Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ > Logging and Monitoring > Flashcards

Logging and Monitoring Flashcards

1
Q

You have configured a honeypot listening on TCP port 80. From another station, which tool can you use to run a port scan to trigger honeypot alerts?
A. traceroute
B. nmap
C. ssh
D. ping

A

B. nmap
nmap (Network Mapper) is a powerful tool commonly used for network discovery and security auditing. It allows you to run port scans, which can be used to detect open ports on a target system, such as your honeypot listening on TCP port 80. When you run an nmap scan against the honeypot, it can trigger alerts if the honeypot is set up to monitor for such scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where are most Linux logs located in the file system?
A. /bin/logs
B. /usr/logs
C. /etc/logs
D. /var/logs

A

D. /var/logs.
In Linux, most system and application logs are stored in the /var/log directory. This directory contains various log files related to system processes, security, and application activities.

Common logs found in this directory include:
/var/log/syslog or /var/log/messages: General system activity logs.
/var/log/auth.log: Authentication logs (e.g., login attempts).
/var/log/dmesg: Boot and kernel logs.
/var/log/secure: Security-related events.
/var/log/cron: Cron job logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which is the default compression type used when logrotate compresses older logs?
A. bzip
B. zip
C. gzip
D. 7zip

A

C. gzip.
By default, logrotate uses gzip for compressing older logs in most Linux distributions. When logrotate rotates logs, it typically compresses them to save disk space, and gzip is the default compression method unless configured otherwise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are configuring Windows Event Viewer log forwarding for Windows clients joined to an Active Directory domain. The logging server will reach out to clients to pull log data to itself. What must be done on each client machine? Choose more than one option.
A. The logging server must be added to the EventLogReaders group
B. An Event viewer subscription must be configured on each client
C. Run Winrm qc
D. Run gpudate /force

A

A. The logging server must be added to the EventLogReaders group
C. Run Winrm qc

A. The logging server must be added to the EventLogReaders group
In order for the logging server to access event logs on the client machines, the server needs to have permission to read those logs. Adding the logging server to the EventLogReaders group on each client machine grants it the necessary read access to the event logs.
C. Run Winrm qc
WinRM (Windows Remote Management) is required for remote communication between the logging server and the clients. The WinRM qc (WinRM quick config) command configures the necessary settings to allow remote management. This is required to enable the server to pull logs from the clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which Linux command shows kernel log messages?
A. dmesg
B. lsblk
C. chmod
D. logger

A

A. dmesg.
dmesg is the command used in Linux to display kernel log messages. It shows messages related to hardware, drivers, and the kernel itself, which are useful for troubleshooting boot issues, hardware detection, and other kernel-related events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What purpose does an IT-based honeypot provide?
A. IT system decoy to track hacker activity
B. IT system decoy to require user SSO
C. IT system decoy to protect production data
D. IT system decoy to require user MFA

A

A. IT system decoy to track hacker activity.
An IT-based honeypot is a security resource or system set up to act as a decoy, attracting malicious activity in order to monitor, analyze, and track attackers. The goal of a honeypot is to deceive attackers into interacting with the decoy system, allowing security teams to observe their tactics, techniques, and procedures (TTPs), and gain insights into potential threats. Honeypots can be used to study hacker behavior, gather intelligence, and improve security defenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the default port number used for Linux syslog forwarding?
A. 514
B. 80
C. 389
D. 443

A

A. 514.
The default port number used for Linux syslog forwarding is 514. Syslog typically uses UDP (User Datagram Protocol) or TCP for transmitting log data between systems. Port 514 is the standard port assigned for syslog communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In which Windows log will user smartcard logon auditing appear?
A. Application
B. System
C. Security
D. Hardware

A

C. Security.
In Windows, user smartcard logon auditing information appears in the Security log. This log contains security-related events, including logon attempts, user authentication, and authorization details. When a user logs on using a smartcard, the event is recorded here as part of the security auditing process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions