CCT 157: Practice CISSP Questions - AI in Cybersecurity and Digital Forensics (Domain 7)

Jul 11, 2024
CISSP Cyber Training
CCT 157: Practice CISSP Questions - AI in Cybersecurity and Digital Forensics (Domain 7)
21:30
 

Can AI revolutionize your cybersecurity career? Join me, Sean Gerber, on today's thrilling episode of the CISSP Cyber Training Podcast as we uncover the transformative impact of artificial intelligence on cybersecurity jobs, based on a revealing article by Joe McKendrick from ZDNet. With 88% of cybersecurity professionals predicting AI will change their roles and 82% believing it will enhance efficiency, it's clear that adaptation is key. We'll also discuss the alarming report on 10 billion leaked passwords and why password managers are now more crucial than ever for maintaining robust security.

But that's not all—prepare yourself for an in-depth exploration of incident response and digital forensics, from identifying breaches to system recovery. We'll talk about the importance of data acquisition, the strategic use of honeypots, and the necessity of write blockers in maintaining evidence integrity. Plus, discover the pivotal role of log files in tracking malicious activities. Finally, I'll share my personal journey with the CISSP exam and the invaluable CISSP Cyber Training Blueprint, designed to help you conquer the certification with structured and tailored study plans. This episode is a goldmine of insights and practical advice for anyone looking to elevate their cybersecurity career.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

TRANSCRIPT

Speaker 1:  

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go.

Speaker 2:  

Let's go. Cybersecurity knowledge. All right, let's get started. Good morning everyone. This is Sean Kerber with CISSP Cyber Training, and hope you all are having a blessed day today. Today is the wonderful CISSP Question Thursday, and today we're gonna be talking about various questions related to domain seven of the CISSP exam.

Speaker 2:  

But before we get started, one thing I wanted to talk about is a couple articles that I saw today in the news and thought you might see some value in them. The first one is an article from ZDNet. It's by a gentleman by the name of Joe McKendrick and he basically mentions that will AI take the wind out of cybersecurity job growth? And they're talking about how artificial intelligence could potentially I mean, it's one of those catchy titles to get you to click on it and go dig deeper but they're talking about AI and its ability to affect cybersecurity jobs. Well, they just did a a what do they call it? A survey of folks at ISC squared you know it's part of the folks that deal with the CISSP and they mentioned the fact that asking individuals, do they feel their jobs would be impacted through the use of AI within their environment? Well, one of the things that's coming in is that you know, we know that cybersecurity's job growth has been very stellar for many years and it's only going to continue. And they're saying in this one article, in this article specifically, that from the Bureau of Labor and Statistics that they're expecting between 2022 and 2032, that there's going to be a 30% growth in the average cybersecurity job. They're going to continue to grow. So what it's also saying through CyberSeek if you guys haven't gone there, it's pretty cool. It tells you what different job openings are available around the country. Pretty cool. It tells you what different job openings are available around the country. There are close to around 470 openings in cybersecurity jobs, but it says only 85 of these openings are filled at this time. So about 15% are open and so the interesting part of that, those are new ones that are coming out. So that's a half a million jobs that are going to be potentially that are available for folks that need to get into cybersecurity roles and I know I get called all the time for roles that people are trying to ask me to apply for.

Speaker 2:  

Well, when it comes right down to it, in this article they interviewed the folks from ISC Squared, or actually some people that held different certifications with ISC Squared, and of the 1,100 people they had stated that around 88% said that they believe that AI will significantly impact jobs over the next few years, and that's a given right. We all know that that was going to happen, and I feel that if you're in security, you should embrace AI, especially as it relates to your job, because if you don't, you probably won't have a job in the future because your skills will be taken over by the robot. But also the fact is that it makes your job easier, because you know that the bad guys and girls are using the AI technology for their operations. Well, you should be using it for yours as well. So the point that kind of comes into from the survey is that 82% agree that their job efficiency will be increased because of it. 56% said that they believe that AI will make some parts of their job obsolete, which is true. I mean. I feel that that's probably a very valid comment because of the fact that there's a lot of automated tasks that we do in security that we don't need to do, and if the robot can do it, then by golly let the robot do it. That's what it's there for. Also, a quote they said that tasks can be handled that would include, obviously I just mentioned automated repetitive tasks, network traffics, signs of malware, weaknesses in the IT environment and then potential automatically detecting and blocking of threats. So those are some of the areas I felt that it would probably take some level of involvement in that within your environment. But it really comes right down to is if you don't basically embrace the AI technology, it will take over your job, just like everybody else out there. It just truly will.

Speaker 2:  

So the question I have for you on the security space is where can you get smarter on AI security? And I would try to get into that as much as you possibly can because, as you can see that it's growing. That would be a one great way for you to be able to enhance your resume, to enhance your abilities. So if you can find different ways to help you learn more about it, I would personally recommend it. The next article I have is around the passwords. So there's an article out there from Semaphore and it says nearly and it's a Microsoft supported site said 10 billion passwords were leaked in a way that may be the biggest data set of its kind ever. So the question is okay, do you go running for the hills and think that the sky is falling like chicken, little, or do you go meh, and I would kind of lean towards the meh side of the house on this. 10 billion is a lot, right, we all know that.

Speaker 2:  

Now, the part that this really would affect a lot of people is the individuals who haven't been sucked up in all the other attacks that have occurred over the years, that have still had passwords that maybe were not compromised, or it puts them all in one place. The big part about it is, if you haven't been using some sort of password manager, shame on you. You should be using it. You're going to get hit if you don't, because what happens if you don't use password managers? What do you do? Most people will reuse their passwords. The other thing is that you need to make sure and this is the part for us that you should use a password manager for all passwords, but at a minimum, you should be using them for the ones that are the elevated credentials, anything that would deal with banking, anything that deals with admin accounts, anything that would deal with banking, anything that deals with admin accounts. Obviously, you, as a security professional, should be telling people within your organization that this is something you should be doing Now.

Speaker 2:  

I have people ask me all the time well, how do I get into security? Security is hard. First step is get into IT. I mean bottom line. If you've got to get into IT, if you can't have a happy path to get you into security, get into IT and then you become the security person within your organization. And how do I mean by that Is that if your organization doesn't have the security you become, that you learn that you then be the person that provides them guidance and direction, and what will happen is the, by default, will become the security person and therefore you can make your resume look nice because of that. The other thing is is, if you are in an organization that has a security program, well, it's.

Speaker 2:  

I'll come back to this time and time again. It's not what you know, it's who you know. You can be the smartest guy in the room, but if you have the personality of a rock, nobody will work with you. So what should you do? You should go meet people. Yes, I know it's hard to believe that in a tax texting society where most of the people I work with just would rather not talk to you, but they'd rather text you. Yeah, you got to go talk to somebody. You just really do so. Piece of advice there. Back to the billion pass, 10 billion passwords. You just need to make sure that you tell your people to use password managers and to make sure that they don't use easy to guess passwords. Again, 10 billion, a lot of passwords, but yeah, it's not surprising because there's probably been 10 billion passwords hacked in the last what? Five years. So, yeah, it's not that big of a deal. Just make sure you freeze your credit. Yeah, freeze your credit. Okay, let's move on to today's CISSP questions. So again, over domain seven.

Speaker 1:  

Question number one In the context of digital forensics, what does the term chain of custody refer to? A a sequence of events in a hacking attempt. B the path that data takes from sources to the destination. C the documented and unbroken transfer of evidence. Or D the decision-making process for handling security incidents. If you look at those, two of the four are not the ones that are definitely not correct and the other two are pretty close. So, again, the context of digital forensics. What does the term chain of custody refer to? And the answer is C the documented and unbroken transfer of evidence between documents. Right, you basically are moving it from one point to the other and you want to make sure that it's transferable and that you can understand how the evidence went from one point to the next.

Speaker 1:  

Next question is around when dealing with security incidents, what should be the first key factor, their first step in, according to the most incident response? I can't even speak. What should be the first step according to most incident response procedures? A Eradicate the threat. B Prepare a report. C identification of the incident. Or D containment of the incident. Okay, so when dealing with a security incident, what should be the first step according to most incident response procedures. And the answer is C identification of the incident. The first step in this entire process is understanding the incident, what has actually occurred, and identifying you actually have a problem. Incident at what has actually occurred and identifying you actually have a problem. And then from there, usually you will work with containment, eradication and recovery will take place thereafter, and so it's important for you to identify you do have a problem, right? You can't really start to go fix something unless you realize, houston, we have a problem, all right.

Speaker 1:  

Next question what of the following best describes the purpose of data acquisition in digital forensics? A to verify the integrity of the data. B to restore the data of the lost or damaged data. C to create a binary copy of the original data. Or. D remove the sensitive data from the device. Again, which of the following best describes the purpose of data acquisition in digital forensics? And the answer is C to create a binary copy of the original data. So when you're dealing with any sort of digital forensics aspects, you want to create a binary copy of the original and the process is done so that you don't have modifications to the original evidence. And you'll see this, especially as you're getting into more of a forensics background, you'll know that you want to make a copy of that specific device, the data or the system itself that it's operating on.

Speaker 1:  

What is the purpose of a honeypot in cybersecurity investigations? A to distribute security patches. B to divert attackers from critical systems. C to authenticate users. Or D to encrypt sensitive data. And the answer is well, let me go back to the first question. What is the main purpose of a honeypot in a cybersecurity investigation Again, in a cybersecurity investigation? And the answer is B to divert attackers from critical systems. So one thing with a honeypot that's important. It's designed to basically sit out there and lure people to potentially click on or try to run exploits against that device. The ultimate goal, then, is that in an investigation is to divert people away from the most critical systems. It's also to help determine do you actually have a problem as well?

Speaker 1:  

Which of the following types of evidence is considered the most reliable in court? Again, which of the following types of evidence is considered the most reliable in court? A direct evidence, b corroborative evidence, c circumstantial evidence or D conclusive evidence. So which of the following types of evidence is considered the most reliable in court? And the answer is direct evidence. Okay, direct evidence, again, if believed, proves the existence of the fact without any interference or presumption. It's basically really straightforward and it's the strongest type of evidence you can present in a court.

Speaker 1:  

Next question during a forensics analysis, why is it important to use a right blocker? Again, during forensic analysis, why is it important for you to use a right blocker? A to prevent the original evidence from alteration. B to prevent the deletion of logs. C to prevent the data leakage. Or D to speed up the analysis process. During the forensics analysis, what is the most? Why is it important to ensure that you have a right blocker in place? And the answer is A to protect the original evidence from alteration. Right, so the right blocker is designed to protect it from accidentally fat fingering. I call it in the we used to fly airplanes, you fat finger, put something in the wrong place from you, potentially adding something to the document or the information that's out there, so you do not want to write to it, for you're trying to protect that overall information as much as you possibly can.

Speaker 1:  

Next question in a cybersecurity investigation, what is the primary purpose of using log files? A to reverse engineer malware. B to identify patterns of activity or specific actions that have occurred. C to distribute security patches. Or D to prevent future attacks. Okay, so in a cybersecurity investigation, what is the primary purpose of using log files? And the answer is B to identify patterns of activity or specific actions that have occurred. They usually are designed for specifically well, they're not designed specifically for that, but that's where they're really good in a investigation is because if you see log files that follow a trend, that will start to lead you down the breadcrumb path to find out where potentially they came in and what systems were they going after, and you're looking for that malicious activity, potentially based on trends that you see in the log files In the incident response process.

Speaker 1:  

Next question in the incident response process, what does the recovery phase involve? A identifying the security incident. B creating a backup of the data. C restoring systems to normal operations and hardening them against future incidents of a similar type. Or D preventing the spread of the incident. Okay, so in the incident response process, what does the recovery phase involve? And the answer is C restoring system to normal operations and hardening them against future incidents of a similar type. Okay, so when you're in recovery phase, you want to bring these back up, that's, bringing them up to normal operations and you must ensure and you'll confirm during that time frame that they are functioning normally so you can prevent the same type of incident from reoccurring.

Speaker 1:  

What is the hash value in the context of digital forensics? A it is a unique identifier for a piece of data. B it is the location of the file in the system. C it is a value used to decrypt the data. Or D it's a type of malware. Okay, so what is the hash value in the context of digital forensics? And the answer is A a unique identifier for a specific piece of data. A hash value is a unique data that does correspond to a specific set of data and that is unique specifically to that data. You can't just create hash values that are identical. It is specific to that piece of data and then what it does is it's also used to help with the evidence to ensure that it wasn't tampered with when you actually were trying to create or when you're producing that value. So there's various hashes that are created within the security space MD5 hashes are one, and they are again used to ensure that the integrity of the data remains. So in the process of digital forensic.

Speaker 1:  

Next question in the process of digital forensics. What is data carving? So again, digital forensics. What is data carving? A process of removing sensitive data from a device. B the process of creating a binary copy of the original data. C the process of searching for files or pieces of files in raw data. Or D the process of creating a binary copy of the original data. C the process of searching for files or pieces of files in raw data. Or D the process of analyzing network traffic. Okay, the process of digital forensics. What is data carving? And the answer is C the process of searching for files or pieces of files in raw data. Okay, so data carving is the process of extracting a collection of data from larger data sets. Basically, they're carved out of that data set and analyzed for file content. It's typically used when metadata that's required to locate the files has been deleted or corrupted. So basically, they're going in there carving out a specific piece.

Speaker 1:  

Next question which of the following tools would you primarily use to collect volatile data during a cybersecurity incident? A a network scanner. B a vulnerability scanner. C a protocol analyzer. Or D a live response tool. Okay, the question then comes into is which of the following tools would you primarily use to collect volatile data during a cybersecurity incident? And the answer is D a live response tool. These are typically used in collecting volatile data during a cybersecurity incident, and volatile data basically is information that would be lost when a system is shut down. It can be found in RAM and other areas that are running processes logged in, users and so forth. So you want a live response tool that's actually collecting that data on the fly. It's happening immediately.

Speaker 1:  

Next question which step in the forensics process ensures that the data evidence remains the same state as it was discovered? Which step of the forensics process ensures that digital evidence remains the same state as it was discovered? Which step of the forensics process ensures that digital evidence remains the same state as it was discovered? A Preservation, b Collection, c Analysis or D Reporting. Again, which step of the process ensures digital evidence remains in the same state as it was discovered? And the answer is A preservation. Preservation is a step that ensures the digital evidence remains in the same state in which it was found. This avoids the altering of the data to maintain its admissibility. In court, again, we want to make sure that we show that this data has not been tampered with, modified or changed.

Speaker 1:  

Next question what does the post-incident activity phase involve in the incident response process A analyzing the incident to prevent future occurrences. B detecting and analyzing the incident. C containing the incident to limit the damage. Or. D eradicating the incident by removing the cause of the incident. So what does the post-incident activity phase involve in an incident response plan? And the answer is A analyzing the incident to prevent future occurrences. So at the end of all of this, you want to ensure that what has occurred one, you've cleaned up.

Speaker 1:  

But two, what were the lessons learned? How did this malware get into your environment? And then from there you can implement corrective actions to fix it? Get into your environment and then from there you can implement corrective actions to fix it. Again, you want to understand that lessons learned phase because you want to be able to be going and go. Well, okay, how did they get in? They got in through a web server that was not properly patched. Well, you're going to want to go in and fix that. And then from there, what did they do? You wouldn't focus just on the web server itself. You would focus on the web server and then the path of entry and the path of escalation throughout your network.

Speaker 1:  

Next question is the last question which principle of digital forensics states that when two pieces of data come into contact, a data exchange will take place? Okay, the principle of digital forensics states that when two pieces of data come into contact, a data exchange will take place? A the principle of exchange, b the principle of integrity, c the principle of original evidence or D the principle of validity. Okay, so those are lots of principles and they could be easy to grab onto one and glob onto and go. Well, that sounds original evidence, sounds correct? Well, no, the answer is principle of exchange.

Speaker 1:  

Try to keep it simple. If you don't know, go with the most logical answer that makes sense. It may still be wrong, but at least you don't try to bite off on something that sounds really complex and collugy, because in most cases that will be the wrong answer Not always, but in most cases. So the principle of exchange is also known as Locard's exchange principle, named after Dr Edmund Locard. Now it's L-O-C-A-R-D In this principle stating, when two objects come in contact, a transfer of material will take place, and basically, in the context of digital forensics, this refers to the transfer of data.

Speaker 1:  

Okay, that would be one that would be a gotcha question the principle of exchange. All right, that's all I have for today. Go to CISSP Cyber Training. If you like these questions, you can go there and you can get more questions that are similar to it. You also can help you with the blueprint that's at the CISSP Cyber Training. That will walk you through this process step by step.

Speaker 1:  

There's a three-month, a four-month and a five-month plan that will help guide you and direct you in what you need to pass the CISSP. Now again, the key thing around this is having a good plan and then executing the plan. All I know is when I studied for the CISSP, I grabbed a book and started just going through it and didn't really know what I was looking for and I failed. So I recommend you go check out the CISSP Cyber Training Blueprint. It will help you out immensely and it'll help give you some guidance and direction on which way to go so you can study for the exam. All right, hope you all have a wonderful day and we will catch you on the flip side, see ya.

CISSP Cyber Training Academy Program!

Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification? 

Let CISSP Cyber Training help you pass the CISSP Test the first time!

LEARN MORE | START TODAY!