Foundations of Cybersecurity module 4 Flashcards

1
Q

A _________ is a record of events that occur within an organization’s systems. Examples of security-related logs include records of employees signing into their computers or accessing web-based services. __________(s) help security professionals identify vulnerabilities and potential security breaches.

A

Log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

commonly used SIEM tools:

A

Splunk and Chronicle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A ___________ is an application that collects and analyzes log data to monitor critical activities in an organization

A

SIEM tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

________ is a data analysis platform, and __________ Enterprise provides SIEM solutions. ________ Enterprise is a self-hosted tool used to retain, analyze, and search an organization’s log data.

A

Splunk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Another SIEM tool is Google’s ____________. __________ is a cloud-native SIEM tool that stores security data for search and analysis. Cloud-native means that ________ allows for fast delivery of new features.

A

Chronicle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A _________ is a manual that provides details about any operational action, such as how to respond to an incident. ____________s, which vary from one organization to the next, guide analysts in how to handle a security incident before, during, and after it has occurred. _______________s can pertain to security or compliance reviews, access management, and many other organizational tasks that require a documented process from beginning to end.

A

playbook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_____________, also called packet sniffer. A packet sniffer is a tool designed to capture and analyze data traffic within a network. Common network protocol analyzers include tcpdump and Wireshark.

A

network protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When working on a forensic case, there are two playbooks you might follow:

A

1.chain of custody playbook. Chain of custody is the process of documenting evidence possession and control during an incident lifecycle. As a security analyst involved in a forensic analysis, you will work with the computer data that was breached.

  1. protecting and preserving evidence playbook. Protecting and preserving evidence is the process of properly working with fragile and volatile digital evidence.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A _______________ is a unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.

A

web vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

____________ is a software program used to prevent, detect, and eliminate malware and viruses. It is also called anti-malware. Depending on the type of antivirus software, it can scan the memory of a device to find patterns that indicate the presence of malware.

A

Antivirus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An ___________________________ is an application that monitors system activity and alerts on possible intrusions. The system scans and analyzes network packets, which carry small amounts of data through a network. The small amount of data makes the detection process easier for an IDS to identify potential threats to sensitive data. Other occurrences an IDS might detect can include theft and unauthorized access.

A

intrusion detection system (IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_____________ makes data unreadable and difficult to decode for an unauthorized user; its main goal is to ensure confidentiality of private data. Encryption is the process of converting data from a readable format to a cryptographically encoded format. Cryptographic encoding means converting plaintext into secure ciphertext. Plaintext is unencrypted information and secure ciphertext is the result of encryption

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_______________, also called _______________, is the act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses.

A

Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An open-source operating system

A

Linux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A sequence outlining the order of data that must be preserved from first to last

A

Order of volatility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A process that can be used to create a specific set of instructions for a computer to execute tasks

A

Programming

16
Q

A programming language used to create, interact with, and request information from a database

A

SQL (Structured Query Language)

17
Q

A non-profit organization focused on improving software security

A

Open Web Application Security Project (OWASP)

18
Q

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

A

Security architecture

19
Q

Safeguards designed to reduce specific security risks

A

Security controls

20
Q

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

A

Watering hole attack

21
Q

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

A

USB baiting