ACT PREP ;), ACT Prep Exam Questions and Answers

Document Content and Description Below

What is the purpose of a log query? - ANSWER Retrieve information from a SIEM Which is more closely related to endpoint security - ANSWER AV (Antivirus) What types of data do not require DLP Pro... tections? - ANSWER Public-facing web pages DKIM (Domain Keys Identification Mail) is what? - ANSWER Email validation technique What is it important to generate alerts? - ANSWER To Monitor and handle suspicious events in organizations What are SID (Security in Depth) and layered security so important? - ANSWER Multiple layers of defense have better chance of thwarting potential intruders An attacker launches a mail spoofing attacking. Which of the following commands will probably be used in the attack? - ANSWER HELO server, MAIL FROM:admin@domain.com, RCPT TO:IT@anotherDomain.com,data What is a honeypot? - ANSWER Decoy devices that try to lure attackers Microsoft security essentials was tagged in 2011 google chrome as malicious, what is the industry standard terminology related to this? - ANSWER False Positive SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]: Accepted password for root from 10.10.1.1 port 55811 ssh2. What does that mean? - ANSWER A pcx02 connection was established on 05/21 with admin username. What does AV (AntiVirus) search for? - ANSWER Viruses What is the primary purpose of pfSense? - ANSWER Open source firewall What is log aggregation? - ANSWER Collection logs with similar structures What is the primary purpose of a SIEM? (Security Information Event Monitoring) - ANSWER Detects Security Events What is considered the weakest link cybersecurity? - ANSWER Unaware and untrained people What is the definition of an alert? - ANSWER Type if query checking rules for each active log in the system, whereby if a match is found, an email will be sent, SNMP or syslog will be activated, or automatic script will be executed NOC (Network Operations Center) manager wants to collect logs from the windows OS in Splunk. What needs to be installed and configured? - ANSWER Install universal forwarder service If the following query was sent to a SIEM: 'source-"/var/log/auth.log", what would the content be? - ANSWER Unix authentication logs What are the LoT devices known to be vulnerable to many attacks? - ANSWER Lack of security awareness amongst developers A company wants to learn new attack methods. Which of the following would you find in a good strategy? - ANSWER Honeypots A malicious is found, which environment should be used to test it? - ANSWER Sandbox Fault tolerance vs failsafe - what is the difference? - ANSWER Fault tolerance ensures that remaining components can main a system when one or more components fails; failsafe implementation means that all components work together to prevent or minimize damage in case of disaster How do companies prevent malware coming in via email? - ANSWER Strong passwords Employees are trained and won't open suspicious emails Spam filters, malware scanners Email encryption The following should be used to secure a website against abnormal traffic? - ANSWER DMZ Leakage of employee related info was discovered. The leak took place following a phishing campaign. What should the company to prevent this in the future? - ANSWER Encrypt sensitive data Analyze and categorize data Av and email security An employee downloaded a file a coworker sent. The AV alerted on the file. What should the employee do? - ANSWER Whitelist or allow list the file What is a method exposes data leakage by giving different version of sensitive documents to each of several suspects and seeing which version gets leaked? - ANSWER Canary SIEM includes the following log: May 21 07:41:22 pcx02 sshd[703]: Accepted password for root from 10.10.1.1 port 55811 ssh2. What does this mean? - ANSWER An SSH connection was established on 05/21 with a root user name. What is the PPT triad? - ANSWER People Process Technology What is the difference between firmware and software? - ANSWER Firmware is fixed data that is part of the hardware device; software is what the user interacts with What is a determine control? - ANSWER Fences, cameras, motion detectors, dogs silent alarms When attackers, where can warnings of this activity be found? - ANSWER Splunk Do honeyports detect, deceive, and counteract unauthorized access attempts? - ANSWER True [Show More]

Last updated: 2 years ago

Preview 1 out of 3 pages