CIT - Final Review

¡Supera tus tareas y exámenes ahora con Quizwiz!

Microsoft security essentials has tagged 2011 Google Chrome as malicious. What is the professional term related to this case?

False Positive

What is the name of the method that exposes data leakage by giving different versions of a sensitive document to each of several suspects and seeing which version gets leaked?

Canary Trap

What is the definition of an alert?

An automated script will be executed

What system scans for strings, hashes, and heuristics?

Antivirus

Which of the following security measures is related to end point security?

Antivirus

Why are IoT devices known to be vulnerable to many attacks?

Because of lack of security awareness among developers

What would it mean if I said how could you define log aggregation?

Collection of logs with a similar structure.

What is a honey pot?

Decoy device that lures attackers

What is DKIM (domainKeys identified mail)?

Email validation technique

What is more dangerous False Positive or Negative?

False Negative

What is the difference between fault tolerance and fail-safe implementation?

Fault tolerance ensures that the remaining components can maintain a system when one or more components fail, fail-safe implementation means that all components work together to prevent or minimize damage in case of disaster (LAST ONE)

An attacker launches a mail spoofing attack which of the following commands will probably be used in the attack?

Hello server mail from admin@domain then rcpt to IP domain data.

What is the main purpose of a SIEM solution?

Helps detect security incidents

NOC manager wants to collect logs from windows OS and Splunk?

Install universal forwarder service

Why is fenced in layers important to security?

Multiple layers of security have a better chance of thwarting potential intruders

Which of the following does not require DLP protection?

Public facing webpages

SIEM includes the following log May 21 741pm pcx02 ssh 703 accepted password for root from IP address port number 5581 to ssh?

SSH connection was established on May 21st with a root user.

A new company stores sensitive information and wants to secure information, using a system that reports and forensically analyze a security instant. What system should they use?

SEIM

Which of the follow artifacts does an AV search?

Strings, hashes, and heuristics

Why should employee and visitor access to an organization be audited?

To help track events in case of an incident or breach, and to locate the cause.

Why should alerts be generated?

To monitor and handle suspicious events in an organization

What is the purpose of a log query?

To retrieve information from the Siem

If the following query was sent to a Siem source var log off what would the output, look like?

Unix authentication log

John downloaded a file a co-worker sent him. His antivirus alerted him about the file. What should John do?

White list the file.

Leakage of employee related information was discovered at a large company. The company learned that the leak took place after a phishing email. What should the company use or do to prevent this from happening again?

All of these (encrypt all sensitive data, analyze and categorize date, antivirus and email security).

Which of the following is true about how an organization should protect itself from malicious emails?

All the above. (Use spam filters and malicious scanners, use strong passwords, use email encryption, don't open suspicious emails)

2 methods of getting data into Splunk?

Push and Pull (Apache kafka is another tool you can use)

Which of the following should be used secure a website against abnormal traffic dump?

DMZ

What are examples of deterrent access controls? .

Fences, cameras, and motion detectors

What is the difference between firmware and software?

Firmware is fixed date that the user interacts with and the software what the user interacts with.

Which of the following is a security mechanism that is configured to detect the seim and counterattack attempts to unauthorized access?

Honeypot

Security company wants to learn a new attack method, which of the following would be a good way to do that

Honeypots

What is domain key identified mail DKIM?

Mail Security Validation Technique

Which of the following is not true about how an organization should protect itself from malicious emails?

Open malicious emails and investigate them

What is the main purpose of a pfsense firewall?

Open-source firewall

As an analyst in a SOC department, you are responsible for checking IP addresses and verifying that they are not included in four different blacklists. To avoid the repetitive task, you decide to implement a playbook. Which SOAR capability should you use?

Security Operations Automation.

Which of the following systems should be installed to analyze an organization's network traffic?

Snort

An entropy inspection of a file indicates high entropy measuring, what can be assumed from that?

The file may be encrypted or compressed

What does the PPT triad represent in the context of organizational security?

The required balance for operational security

What is the purpose of log parsing in a system such as Splunk?

To separate data into parts that are easier to handle

Which of the following query was sent to a Siem source=var log off log off.log what would be the output?

Unix authentication logs

What is considered the weakest link in Security?

Untrained and Unaware people

David, a cybersecurity researcher, found a new way to hack the company's system without having the antivirus react to the breach. Which term relates to his discovery?

Zero-Day


Conjuntos de estudio relacionados

La Belle et La Bête: Questions de compréhension

View Set

Casebook connect (second half of semester)

View Set

Chapter 26 Metabolism Flash Cards

View Set

Chem 1 - Unit Conversion Factors

View Set

spanish comparisions (tall/short)

View Set

HTML & CSS multiple choice (code academy)

View Set