NYU CIT Exam Study
When attackers, where can warnings of this activity be found?
Splunk
SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]: Accepted password for root from 10.10.1.1 port 55811 ssh2. What does that mean?
A pcx02 connection was established on 05/21 with admin username.
What is a honeypot?
Decoy devices that try to lure attackers
What is log aggregation?
Collection logs with similar structures
What is the primary purpose of a SIEM? (Security Information Event Monitoring)
Detects Security Events
Fault tolerance vs failsafe - what is the difference?
Fault tolerance ensures that remaining components can main a system when one or more components fails; failsafe implementation means that all components work together to prevent or minimize damage in case of disaster
An attacker launches a mail spoofing attacking. Which of the following commands will probably be used in the attack?
HELO server, MAIL FROM:[email protected], RCPT TO:[email protected],data
NOC (Network Operations Center) manager wants to collect logs from the windows OS in Splunk. What needs to be installed and configured?
Install universal forwarder service
What are the LoT devices known to be vulnerable to many attacks?
Lack of security awareness amongst developers
What types of data do not require DLP Protections?
Public-facing web pages
A malicious is found, which environment should be used to test it?
Sandbox
How do companies prevent malware coming in via email?
Strong passwords Employees are trained and won't open suspicious emails Spam filters, malware scanners Email encryption
What is the definition of an alert?
Type if query checking rules for each active log in the system, whereby if a match is found, an email will be sent, SNMP or syslog will be activated, or automatic script will be executed
What is considered the weakest link cybersecurity?
Unaware and untrained people
What does AV (AntiVirus) search for?
Viruses
DKIM (Domain Keys Identification Mail) is what?
Email validation technique
Leakage of employee related info was discovered. The leak took place following a phishing campaign. What should the company to prevent this in the future?
Encrypt sensitive data Analyze and categorize data Av and email security
Microsoft security essentials was tagged in 2011 google chrome as malicious, what is the industry standard terminology related to this?
False Positive
A company wants to learn new attack methods. Which of the following would you find in a good strategy?
Honeypots
What is the primary purpose of pfSense?
Open source firewall
What is the PPT triad?
People Process Technology
What is the purpose of a log query?
Retrieve information from a SIEM
What is it important to generate alerts?
To Monitor and handle suspicious events in organizations
If the following query was sent to a SIEM: 'source-"/var/log/auth.log", what would the content be?
Unix authentication logs
Which is more closely related to endpoint security
AV (Antivirus)
SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]: Accepted password for root from 10.10.1.1 port 55811 ssh2. What does this mean?
An SSH connection was established on 05/21 with a root user name.
What is a method exposes data leakage by giving different version of sensitive documents to each of several suspects and seeing which version gets leaked?
Canary
What is a determine control?
Fences, cameras, motion detectors, dogs silent alarms
The following should be used to secure a website against abnormal traffic?
DMZ
What is the difference between firmware and software?
Firmware is fixed data that is part of the hardware device; software is what the user interacts with
What are SID (Security in Depth) and layered security so important?
Multiple layers of defense have better chance of thwarting potential intruders
Do honeyports detect, deceive, and counteract unauthorized access attempts?
True
An employee downloaded a file a coworker sent. The AV alerted on the file. What should the employee do?
Whitelist or allow list the file