Logs Flashcards
After careful examination of logs and reports, an administrator is confident that they’ve discovered a breach and need to begin the appropriate process. Which of the following refers to a set of procedures that an investigator follows to examining a computer incident?
Incident response
Penetration testing has commenced at Acme Inc. by third-party contractors. They are investigating the network components, performing a network scan, and documenting any devices connected to the network. What are they doing?
Network mapping
A user in HR reports that they are getting an “Access Denied” error when they are attempting to open a folder on the HR share drive. The administrator accesses the server to investigate and navigate to the folder. Where can you view a list of users and permission for a folder in Windows?
In the security tab in the property windows
All threats to a business are important, but it is critical to understand which are more likely to occur, and to be severe when they do occur. Which of the following is the biggest threat to an organization?
Insider
Recent growth has pushed Smith Consulting to expand rather quickly, and they are adding quite a few new campuses and networking devices. They want a centralized management technology to be able to keep track of important information and statistics. What protocol can they use to monitor network-attached devices?
SNMP (simple network management protocol)
An attacker has gained access to a victim’s network and wants to overload a router to take down the network. The attacker sets off a PING with an originating IP address set to that of the router and spams the other devices. What type of attack spoofs an IP in ICMP broadcast?
Smurf attack
Acme Inc is redeveloping their software structures and wants to harden the security for the cryptographic keys on their credit card processing servers. Of the following, which are physical devices that act as secure cryptoprocessors that can be added to a system?
Hardware security modules
Considering avenues of attack is important, and implementing the necessary security measures is critical, though it may create inconveniences for individual users. For example, what should happen to an account after user attempts to log in too many times?
Lock out the user
An attacker wants to get into an online cryptocurrency wallet account and is trying to subvert the two-factor authentication set to send a code to the victim’s cell phone. The attacker is likely to use which of the following?
SIM cloning
What type of encryption key algorithm is a class of cipher that uses a single key for both encryption and decryption?
Symmetric