Chapter 12 Quiz

Ace your homework & exams now with Quizwiz!

You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security device needs to be configured to disable false alarms in the future? (Select the best answer.)

Anomaly-based IDS

Which of the following requires a baseline? (Select the two best answers.)

Anomaly-based monitoring Behavior-based monitoring

Which of the following is a record of the tracked actions of users?

Audit trails

Which of the following deals with the standard load for a server?

Configuration baseline

Which of the following techniques enables an already secure organization to assess security vulnerabilities in real time?

Continuous monitoring

Which of the following is the best practice to implement when securing log files?

Copy the logs to a remote log server

One of the developers in your organization installs a new application in a test system to test its functionality before implementing into production. Which of the following is most likely affected?

Initial baseline configuration

Which of the following can determine which flags are set in a TCP/IP handshake?

Packet analyzer

Which tool can be instrumental in capturing FTP GET requests?

Packet analyzer

What tool can alert you if a server's processor trips a certain threshold?

Performance Monitor

You have established a baseline for your server. Which of the following is the best tool to use to monitor any changes to that baseline?

Performance Monitor

Jason is a security administrator for a company of 4000 users. He wants to store 6 months of logs to a logging server for analysis. The reports are required by upper management due to legal obligations but are not time-critical. When planning for the requirements of the logging server, which of the following should not be implemented?

Performance baseline and audit trails

Which of the following log files should show attempts at unauthorized access?

Security

You are setting up auditing on a Windows computer. If set up properly, which log should have entries?

Security logs

Which of the following should be done if an audit recording fails?

Send an alert to the administrator

Which of following is the most basic form of IDS?

Signature-based

Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?

Signature-based IDS

Of the following, which two security measures should be implemented when logging a server? (Select the two best answers.)

The application of retention policies on log files Hashing of log files

Your boss wants you to properly log what happens on a database server. What are the most important concepts to think about while you do so? (Select the two best answers.)

The information that will be needed to reconstruct events later The amount of disk space you will require

What is the main reason to frequently view the logs of a DNS server?

To watch for unauthorized zone transfers


Related study sets

Ch 5 Life Ins Underwriting & Policy Issue

View Set

PCAT - General Chemistry Problems [IV-VI]

View Set

Qualtrics Platform Essentials (L1) - EX

View Set

Standard 10.0.1 - What is History

View Set

Drawing up More than One Type of Insulin

View Set

Review Quiz:M2: Review Questions (26402-20)

View Set

Machado Computer Science Final Test Review

View Set