer: The phase where the attacker pairs an exploit with a backdoor.
Explanation: The weaponization phase involves creating a deliverable "weapon" by combining a remote-access Trojan or backdoor with an exploit.

Correct Answer: Process Explorer Explanation: Process Explorer is a powerful tool from Microsoft's Sysinternals suite. It provides a more detailed view of running processes than the built-in Task Manager, showing information like DLLs loaded, open files, and network connections.

Correct Answer: Firewall
Explanation: A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's pre-established security policies.

Correct Answer: To create a unique, fixed-size string of characters from data to ensure its integrity
Explanation: A hash function takes an input (data) and produces a fixed-size output (the hash). A key property of a good hash function is that a small change in the input produces a drastically different output, making it useful for verifying data integrity.

Correct Answer: Brute-force attack
Explanation: A brute-force attack involves an attacker repeatedly trying to guess a password. Account lockout policies are a defense mechanism designed to prevent this by temporarily disabling an account after too many incorrect password attempts.

Correct Answer: Monitoring and controlling data as it moves through the network to prevent sensitive information from being exfiltrated
Explanation: DLP solutions are designed to prevent unauthorized disclosure of sensitive data. They do this by inspecting and monitoring data in use, in motion, and at rest to ensure it is not being improperly shared or exfiltrated.

Correct Answer: The memory (RAM)
Explanation: Volatile data is information that is lost when a system is powered down. RAM holds a vast amount of live data, including running processes and network connections, and is the most volatile. It must be collected first in a forensic investigation before the system is turned off.

Correct Answer: To automate and streamline security operations tasks, such as incident response workflows
Explanation: A SOAR platform is designed to help security teams by automating repetitive tasks, orchestrating complex workflows, and integrating disparate security tools to respond to incidents more quickly and efficiently.

Correct Answer: Xmas scan
Explanation: An Xmas scan sets the FIN, PSH, and URG flags in a TCP packet header. If the port is open, the target's operating system drops the packet. If the port is closed, the system sends an RST packet back. It's called an "Xmas" scan because the flags are "all lit up."

Correct Answer: A Trojan horse is a malicious program that disguises itself as a legitimate file, whereas a virus attaches itself to a host program and requires user action to spread.
Explanation: The key distinction is their method of propagation. A Trojan horse relies on deception to trick a user into executing it, while a virus actively infects other files or programs to spread.