Exam (elaborations)
SANS 515 QUESTIONS AND ANSWERS 2024
- Course
- Institution
Exam of 9 pages for the course SANS at SANS (SANS 515)
[Show more]
Content preview
SANS 515Supply Chain Backdoor - answer Combines 1st Stage Delivery and Exploitation phases
Stuxnet: Host Observables – answer DLL Injection: Lsass.exe, winlogon.exe,
svchost.exe
Registry Key Modification: new registry: mrxnet, 19790509
Multiple Files Dropped: oem7a.pnf, mdmeric3.pnf, mrxnet.sys, mrxcls.sy
Infected Project File: S7tgtopx.exe
USB Jumping: USB Loader~WTR4141.tmp, Delete after 3 jumps
Sliding Scale of Cyber Security - answer Architecture, Passive Defense, Active
Defense, Intelligence, Offense
Active Defense Influences - answer Mao Zedong: On Guerrilla Warfare
General Depuy: The Army's FM 100-5
Guiding Principles of Mao
1. No provocation of the enemy
2. No military bases on foreign soil
3. No seizure of enemy land
Active Cyber Defense Cycle - answer Threat Intelligence Consumption -> Visibility ->
Threat Detection -> Incident Response -> Threat & Environment Manipulation
WinCC - answer Siemens WinCC SCADA Monitoring was used to sync - easily
detectable on the network
What is intelligence? - answerBoth a Product and a Process: Analyzed information
about a competitive entity that fulfills a requirement
Intelligence Life Cycle - answer1. Planning and Direction
2. Collection
3. Process and Exploitation
4. Analysis and Production
5. Dissemination and Integration
6. Evaluation and Feedback
Field of View Bias - answerOperational Environment (location of collection) and
Intelligence Requirements yield a "field of view".
What is a threat? - answerThreat can be established by evaluating Capability + Intent +
Opportunity.
, 1. Hostile Intent + Capability = impending
2. Capability + Opportunity = potential
3. Hostile Intent + Opportunity = insubstantial
Intended Audience - answerThe intended audience and their goals determine the type
of threat intelligence
1. Strategic
2. Operational
3. Tactical
The ACH Process - answer1. Hypothesis: Identify all potential hypotheses
2. Evidence: List all evidence and arguments
3. Diagnostics: Use a matrix to apply evidence to the hypotheses
4. Refinement: Review findings, gaps, and any needed evidence
5. Inconsistency: Determine feasibility of hypotheses
6. Sensitivity: How would the hypotheses be impacted if certain key evidence were
wrong?
7. Conclusion and evaluation: Determine the best hypotheses
The ICS Cyber Kill Chain Process - answerStage 1:
1. Research
2. 1st Stage Delivery
3. Exploitation
4. C2
5. Exfiltration
Stage 2:
1. Tailored Capability
2. 2nd Stage Delivery
3. Impact
Traffic Light Protocol - answer1. TLP Red: Named recipients only
2. TLP Amber: Limited distribution on need-to-know basis
3. TLP Green: Community wide distribution; you define community
4. TLP White: No restrictions and can be posted online
Threat Pool - answerSunny Side up Egg of Doom slide:
ICS Capable Threat Actor Pool in the middle. Branching to the right showing IT Attacks
that can impact ICS with actors, tools, and skills increasing
The Information Attack Space - answer1. Information attack space is the opportunity in
the threat category
2. Common aspects for ICS include:
1. Publicly searchable information such as new projects and mergers
2. Internet-connected control systems
3. Users posting externally on social media and job sites
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
72001 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now