Notes and Terms CS w/ Quiz Questions
A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task? Select two answers. -It is open source. - It allows for text-based commands by users. - It is an efficient programming language. - It is proprietary.
A and B
As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers. - An intrusion detection system (IDS) - A network protocol analyzer (packet sniffer) - A cryptographic encoder - An antivirus software
A and B
Question 1 Which of the following statements correctly describe logs? Select two answers. - A business might log each time an employee signs into their computer. - A log is a record of events that occur within an organization's systems. - A log is used as a formal guide to incident response. - Security professionals use logs to visualize data.
A and B
Playbook
A manual that provides details about any operational action
Log
A record of events that occur within an organization's systems
Order of Volatility
A sequence of outlining the order of data that must be preserved from first to last
AntiVirus Software
A software program used to prevent, detect and eliminate malware and viruses. Also called anti-malware, scans the memory of a device to find patterns that indicate the presence of malware
Network Protocol Analyzer ( Packet Sniffer)
A tool designed to capture and analyze data traffic within a network
What are some key benefits of programming languages? Select all that apply. - They execute repetitive processes accurately. - They filter through data points faster than humans can working manually. - They can be used to create a specific set of instructions for a computer to execute tasks. - They install security hardware.
A, B, C
What are some key benefits of using Python to perform security tasks? Select all that apply. - It helps security professionals work with high levels of detail. - It automatically eliminates sensitive information. - It enables security professionals to be more accurate. - It simplifies repetitive tasks.
A, C, and D
Which of the following tasks can be performed using SIEM tools? Select three answers. - Collecting and analyzing data - Providing alerts for specific types of risks and threats - Helping security analysts identify potential breaches - Requesting security data from government agencies
A,C, B
IDS (Intrusion Detection System)
An application that monitors system activity and alerts on possible intrusions. Scans and analyzes network packets, the small amounts of data within the packets make the detection easier for IDS
SIEM Tool
Application that collects and analyzes log data to monitor an organization's critical activities
Fill in the blank: A database is a _____ of organized data stored in a computer system. - model - collection - visualization - frame
B
Fill in the blank: A security team uses a _____ to help them document organizational processes from beginning to end. - graph - playbook - legend - toolkit
B
Question 1 What do security professionals use to interact with and request information from a database? - Linux - Confidentiality, integrity, availability (CIA) triad - Structured Query Language (SQL) - Python
C
Question 2 What is programming typically used for? Select two answers. - Record events that occur within an organization's systems - Enable open-source operations - Create a specific set of instructions for a computer to execute tasks - Complete repetitive tasks and processes
C and D
Fill in the blank: Linux is an open-source _____ that can be used to examine logs. - programming language - algorithm - database - operating system
D
Question 3 A cybersecurity analyst needs to collect data from multiple places to analyze filtered events and patterns. What type of tool should they use? - network protocol analyzer (packet sniffer) - Playbook - Linux operating system - Security information and event management (SIEM)
D
What tool is designed to capture and analyze data traffic within a network? -Structured Query Language (SQL) -playbook -security information and event management (SIEM) -network protocol analyzer (packet sniffer)
D
Fill in the blank: A _____ is a manual that provides details about operational actions. - case history - directory - playbook - checklist
Playbook
Different Types of playbooks: Protecting and Preserving Evidence
Protecting and preserving evidence is the process of properly working with fragile and volatile digital evidence.
What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen? - SIEM - network protocol analyzers (packet sniffers) - Linux - Python
SIEM
Encryption
The process of converting data from a readable format to a cryptographically encoded format. - Does this through cryptographic encoding: Converting plaintext into secure ciphertext
Different Types of playbooks: Chain of Custody
The process of documenting evidence possession and control during an incident lifecycle. Every k,time evidence is moved it should be reported
What can cybersecurity professionals use logs for? - To research and optimize processing capabilities within a network - To select which security team members will respond to an incident - To identify vulnerabilities and potential security breaches - To analyze data traffic within a network
To identify vulnerabilities and potential security breaches
