CompTIA Security+ Ch. 13 Study Guide

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

One of your co-workers complains to you that he cannot see security events in the Event Viewer. What are three possible reasons for this?

1. Auditing has not been turned on 2. The co-worker is not an administrator 3. Auditing for an individual object has not been turned on

What two IDSs require a baseline

1. Behavior-based 2. Anomaly-based

Your boss wants to properly log what happens on a database server. What are two of the most important concepts to think about while you do so?

1. The amount of disk space you will require 2. The information that will be needed to reconstruct events later

What two security measures should be implemented when logging a server?

1. The application of retention policies on log files 2. Hashing of log files

You have been alerted to suspicious traffic without a specific signature. Upon further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. What security device needs to be configured to disable false alarms in the future?

Anomaly-based IDS

A record of the tracked actions of users is known as...

Audit trails

In what way can you gather information from a remote printer?

By using SNMP

What deals with the standard load for a server?

Configuration baseline

What technique enables an already secure organization to assess security vulnerabilities in real time?

Continuous monitoring

What is the best practice to implement when securing logs files?

Copy the logs to a remote log server

What kind of security control do computer security audits fall under?

Detective

One of the developers in your organization installs a new application in a test system to test its functionality before implementing into production. What is most likely affected?

Initial baseline configuration

Jason is the security administrator for a company of 4000 users. He wants to store 6 months of security logs to a logging server for analysis. The reports are required by upper management due to legal obligations but are not time-critical. When planning for the requirements of the logging server, what should not be implemented?

Performance baseline and audit trails

What tool can alert you if a server's processor trips a certain threshold?

Performance monitor

You have established a baseline for your server. What is the best tool to use to monitor any changes in the baseline?

Performance monitor

As you review your firewall log you see information from an attack that identifies source IP addresses and destination IP addresses as well as port numbers for the destination. What type of attack is this?

Port scanning

What can determine which flags are set in a TCP/IP handshake

Protocol analyzer

What tool can be instrumental in capturing FTP GET requests?

Protocol analyzer

You suspect a broadcast storm in the LAN. What tool is required to diagnose which network adapter is causing the storm?

Protocol analyzer

Which protocol uses port 3389?

RDP (Remote Desktop Protocol)

The IT director has asked you to install agents on several client computers and monitor them from a program at a server. What is this known as?

SNMP (Simple Network Management Protocol)

You have been tasked with providing daily network usage reports of layer 3 devices without compromising any data during the information gathering process. What protocol should you select to provide for secure reporting in this scenario?

SNMPv3

What log file shows attempts at unauthorized access?

Security

You are setting up auditing on a Windows computer. If set up properly, which log should have entries?

Security log

What should be done if an audit recording fails?

Send an alert to the administrator

What is the most basic form of an IDS?

Signature-based

Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What type of IDS is this?

Signature-based IDS

To find out when a computer was shut down, which log file would an administrator use?

System

Michael has just completed monitoring and analyzing a web server What indicates that the server might have been compromised?

The web server is showing a drop in CPU speed and hard disk speed

What is the main reason to frequently view the logs of a DNS server

To watch for unauthorized zone transfers


संबंधित स्टडी सेट्स

Ch. 3-1, 3-2, 3-3, and 4-2 Bio Ecology

View Set

QUESTIONS FOR CIRCULATORY SYSTEM

View Set

CSMA/CA Carrier Sense Multiple Access/Collision Avoidance Steps

View Set