When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to block a potential back door creation? (Choose two.)Use HIPS to alert or place a block on common installation paths.Consolidate the number of Internet points of presence.Conduct damage assessment.Audit endpoints to discover abnormal file creations.Establish an incident response playbook.
Question
When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to block a potential back door creation? (Choose two.)Use HIPS to alert or place a block on common installation paths.Consolidate the number of Internet points of presence.Conduct damage assessment.Audit endpoints to discover abnormal file creations.Establish an incident response playbook.
Solution
The two approaches an organization can use to block a potential back door creation, according to the Cyber Kill Chain model, are:
-
Use HIPS (Host Intrusion Prevention System) to alert or place a block on common installation paths: HIPS is a security software that monitors a single host for suspicious activity by analyzing events occurring within that host. In this context, it can be used to alert the organization or block common paths used by attackers to install backdoors.
-
Audit endpoints to discover abnormal file creations: Regularly auditing endpoints can help an organization identify any abnormal or suspicious file creations. This could potentially indicate the presence of a backdoor, as attackers often create new files or modify existing ones to establish a backdoor. By discovering these abnormal file creations, the organization can take steps to remove the backdoor and prevent further security breaches.
Similar Questions
What will a threat actor do to create a back door on a compromised target according to the Cyber Kill Chain model?Add services and autorun keys.Open a two-way communications channel to the CnC infrastructure.Obtain an automated tool to deliver the malware payload.Collect and exfiltrate data.Navigation Bar
Please choose the best answer from the choices belowWhich of the following phases of the cyber kill chain methodology involves the collection of information about the target system or organization from the Internet before initiating an attack?Actions on objectiveReconnaissanceDeliveryInstallation
According to the Cyber Kill Chain model, after a weapon is delivered to a targeted system, what is the next step that a threat actor would take?weaponizationinstallationaction on objectivesexploitation
Which technique is NOT used to break the command and control – CnC - phase of the Cyber Kill Chain®?1 pointBlocking outbound traffic to known malicious sites and IP addressesDNS sinkholingVulnerability and Patch ManagementDNS poisoning
A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet. To which attack phase do these activities belong according to the Cyber Kill Chain model?weaponizationreconnaissanceaction on objectivesexploitationNavigation Bar
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.