Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Cybersecurity Bootcamp Study Aid > 11.3 Enterprise Security Management > Flashcards

11.3 Enterprise Security Management Flashcards

1
Q

An intrusion detection system (IDS) both ______ and looks for ______.

A

An intrusion detection system (IDS) both analyzes traffic and looks for malicious signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Enterprise security monitoring (ESM) includes ______.

A

Enterprise security monitoring (ESM) includes endpoint telemetry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False:

Firewalls and NSMs can see inside encrypted traffic.

A

False

Firewalls and NSMs CANNOT see inside encrypted traffic.

In most cases, malware will be transmitted from attacker to victim in an encrypted state to hide its presence and intent. This also serves as a method of obfuscation to bypass IDS detection engines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ESMs use OSSEC to provide visibility at the _____, where malware infection takes place after it’s decrypted.

A

ESMs use OSSEC to provide visibility at the host-level, where malware infection takes place after it’s decrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

______ is essentially host-based monitoring of system data.

A

Endpoint telemetry is essentially host-based monitoring of system data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What tools are in the Elastic (ELK) Stack, the engine that operates within the security onion

A

Elasticsearch + logstash + kibana

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

________ is important at every level of government and public sector organizations, which use it to determine acceptable risk and develop security controls that in forms budgets

A

Threat intelligence is important at every level of government and public sector organizations, which use it to determine acceptable risk and develop security controls that in forms budgets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

__________ , are responsible for establishing threat intelligence cards, which document the TTPs used by adversaries to infiltrate a network.

A

Computer and Incident and Response Teams (CIRT), are responsible for establishing threat intelligence cards, which document the TTPs used by adversaries to infiltrate a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

__________ are shared among the cyber defense community, allowing organizations to benefit from the lessons learned by others.

A

Threat intelligence cards are shared among the cyber defense community, allowing organizations to benefit from the lessons learned by others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ag-Cybersecurity Bootcamp Study Aid (55 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions