NYU CIT Exam Study

Ace your homework & exams now with Quizwiz!

When attackers, where can warnings of this activity be found?

Splunk

SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]: Accepted password for root from 10.10.1.1 port 55811 ssh2. What does that mean?

A pcx02 connection was established on 05/21 with admin username.

What is a honeypot?

Decoy devices that try to lure attackers

What is log aggregation?

Collection logs with similar structures

What is the primary purpose of a SIEM? (Security Information Event Monitoring)

Detects Security Events

Fault tolerance vs failsafe - what is the difference?

Fault tolerance ensures that remaining components can main a system when one or more components fails; failsafe implementation means that all components work together to prevent or minimize damage in case of disaster

An attacker launches a mail spoofing attacking. Which of the following commands will probably be used in the attack?

HELO server, MAIL FROM:[email protected], RCPT TO:[email protected],data

NOC (Network Operations Center) manager wants to collect logs from the windows OS in Splunk. What needs to be installed and configured?

Install universal forwarder service

What are the LoT devices known to be vulnerable to many attacks?

Lack of security awareness amongst developers

What types of data do not require DLP Protections?

Public-facing web pages

A malicious is found, which environment should be used to test it?

Sandbox

How do companies prevent malware coming in via email?

Strong passwords Employees are trained and won't open suspicious emails Spam filters, malware scanners Email encryption

What is the definition of an alert?

Type if query checking rules for each active log in the system, whereby if a match is found, an email will be sent, SNMP or syslog will be activated, or automatic script will be executed

What is considered the weakest link cybersecurity?

Unaware and untrained people

What does AV (AntiVirus) search for?

Viruses

DKIM (Domain Keys Identification Mail) is what?

Email validation technique

Leakage of employee related info was discovered. The leak took place following a phishing campaign. What should the company to prevent this in the future?

Encrypt sensitive data Analyze and categorize data Av and email security

Microsoft security essentials was tagged in 2011 google chrome as malicious, what is the industry standard terminology related to this?

False Positive

A company wants to learn new attack methods. Which of the following would you find in a good strategy?

Honeypots

What is the primary purpose of pfSense?

Open source firewall

What is the PPT triad?

People Process Technology

What is the purpose of a log query?

Retrieve information from a SIEM

What is it important to generate alerts?

To Monitor and handle suspicious events in organizations

If the following query was sent to a SIEM: 'source-"/var/log/auth.log", what would the content be?

Unix authentication logs

Which is more closely related to endpoint security

AV (Antivirus)

SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]: Accepted password for root from 10.10.1.1 port 55811 ssh2. What does this mean?

An SSH connection was established on 05/21 with a root user name.

What is a method exposes data leakage by giving different version of sensitive documents to each of several suspects and seeing which version gets leaked?

Canary

What is a determine control?

Fences, cameras, motion detectors, dogs silent alarms

The following should be used to secure a website against abnormal traffic?

DMZ

What is the difference between firmware and software?

Firmware is fixed data that is part of the hardware device; software is what the user interacts with

What are SID (Security in Depth) and layered security so important?

Multiple layers of defense have better chance of thwarting potential intruders

Do honeyports detect, deceive, and counteract unauthorized access attempts?

True

An employee downloaded a file a coworker sent. The AV alerted on the file. What should the employee do?

Whitelist or allow list the file


Related study sets

Perfect Squares and Square Roots: 1-20

View Set

Cisco Network Administration - Chapter 2

View Set

Computer Applications Final Study Guide

View Set

AHTG 100 Chapter 14 - America and the World

View Set