Chapter 1

Question 1

A common goal is to remove single points of

Answer 1

Failure

Question 2

A T_____ is any circumstance or event that has the potential to compromise confidentiality , integrity , or availability .

Answer 2

Threat

Question 3

A _______ is a weakness . It can be a weakness in the hardware , software , configuration , or users operating the system .

Answer 3

Vulnerability

Question 4

_______resources typically have elasticity capabilities allowing them to adapt to this increased and decreased demand on the fly .

Answer 4

Cloud

Question 5

________ controls are alternative controls used when it isn?t feasible or possible to use the primary control .

Answer 5

Compensating

Question 6

______and______ controls attempt to reverse the impact of an incident or problem after it has occurred . Examples include backups , system recovery plans , and incident handling processes .

Answer 6

Corrective / Recovery

Question 7

________controls attempt to detect when a vulnerability has been exploited . Examples include log monitoring , security information and event management ( SIEM ) systems , trend analysis , video surveillance systems , and motion detection systems .

Answer 7

Detective

Question 8

_______controls attempt to prevent incidents by discouraging threats . Examples include locks and guards . Note that these can also be described as preventative controls . The primary difference is that they try to discourage people from trying to exploit a weakness .

Answer 8

Deterrent

Question 9

_______ is the ability of a system to handle the increased workload by dynamically scaling up or scaling out as the need arises .

Answer 9

Elasticity

Question 10

______ methods and redundancies are commonly added to support high availability .

Answer 10

Fault Tolerance

Question 11

Linux ______command displays the beginning of a log file

Answer 11

Head

Question 12

Linux_____ command displays the end of a log file .

Answer 12

Tail

Question 13

Linux ______ command adds entries to a log file .

Answer 13

Logger

Question 14

Linux ______ command , can be used instead of ping because it can use TCP or UDP instead of ICMP .

Answer 14

Hping

Question 15

Linux_____ can identify open ports on remote systems .

Answer 15

Hping

Question 16

Linux_____ to view and manipulate the configuration of network interfaces .

Answer 16

Ifconfig

Question 17

Linux______can enable promiscuous mode on a NIC (Network Interface Card)

Answer 17

Ifconfig

Question 18

_____ controls are primarily administrative and include items such as risk and vulnerability assessments .

Answer 18

Managerial

Question 19

_____allows you to view statistics for TCP / IP protocols (view all active network connections) . Suspect malware is causing a computer to connect with a remote computer .

Answer 19

Netstat

Question 20

_____ is similar to rsyslog and syslog - ng , but it also supports Windows log formats .

Answer 20

Nxlog

Question 21

_________ controls are focused on the day - to - day operations of an organization . They help ensure an organization is complying with its overall security plan . Some examples include security awareness and training , configuration management , and change management .

Answer 21

Operational

Question 22

Organizations balance ______ availability with security constraints .

Answer 22

Resource

Question 23

_________ controls are any controls that you can physically touch . Some examples are bollards and other barricades , access control vestibules ( sometimes called mantraps ) , lighting , fences , and signs .

Answer 23

Physical

Question 24

_______ controls attempt to prevent security incidents . Examples include system hardening , user training , guards , change management , and account disablement policies .

Answer 24

Preventative

Question 25

________ methods help systems heal themselves or recover from faults with minimal downtime .

Answer 25

Resiliency

Question 26

_______ controls , or incident response controls , help an organization prepare for security incidents and respond to them when they occur .

Answer 26

Response

Question 27

__ is the possibility of a threat exploiting a vulnerability and resulting in a loss .

Answer 27

Risk

Question 28

____ mitigation reduces risk by reducing the chances that a threat will exploit a vulnerability or reduce the risk?s impact .

Answer 28

Risk

Question 29

____came out after syslog - ng and includes the ability to send log entries directly into database engines .

Answer 29

Rsyslog

Question 30

______ is the ability of a system to handle increased workload either by scaling up or by scaling out . This is done manually by administrators .

Answer 30

Scalability

Question 31

__controls reduce risks . For example , antivirus software is a security control that reduces the risk of virus infection .

Answer 31

Security

Question 32

____systems provide a centralized solution for collecting , analyzing , and managing data from multiple sources .

Answer 32

Security Information And Event Management ( Siem )

Question 33

Security professionals may want to apply security controls everywhere without considering the cost . However , executives have a responsibility to minimize costs without sacrificing ______ .

Answer 33

Security

Question 34

_______extends syslogd , allowing a system to collect logs from any source .

Answer 34

Syslog - Ng

Question 35

Systems scale out by adding additional ______ .

Answer 35

Nodes Or Servers

Question 36

Systems____ by adding additional hardware resources such as memory , processing power , bandwidth capability , and / or drive space .

Answer 36

Scale Up

Question 37

_______ controls use technology to reduce vulnerabilities .

Answer 37

Technical

Question 38

Encryption , antivirus software , IDSs , firewalls , and the principle of least privilege are________controls .

Answer 38

Technical Controls .

Question 39

The ____ command allows you to view and manipulate the _____ cache . This can be useful if you suspect a system?s _____ cache has been modified during an attack .

Answer 39

Arp

Question 40

_____ shows content of address resolution protocol and is used to link IP AND MC ADDRESS

Answer 40

Arp

Question 41

The ____ command ( short for concatenate ) displays the contents of files .

Answer 41

Cat

Question 42

The _____ command searches for a specific string or pattern of text within a file (simplifies search when a log is long).

Answer 42

Grep

Question 43

GREP stands for______

Answer 43

Global Regular Expression Print

Question 44

The _____ command on Windows allows you to view the configuration of network interfaces .

Answer 44

Ipconfig

Question 45

The command displays log entries from several different sources on Linux systems .

Answer 45

Journalctl

Question 46

The ___ command can be used to check connectivity ; check name resolution ; and verify that routers , firewalls , and intrusion prevention systems block ping traffic .

Answer 46

Ping

Question 47

The Linux______command collects entries from a variety of devices in the network , similar to how a SIEM server collects log entries .

Answer 47

Syslog

Question 48

The ______ on Linux systems collects and routes syslog entries .

Answer 48

Syslog Daemon ( Syslogd )

Question 49

The three primary security control categories are ______, _______ and _______.

Answer 49

Managerial , Operational , And Technical .

Question 50

____ ( on Windows systems ) lists the routers ( also called hops ) between two systems . It can verify a path has not changed.

Answer 50

Tracert

Question 51

____(on Linux systems) lists the routers ( also called hops ) between two systems . It can verify a path has not changed.

Answer 51

Traceroute

Question 52

Windows includes several logs that you can view with the Windows Event Viewer. The____log functions as a security log , an audit log , and an access log.

Answer 52

Security

Question 53

Windows includes several logs that you can view with the Windows Event Viewer. Windows records events related to the operating system in the ______ log

Answer 53

System

Question 54

Windows includes several logs that you can view with the Windows Event Viewer. Applications record events in the _______ log

Answer 54

Application

Question 55

You run command line tools in the ______ Prompt window ( in Windows ).

Answer 55

Command

Question 56

You run command line tools in the ______ ( in Linux ) .

Answer 56

Terminal

Question 57

You use the ______ ( short for change mode ) command to change permissions on files .

Answer 57

Chmod

Question 58

SIEM stands for________________________

Answer 58

Security Info Event Management