100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SANS 515 QUESTIONS AND ANSWERS 2024 $13.99   Add to cart

Exam (elaborations)

SANS 515 QUESTIONS AND ANSWERS 2024

 9 views  0 purchase
  • Course
  • SANS
  • Institution
  • SANS

Exam of 9 pages for the course SANS at SANS (SANS 515)

Preview 2 out of 9  pages

  • August 3, 2024
  • 9
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • SANS
  • SANS
avatar-seller
julianah420
SANS 515

Supply Chain Backdoor - answer Combines 1st Stage Delivery and Exploitation phases

Stuxnet: Host Observables – answer DLL Injection: Lsass.exe, winlogon.exe,
svchost.exe
Registry Key Modification: new registry: mrxnet, 19790509
Multiple Files Dropped: oem7a.pnf, mdmeric3.pnf, mrxnet.sys, mrxcls.sy
Infected Project File: S7tgtopx.exe
USB Jumping: USB Loader~WTR4141.tmp, Delete after 3 jumps

Sliding Scale of Cyber Security - answer Architecture, Passive Defense, Active
Defense, Intelligence, Offense

Active Defense Influences - answer Mao Zedong: On Guerrilla Warfare
General Depuy: The Army's FM 100-5
Guiding Principles of Mao
1. No provocation of the enemy
2. No military bases on foreign soil
3. No seizure of enemy land

Active Cyber Defense Cycle - answer Threat Intelligence Consumption -> Visibility ->
Threat Detection -> Incident Response -> Threat & Environment Manipulation

WinCC - answer Siemens WinCC SCADA Monitoring was used to sync - easily
detectable on the network

What is intelligence? - answerBoth a Product and a Process: Analyzed information
about a competitive entity that fulfills a requirement

Intelligence Life Cycle - answer1. Planning and Direction
2. Collection
3. Process and Exploitation
4. Analysis and Production
5. Dissemination and Integration
6. Evaluation and Feedback

Field of View Bias - answerOperational Environment (location of collection) and
Intelligence Requirements yield a "field of view".

What is a threat? - answerThreat can be established by evaluating Capability + Intent +
Opportunity.

, 1. Hostile Intent + Capability = impending
2. Capability + Opportunity = potential
3. Hostile Intent + Opportunity = insubstantial

Intended Audience - answerThe intended audience and their goals determine the type
of threat intelligence
1. Strategic
2. Operational
3. Tactical

The ACH Process - answer1. Hypothesis: Identify all potential hypotheses
2. Evidence: List all evidence and arguments
3. Diagnostics: Use a matrix to apply evidence to the hypotheses
4. Refinement: Review findings, gaps, and any needed evidence
5. Inconsistency: Determine feasibility of hypotheses
6. Sensitivity: How would the hypotheses be impacted if certain key evidence were
wrong?
7. Conclusion and evaluation: Determine the best hypotheses

The ICS Cyber Kill Chain Process - answerStage 1:
1. Research
2. 1st Stage Delivery
3. Exploitation
4. C2
5. Exfiltration
Stage 2:
1. Tailored Capability
2. 2nd Stage Delivery
3. Impact

Traffic Light Protocol - answer1. TLP Red: Named recipients only
2. TLP Amber: Limited distribution on need-to-know basis
3. TLP Green: Community wide distribution; you define community
4. TLP White: No restrictions and can be posted online

Threat Pool - answerSunny Side up Egg of Doom slide:
ICS Capable Threat Actor Pool in the middle. Branching to the right showing IT Attacks
that can impact ICS with actors, tools, and skills increasing

The Information Attack Space - answer1. Information attack space is the opportunity in
the threat category
2. Common aspects for ICS include:
1. Publicly searchable information such as new projects and mergers
2. Internet-connected control systems
3. Users posting externally on social media and job sites

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

72001 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.99
  • (0)
  Add to cart