Security Operations & Monitoring

Question 1

UEFI Boot Phases

Answer 1

1. Security 2. Pre-EFI initialization 3. Driver Execution Environment 4. Boot Device Select 5 .Transient System Load 6. Runtime

Question 2

Clear

Answer 2

Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques

Question 3

Technical Control

Answer 3

implemented as a system of hardware, software, or firmware.

Question 4

Administrative Control

Answer 4

involve processes and procedures.

Question 5

Physical Control

Answer 5

include locks, fences, and other controls over physical access.

Question 6

Compensating Control

Answer 6

controls that are put in place to cover any gaps and reduce the risk remaining after using other types of controls.

Question 7

Honeypot

Answer 7

host set up with the purpose of luring attackers away from the actual network components and/or discovering attack strategies and weaknesses in the security configuration.

Question 8

Jumpbox

Answer 8

a hardened server that provides access to other hosts.

Question 9

Sandbox

Answer 9

computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion.

Question 10

Containerization

Answer 10

a type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

Question 11

Mimikatz

Answer 11

a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs, and Kerberos tickets.

Question 12

Ring 0

Answer 12

complete access to any memory location and, therefore, any hardware devices connected to the system. Processes that operate with ring 0 privileges are referred to as working in kernel mode.

Question 13

Ring 3

Answer 13

referred to as user mode. Ring 3 is where the OS runs services and non-essential device drivers. It is also where applications run.

Question 14

Tombstone remediation

Answer 14

quarantines and replaces the original file with one describing the policy violation and how the user can rerelease it.

Question 15

journalctl

Answer 15

a command for viewing logs collected by systemd.

Question 16

Credential stuffing

Answer 16

automated injection of breached username/password pairs to gain user accounts access fraudulently.

Question 17

exact data match (EDM)

Answer 17

a pattern matching technique that uses a structured database of string values to detect matches.

Question 18

Document matching

Answer 18

attempts to match a whole document or a partial document against a signature in the DLP.

Question 19

Statistical matching

Answer 19

a further refinement of partial document matching that uses machine learning to analyze various data sources using artificial intelligence or machine learning.

Question 20

getfacl

Answer 20

allows backups of directories to include permissions, saved to a text file.

Question 21

setfacl

Answer 21

used to restore the permissions from the backup created.

Question 22

iptables

Answer 22

used to configure the Linux firewall

Question 23

Linux permissions

Answer 23

“owner, group, other.” 4 (read), 2 (write), and 1 (execute)