Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISM Exam Prep > Security Monitoring > Flashcards

Security Monitoring Flashcards

1
Q

Which Linux command can be used to monitor Linux host performance?

  • chmod
  • top
  • grep
  • lsblk
A

top

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You need to determine which process in Windows is causing excessive disk activity. What should you use?

  • IIS
  • Performance Monitor
  • Resource Monitor
  • Group Policy
A

Resource Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In which Windows log will user smartcard logon auditing appear?

  • Application
  • Security
  • System
  • Hardware
A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which benefits does Microsoft Defender for Cloud provide?

  • Cloud resource inventory
  • Cloud resource security recommendations
  • Conditional Azure AD access
  • SOAR automation
A

Cloud resource inventory
Cloud resource security recommendations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of a SIEM solution?

  • Update management
  • Device inventory
  • Workstation imaging
  • Threat hunting
A

Threat hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which Microsoft Sentinel component can be used to automate responses to detected security incidents?

  • Action group
  • Workspace
  • Data connector
  • Playbook
A

Playbook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You are reviewing web server logs and notice many entries for clients attempting to connect with “../../../../” as the request. Which type of attack was most likely occurring?

  • SQL injection
  • Password spraying
  • Directory traversal
  • User account brute-force
A

Directory traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You would like email notifications sent to admins when a cloud storage account’s egress traffic exceeds a specified amount. What should you create?

  • Key vault
  • Action Group
  • Resource Group
  • Alert
A

Action Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Where are most Linux logs located in the file system?

  • /etc/logs
  • /bin/logs
  • /var/logs
  • /usr/logs
A

/var/logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which definition accurately describes a true negative?

  • Benign activity is incorrectly reported as malicious
  • No alerts because problematic conditions are not present
  • Current configuring does not detect malicious activity
  • Correctly identified malicious activity actually exists
A

No alerts because problematic conditions are not present

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the default port number used for Linux syslog forwarding?

  • 80
  • 514
  • 389
  • 443
A

514

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are configuring Windows Event Viewer log forwarding for Windows clients joined to an Active Directory domain. The logging server will reach out to clients to pull log data to itself. What must be done on each client machine?

  • The logging server must be added to the EventLogReaders group
  • Run Winrm qc
  • Run gpudate /force
  • An Event Viewer subscription must be configured on each client
A

The logging server must be added to the EventLogReaders group
Run Winrm qc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You need to automate the response to brute-force attacks against a number of critical servers. Which type of solution should you use?

  • WAF
  • SOAR
  • SLA
  • IDS
A

SOAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISM Exam Prep (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions