Crowdstrike Pre-hire

Question 1

What is Active Directory Security?

Answer 1

a directory service developed by Microsoft that stores information about network resources, including users, computers, and other devices. It facilitates centralized authentication, authorization, and management of network resources in a Windows domain environment.

Question 2

______________can be interconnected in hierarchical structures called trees or forests

Answer 2

Domains

Question 3

What is a centralized platform that authenticates users and computers, dterming their access rights to resources based on configuration policies and permision.

Answer 3

Active Directory

Question 4

T/F: Active Directory can integrate with other services

Answer 4

True

Question 5

why is Active Directory so important?

Answer 5

Active Directory is essential for organizations that rely on Microsoft Windows Server environments because it provides a centralized way to manage user accounts, permissions, and access control.

Question 6

whats is an event long monitoring system used for?

Answer 6

uncover vulnerbilities in a Active Directory

Question 7

What type of assessment helps users determine of their Active Directory is clean or has any vulnerabilities

Answer 7

Technical Risk Assessment

Question 8

The lifetime of Active Directory tombstone objects is ______ days

Answer 8

60

Question 9

The most important recovery measure for securing Active Directory is outlining a __________. _______. _________.

Answer 9

Disaster Recovery process

Question 10

Crowdstrike Falcon ________ _______ ______can help you detect identity-based threats in real time using artificial intelligence and behavioral analytics to stop modern attacks like ransomwar

Answer 10

Identity Threat Detection

Question 11

T/F: CrowdStrike Falcon® Identity Threat Detection is a tool that helps teams stop threats, understand their network accounts, and identify suspicious activity using AI for threat detection

Answer 11

True

Question 12

An _______ is any device that connects to the corporate network from outside its firewall. Examples of endpoint devices include:
Laptops
Tablets
Mobile devices
Internet of things (IoT) devices
Point-of-sale (POS) systems
Switches
Digital printers

Answer 12

Endpoint

Question 13

______ ________ is the cybersecurity approach to defending — such as desktops, laptops, and mobile devices — from malicious activity

Answer 13

Endpoint Security

Question 14

What is an EPP or endpoint protection platform (EPP)?

Answer 14

SOLUTION to detet and prevent security threats and other malicious activities, and also invstigates and remadation capabilties need to respond to a dynamic seceruity issue.

Question 15

T/F: Not every endpoint be a entry of attack

Answer 15

False

Question 16

what type of security posture that is on-premise

Answer 16

“traditional” or “legacy”

Question 17

Protecting against endpoint attacks is challenging because endpoints exist where humans and machines _______

Answer 17

intersect

Question 18

_______ is A software component installed on endpoints to communicate with the management console in the data center. It helps enforce security policies and receives updates or instructions from the central management system.

Answer 18

Agent

Question 19

problems that legacy approach gives to IT teams is that it can create Security Silos which means what?

Answer 19

it means that because administrators can only manage endpoints within their perimeter, they might not have visibility or control over security measures implemented in other parts of the network

Question 20

what does a hybrid approach mean in security architeture?

Answer 20

started off on-premise then changed to cloud structure, but have both installed.

Question 21

what type of security structure allows managers/admin to remotely monitor and manage endpoints through a Centralized managment console that connects devices remotely through agents and in the cloud?

Answer 21

cloud-native

Question 22

Y/N: does Cloud-Native solutions allow IT teams to remove silos and expand thier reach at their best capabilities.

Answer 22

Yes

Question 23

__________is often part of an endpoint security solution and is generally regarded as one of the more basic forms of endpoint protection.

Answer 23

Antivirus

Question 24

T/F: Antivirus can prevent an attack it has never seen before (not just a signature attack)

Answer 24

False

Question 25

Endpoint security tools that provide continuous breach prevention must integrate these fundamental elements: (4)

Answer 25

1. Prevention: NGAV 2. Detection: EDR 3. Manage threat hunting 4. Threat intelligence integration

Question 26

NGAV

Answer 26

Next Generation anti-virus

Question 27

________ is an umbrella term used to describe a program or code created to harm a computer, network, or server

Answer 27

malware

Question 28

______ _______ _______ employs advanced endpoint protection technologies, such as AI and machine learning, to detect and prevent both known and unknown malware.

Answer 28

Next-generation antivirus (NGAV)

Question 29

what are the various elemnts that NGAV can examine

Answer 29

file hashes, URLs, and IP addresses to identify threats.

Question 30

is the use of NGAV proactive or reactive in regards to defense?

Answer 30

proactive

Question 31

t/f: traditional antivirues solutions detect less than half of all atttacks

Answer 31

true

Question 32

why is traditional antivirus so slow and ineffective?

Answer 32

they only can detect signatures that someone has seen or manually put into the database by a contributor

Question 33

what can close the time gap between a malware that is just created to turn into a signature malware.

Answer 33

Next generation antivirus NGAV

Question 34

what does a "silent Failure" mean?

Answer 34

when a succesfull attack takes place, and they are in your system for days, weeks, and even months

Question 35

______ _______ _______solutions offer continuous and comprehensive visibility into endpoint activities, enabling businesses to detect and respond to security breaches in real time.

Answer 35

Endpoint dectection response (EDR)

Question 36

y/n: automation or the use of AI can detect every attack?

Answer 36

No

Question 37

who and what is managed threat hunting?

Answer 37

conducted by elite teams that learn from incidents that have already occurred, aggregate crowdsourced data, and provide guidance on how best to respond when malicious activity is detected.

Question 38

There is a need to keep evolving your cybersecurity, because new and tougher threats occur. 2 common problems arrive from Sophisticated adversaries and APTs. What is an APTs?

Answer 38

An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time.

Question 39

how long should a threat intelligence integration solution wait to investigate all incidients

Answer 39

minutes

Question 40

_________ __ _________ focus on detecting the intent of what an attacker is trying to accomplish, regardless of the malware or exploit used in an attack.

Answer 40

Indicators of attack (IOA)

Question 41

T/F: IOC and IOA can detect and prevent zero-day attacks and malware - free intrusions

Answer 41

False

Question 42

_______ __ _______ is evidence found on a computer indicating a security breach in the network. Investigators collect this data after suspicious incidents, scheduled checks, or upon discovering unusual network activity. The goal is to create better tools for detecting and isolating suspicious files in the futur

Answer 42

Indicator of compromise (IOC)

Question 43

when do you find/ run into IOCs???

Answer 43

after an incident or through scheduled checks

Question 44

what is the purpose of an IOC?

Answer 44

develop smarter tools for the future & locks up a suspicious file

Question 45

what is a whaling attack?

Answer 45

basically a spear phising attack, but targets higher level indivsuals

Question 45

______ _______ is a type of phishing attack that targets specific individuals or organizations typically through malicious emails. GOAL is steal login creditioals in infect a target device

Answer 45

spear phishiing

Question 45

difference between Phising, spear phisihing, and whaling: spear phising

Answer 45

priotize quality of the attack

Question 46

difference between Phising, spear phisihing, and whaling: phising

Answer 46

priotizes quantity

Question 47

difference between Phising, spear phisihing, and whaling: whaling

Answer 47

prioritizes C-level targerts

Question 48

IOA vs IOC

Answer 48

IOA can collect and analyze what is happening in real time

Question 49

4 keys from being CLOUD-NATIVE

Answer 49

1. REDUCED COST AND COMPLEXITY 2. PROTECTION OF THE CROWD 3. EFFORTLESS SCALABILITY 4. WORKS ON DAY ONE

Question 50

what are the three things that come with the CrowdStrike Falcon® Endpoint Protection Enterprise ?

Answer 50

1. Falcon prevent 2. Insight XDR 3. Adversary Intelligence

Question 51

_________ ______ _________refers to the technologies, policies, services and security controls that protect any type of data in the cloud from loss, leakage or misuse through breaches, exfiltration and unauthorized access

Answer 51

cloud data security

Question 52

The _____ is a term used to describe servers — as well as any associated services, software applications, databases, containers and workloads — that are accessed remotely via the internet

Answer 52

cloud

Question 53

T/f: cloud security — and, by extension, cloud data security — is a shared responsibility between the cloud service provider (CSP) and its customers.

Answer 53

True

Question 54

3 examples of CSP or cloud service provider

Answer 54

1. Google cloud platform (GCP) 2. Amazon Web Services (AWS) 3. Microsoft Azure (Azure)

Question 55

Why should businesses store data in the cloud? (4)

Answer 55

1. lower cost 2. resource optimization 3. improved access 4. scalability

Question 56

____________ are the No. 1 vulnerability in a cloud environment and can lead to overly permissive privileges on accounts, insufficient logging and other security gaps that expose organizations to cloud breaches, insider threats and adversaries who leverage vulnerabilities to gain access to data.

Answer 56

misconfigurations

Question 57

API stand for?

Answer 57

Application Programming interface

Question 58

____________ _______________ _____________ is a set of rules and protocols that allows different software applications to communicate and interact with each other.

Answer 58

API, or Application Programming Interface

Question 59

t/f: In summary, APIs facilitate the exchange of data and functionalities between different software applications while having no security risks

Answer 59

false; there is a ton of risks

Question 60

________ ________ _________ __________ helps keep cloud environments safe by automatically finding and fixing risks across different cloud services like IaaS, SaaS, and PaaS.

Answer 60

Cloud Security Posture Management (CSPM):

Question 61

______________ __________________ ______________ is the process of continuously monitoring for, and removing threats from cloud workloads and containers. also can work in any location

Answer 61

Cloud Workload Protection (CWP)

Question 62

are like virtual boxes that hold everything a workload needs to run smoothly. They package up the workload's software and all its parts so it can work the same way no matter where it goes.

Answer 62

containers

Question 63

are basically tasks or jobs that run on the internet instead of on your own computer. They can be anything from running a website to analyzing data

Answer 63

cloud workloads

Question 64

t/f; Cloud workload protection is like a bodyguard for your stuff in the cloud. It checks for weak spots and helps fix them, while also making sure no bad guys sneak in

Answer 64

true

Question 65

___________ ___________ is a framework of policies and rules used by businesses to manage their operations in the cloud. It ensures data security, system integration, and proper deployment of cloud computing resources. Key Points: Manages cloud operations and security. Ensures data security and system integration. Flexible to accommodate third-party vendors and different business teams

Answer 65

cloud governance

Question 66

_____ ________ is an approach to building and deploying applications optimized for cloud computing. It emphasizes scalability, resilience, and ease of management in the cloud environment. Key Points: Optimized approach for cloud computing. Focuses on scalability, resilience, and ease of management enable faster, more efficient development and deployment of applications in the cloud environment.

Answer 66

cloud native

Question 67

_______ ___________ __ _______ ____________ () collects and analyzes data from IT systems to detect security threats and stores logs centrally. Key Points: Collects and analyzes data for security threats. Stores logs from various sources in a central system. Use in Cybersecurity: (_______) helps organizations monitor and respond to security incidents effectively by providing a centralized view of security data.

Answer 67

SIEM (Security Information and Event Management)

Question 68

________ _____________ ___________ gathers, sorts, and stores log data from different sources in one centralized location. Key Points: Gathers and stores log data from various sources. Provides a single point of access for network and application data. Use in IT Operations: ____ helps IT, DevOps, and SecOps professionals manage log data efficiently and access relevant information for decision-making

Answer 68

Log Management System (LMS)