Security Essentials, Textbook Page 95 (109 of 704)

Copyright Goodheart-Willcox Co., Inc. 95 SAMPLE SECURITY+ EXAM QUESTIONS 1. Trevor is on a security team hired to conduct a pen test for a company. Which of the following will he need to understand the depth and type of testing required? A. White box testing B. Threat intelligence C. RoE D. NDA 2. Amy is on a red team conducting reconnaissance. Which of the following is most likely to be detected by a blue team? A. War driving B. Banner grabbing C. Footprinting D. Collecting personal information of managers from social media platforms 3. What security benefit does performance monitoring offer administrators? A. The CPU is fast enough to keep up with requests. B. The server’s hard disk can be monitored before it runs out of space. C. It can show an unusual amount of traffic is being recorded on the network adapters. D. It maintains the status of antivirus and vulnerability software. 4. An administrator notices a high amount of disk activity. What would the administrator use to determine if this is an unusual occurrence? A. Baseline B. System event log C. Stateful firewall D. Vulnerability scanner 5. A security administrator needs to review auditing results. Where will this information be found? A. Security log B. Properties of the object being audited C. Group policy D. In a firewall 6. In reviewing a system log, which of the following events should have the highest priority in a security investigation? A. A warning message indicates that the DHCP server failed to start on first attempt. B. The date and time the payroll report was printed C. The Google updater service terminated with an error. D. The computer entered sleep mode.

Previous Page Next Page

Extracted Text (may have errors)

Copyright Goodheart-Willcox Co., Inc. 95 SAMPLE SECURITY+ EXAM QUESTIONS 1. Trevor is on a security team hired to conduct a pen test for a company. Which of the following will he need to understand the depth and type of testing required? A. White box testing B. Threat intelligence C. RoE D. NDA 2. Amy is on a red team conducting reconnaissance. Which of the following is most likely to be detected by a blue team? A. War driving B. Banner grabbing C. Footprinting D. Collecting personal information of managers from social media platforms 3. What security benefit does performance monitoring offer administrators? A. The CPU is fast enough to keep up with requests. B. The server’s hard disk can be monitored before it runs out of space. C. It can show an unusual amount of traffic is being recorded on the network adapters. D. It maintains the status of antivirus and vulnerability software. 4. An administrator notices a high amount of disk activity. What would the administrator use to determine if this is an unusual occurrence? A. Baseline B. System event log C. Stateful firewall D. Vulnerability scanner 5. A security administrator needs to review auditing results. Where will this information be found? A. Security log B. Properties of the object being audited C. Group policy D. In a firewall 6. In reviewing a system log, which of the following events should have the highest priority in a security investigation? A. A warning message indicates that the DHCP server failed to start on first attempt. B. The date and time the payroll report was printed C. The Google updater service terminated with an error. D. The computer entered sleep mode.

Help

Copyright Goodheart-Willcox Co., Inc. 96 7. In order for log data to be aggregated to a single server, what is needed to provide this functionality? A. Syslog B. SOAR C. Event Viewer D. SIEM dashboard 8. Which type of vulnerability scan can provide the most accurate and detailed feedback regarding the state of vulnerabilities on a system? A. Credentialed scan B. Configuration compliance scan C. Non-credentialed scan D. Intrusive scan 9. Which security feature provides real-time analysis of centralized log data? A. Syslog B. SIM C. UBA D. SEM 10. Which of the following would indicate the best use of using SOAR techniques in an enterprise network? A. The creation of standard baselines B. An immediate response to a potential threat can be launched. C. Provides the capabilities to correlate events from multiple servers D. It can normalize event data, making it more efficient for analysis. LAB EXERCISES Lab Activity 3-1: Startup Programs and Scheduled Tasks In Windows, an easy way to locate startup programs is to run a Microsoft utility called msconfig. The Task Scheduler should also be examined for commands set to execute at a specific time. 1. Click the Windows Start button, and then enter msconfig in the search bar. Select msconfig.exe or System Configuration in the search results to launch the System Configuration utility. 2. In the System Configuration utility, click the Startup tab. In Windows 10, click the Open Task Manager link. In older versions of Windows, the startup information is accessed directly in the System Configuration utility.

Previous Page Next Page

Copyright Goodheart-Willcox Co., Inc. 94 Log Management ■ ■ Log management is the process of generating, transmitting, analyzing, archiving, and disposing of log data. ■ ■ Log management software (LMS) enables aggregation of files from endpoint devices so the security posture of an organization can be monitored to support investigation of network events. ■ ■ Log analysis is the process of setting policies regarding the collection, review, and analysis of log data. Log analysis can occur at different stages of a data life cycle. Reviewing logs in real-time should focus on identification of vulnerabilities and threats to initiate immediate remediation. Viewing Event Logs ■ ■ Event log data can be reviewed in Window using Event Viewer, which is a versatile program that allows administrators to view, save, and back up log files. ■ ■ When Event Viewer is first opened, the main screen provides a dashboard for quick analysis. Multiple logs from different machines can be forwarded to one combined log. ■ ■ With Event Viewer, other hosts can be set up to forward entire logs or specific events to a single source log. Organization can also back up log data. REVIEW QUESTIONS 1. Summarize the reasons to perform a security evaluation. 2. Discuss threat hunting. 3. List three sources for obtaining cyber threat intelligence. 4. Explain the use of a vulnerability scan as a component of a security assessment. 5. Identify and explain four types of vulnerability scanning techniques. 6. Summarize penetration testing. 7. State the difference between the three types of pen tests. 8. Which team for penetration testing is known as the defensive security professionals? 9. State the difference between passive and active reconnaissance. 10. Briefly explain three types of penetration techniques. 11. Summarize penetration testing cleanup. 12. Discuss the importance of system baselines and performance monitoring. 13. List four components a Performance Monitor tracks. 14. Identify and explain five types of log files. 15. Summarize syslog. 16. Identify and explain four of the features of a security information and event management (SIEM) system. 17. What two components create the blended SIEM product? 18. Summarize SOAR. 19. Discuss log management. 20. Explain viewing of event logs.

Previous Page Next Page

Extracted Text (may have errors)

Help

loading