Security Operations Flashcards

1
Q

What outlines the scope, objectives, limitations, and boundaries of a penetration test?

A

Rules of Engagement (RoE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is active reconnaissance?

A
  • When a pen-tester actively probes and scans the target environment to gather information
  • Ex. Port/service scans, vulnerability scans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is passive reconnaissance?

A
  • Involves gathering information without directly interacting with the target systems
  • Ex. Monitoring traffic or analyzing publicly available information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is required for an organization to properly manage its restore process in the event of system failure?

A

DRP (Disaster Recovery Plan)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of a RPO?

A

Covers the amount of data that is expected to be recovered given a failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If you wanted to inspect data about an executable than ran on a employee’s laptop, what logs would you use?

A

Endpoint/host logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of a DRP?

A

A plan for the whole recovery process necessary to restore the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is it called when an analyst proactively searches for signs of compromise or suspicious actives within the network?

A

Threat hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What encryption technique would you use to protect data on an employees’ laptop?

A

Full disk encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What should a security administrator adhere to when setting up a new set of firewall rules?

A

Change management procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is it called when companies pay non-employees to find vulnerabilities?

A

Bug bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What document would a company provide to a client to outline the project, cost, and the completion time frame?

A

SOW (Statement of Work)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What should be done first when a high-priority patch to a production system needs to be applied?

A

Create a change control request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why should root cause analysis be conducted as part of incident response?

A

To prevent future incidents of the same nature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

A

Audit findings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is it when a company determines the staffing levels needed to sustain business operations during a disruption?

A
  • Capacity planning
  • This ensures that the organization has sufficient human resources to maintain essential functions and minimize downtime
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is it called when a company required hard drives to be securely wiped before sending decommissioned systems to recycling?

A

Sanitization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What data classification should be used to secure and protect patient data?

A

Sensitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What team can a company hire to perform an offensive security assessment covering penetration testing and social engineering?

A

Red

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What team would perform a defensive security assessment?

A

Blue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What can be used to identify potential attacker activities without affecting production servers?

A

Honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the process called when an incident response team engages in the process of understanding the source of an incident?

A

Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What should be done after a security network completes a vulnerability assessment of the network and remedies the vulnerabilities?

A

Rescan the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What does automation involve?

A

Using tools and scripts to regularly check and report on the security settings of servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What script should you write to streamline account creation?

A

User provisioning script

26
Q

What type of control is described by a company setting up a SIEM system and assigning an analyst to review the logs on a weekly basis?

A

Detective

27
Q

What is tuning?

A

Setting a monitoring system to have higher, or lower threat detection standards

28
Q

What is the primary security concern of setting up a BYOD program?

A

Jailbreaking

29
Q

What is ARO?

A
  • Annualized Rate of Occurrence
  • This estimated the frequency with which a specific risk or event is expected to occur in a year
  • Helps assess the likelihood of risks
30
Q

What is RTO?

A
  • Recovery Time Objective
  • The maximum acceptable amount of time that a system or application can be down after a failure/disaster
31
Q

What would a company use to decide if they should reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks?

A

ARO

32
Q

In what phase of the incident response process does a security analyst review roles and responsibilities?

A

Preparation

33
Q

What should a security administrator set up so they can secure data by tracking changes in an environment?

A

FIM (File Integrity Monitoring)

34
Q

What is FIM?

A
  • File Integrity Monitoring
  • A security technology that monitors and detects changes in files
  • Can track modifications, access, or deletions of files and notify administrators of any changes
35
Q

When implementing FDE on all laptops in an organization, what are two important considerations to make?

A
  • Key escrow
  • TPM presence
36
Q

What is the purpose of key escrow?

A

To ensure encryption keys can be recovered in case they are lost or forgotten

37
Q

What is TPM presence?

A
  • A hardware-based security feature that can store encryption keys securely
  • Enhances the security of FDE by protecting the keys from being accessed or tampered with
38
Q

What incident response activity ensures evidence is properly handled?

A

Chain of custody

39
Q

What does orchestration refer to?

A

The automated configuration, management, and coordination of systems, apps and services

40
Q

In the context of data roles, the customer whose sensitive data is being collected, modified, and stored is referred to as what?

A

Subject

41
Q

What is used to quantitatively measure the criticality of a vulnerability?

A
  • CVSS
  • Common Vulnerability Scoring System
42
Q

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system, what best describes this action?

A

Compensating controls

43
Q

What is the most common data loss path for an air-gapped network?

A

Removable devices

44
Q

An administrator reviewed log files after a ransomware attack, what control type is this?

A

Detective

45
Q

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file’s creator. How should they get the information required?

A

Query the file’s metadata

46
Q

What team combines both offensive and defensive testing techniques to protect an organization’s critical systems?

A

Purple

47
Q

What is the primary security implication of using end-of-life operating systems?

A

Lack of patch availability

48
Q

What would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

A

A full inventory of all hardware and software

49
Q

What strategy must be employed to ensure data loss is prevented on stolen laptops?

A

Encryption at rest

50
Q

What should an administrator do to prevent users from being able to access data based on their responsibilities in a simple format?

A

RBAC

51
Q

What access management concepts will a company most likely use to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account?

A
  • Federation
  • Password complexity
52
Q

What is a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

A

SIEM

53
Q

What is the best way to handle a critical business application that is running on a legacy server?

A

Segmentation

54
Q

What risk management strategy should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

A

Mitigation

55
Q

What is the best way to secure an on-site data center against intrusion from an insider?

A

Access badge

56
Q

The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. What would most likely prevent this from happening?

A

Changing the default password

57
Q

What is ALE (Annual Loss Expectancy)

A

Represents the expected monetary loss for an asset due to a risk over a year

58
Q

What would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

A

ALE

59
Q

What logs would you analyze to identify the impacted host in a command-and-control server incident?

A

DHCP and Firewall

60
Q

What is a backout plan?

A
  • A backout plan is a predefined strategy to reverse and recover from changes made to a system if the changes produce undesirable results
  • It’s a safety measure that ensures data integrity and system availability.