SY0-701: 4.0 (Security Operations) Flashcards

Question 1

Q

DLP (4.4)

Answer

A

Data Loss Prevention- Set up to monitor the data of a system while it’s in use, in transit, or at rest in order to detect any attempts to steal the data (hardware or software)

Question 2

Q

Endpoint DLP Systems (4.4)

Answer

A

a piece of software that’s installed on a workstation or a laptop that monitors the data that’s in use on that computer

Question 3

Q

Network DLP System (4.4)

Answer

A

A piece of software or hardware placed at the perimeter of the network to detect data in transit

Question 4

Q

Storage DLP System (4.4)

Answer

A

Software installed on a server which inspects the data while it’s at rest

Question 5

Q

Cloud-Based DLP System (4.4)

Answer

A

Usually offered as Software as a Service (SaaS) and it’s part of the cloud service and storage system

Question 6

Q

Acquisition / Procurement (4.2)

Answer

A

Acquisition- Process of obtaining goods or services
Procurement- Encompasses the full process of acquiring goods and services, including all preceding steps

Question 7

Q

BYOD (4.1)

Answer

A

Bring Your Own Device- Permits employees to use personal devices for work
-Employees have control over device security

Question 8

Q

COPE (4.1)

Answer

A

Corporate-Owned, Personally Enabled- Involves the company providing a mobile device to employees for both work and personal use

Question 9

Q

CYOD (4.1)

Answer

A

Choose Your Own Device- Offers a middle ground between BYOD and COPE by allowing employees to choose devices from a company-approved list

Question 10

Q

Asset Management (4.2)

Answer

A

Refers to the systematic approach to governing and maximizing the value of items an entity is responsible for throughout their lifecycle

Question 11

Q

Assignment / Allocation of Assets (4.2)

Answer

A

Every organization should designate individuals or groups as owners of the assets

Question 12

Q

Asset Classification (4.2)

Answer

A

Involves categorizing assets based on criteria like function, value, or other relevant parameters as determined by the organization

Question 13

Q

Asset Monitoring (4.2)

Answer

A

Maintaining an inventory/record of every asset including specifications, location, assigned users, and other relevant details

Question 14

Q

Asset Tracking (4.2)

Answer

A

Takes asset monitoring a bit further; Involves maintaining a comprehensive inventory with asset specifications, locations, and assigned users, along with its condition and status using specialized software

Question 15

Q

Asset Enumeration (4.2)

Answer

A

Involves identifying and counting assets, especially in large organizations or during times of asset procurement or retirement

Question 16

Q

MDM (4.2)

Answer

A

Mobile Device Management- Lets organizations securely oversee employee devices, ensuring policy enforcement, software consistency, and data protection

Question 17

Q

Special Publication 800-88 (4.2)

Answer

A

Guidelines for media sanitization- Guidance on media sanitization, destruction, and certification

Question 18

Q

Media Sanitization (4.2)

Answer

A

Thorough process of making data inaccessible and irretrievable from a storage medium using traditional forensic methods
-Overwriting data
-Degaussing
-Encryption Techniques

Question 19

Q

CE (Media Sanitization) (4.2)

Answer

A

Cryptographic Erase- Faster than deleting data because the cryptographic keys are what gets erased

Question 20

Q

Media Destruction (4.2)

Answer

A

Ensures the physical device itself is beyond recovery or reuse
-Shredding
-Pulverizing
-Melting
-Incinerating

Question 21

Q

Certification (Media Sanitization) (4.2)

Answer

A

An act of proof that the data or hardware has been securely disposed of

Question 22

Q

Port (4.5)

Answer

A

Logical communication endpoint that exists on a computer or server

Question 23

Q

Inbound Port (4.5)

Answer

A

Logical communication opening on a server that is listening for a connection from a client

Question 24

Q

Outbound Port (4.5)

Answer

A

Logical communication opening created on a client in order to call out to a server that is listening for a connection

Question 25

Q

Well-Known Ports (4.5)

Answer

A

Ports 0 to 1023 are considered well-known and are assigned by the Internet Assigned Numbers Authority (IANA)

Question 26

Q

Registered Ports (4.5)

Answer

A

Ports 1024 to 49,151 are considered registered and are usually assigned to proprietary protocols

Question 27

Q

Dynamic and Private Ports (4.5)

Answer

A

Port 49,152 to 65,535 can be used by any application without being registered with IANA

Question 28

Q

Protocol (4.5)

Answer

A

Rules governing device communication and data exchange

Question 29

Q

Port 21 (4.5)

Answer

A

Over TCP
FTP: File Transfer Protocol
Used to transfer files from host to host

Question 30

Q

Port 22 (4.5)

Answer

A

Over TCP
SSH: Secure Shell
SCP: Secure Copy Protocol
SFTP: Secure File Transfer Protocol
Provides secure remote terminal access as well as file transfer capabilities (SSH)
Provides secure copy functions (SCP)
Provides secure file transfers (SFTP)

Question 31

Q

Port 23 (4.5)

Answer

A

Over TCP
Telnet
Provides insecure remote control of another machine using a text-based environment; older version of SSH, unencrypted and therefore unsecure

Question 32

Q

Port 25 (4.5)

Answer

A

Over TCP
SMTP: Simple Mail Transfer Protocol
Provides the ability to send emails over the network

Question 33

Q

Port 53 (4.5)

Answer

A

Over TCP and UDP
DNS: Domain Name Server
Translates domain names into IP addresses

Question 34

Q

Port 69 (4.5)

Answer

A

Over UDP
TFTP: Trivial File Transfer Protocol
Used as a lightweight file transfer method for sending configuration files or network booting of an operating system

Question 35

Q

Port 80 (4.5)

Answer

A

Over TCP
HTTP: Hyper-Text Transfer Protocol
Used for unsecured web browsing

Question 36

Q

Port 88 (4.5)

Answer

A

Over UDP
Kerberos
Network authentication protocol

Question 37

Q

Port 110 (4.5)

Answer

A

Over TCP
POP3: Post Office Protocol version 3
Responsible for retrieving email from a server

Question 38

Q

Port 119 (4.5)

Answer

A

Over TCP
NNTP: Network News Transfer Protocol
Used for accessing newsgroups

Question 39

Q

Port 135 (4.5)

Answer

A

Over TCP and UDP
RPC: Remote Procedure Call
Facilitates communication between different system processes

Question 40

Q

Ports 137, 138, and 139 (4.5)

Answer

A

Over TCP and UDP
NetBIOS
Networking protocol suite

Question 41

Q

Port 143 (4.5)

Answer

A

Over TCP
IMAP: Internet Message Access Protocol
Allows access to email messages on a server

Question 42

Q

Port 161 (4.5)

Answer

A

Over UDP
SNMP: Simple Network Management Protocol
Manages network devices

Question 43

Q

Port 162 (4.5)

Answer

A

Over UDP
SNMP Trap
Responsible for sending SNMP trap messages

Question 44

Q

Port 389 (4.5)

Answer

A

Over TCP
LDAP: Lightweight Directory Access Protocol
Facilitates directory services

Question 45

Q

Port 443 (4.5)

Answer

A

Over TCP
HTTPS: Hyper-Text Transfer Protocol Secure
Provides secure web communication

Question 46

Q

Port 445 (4.5)

Answer

A

Over TCP
SMB: Server Message Block
Used for file and printer sharing over a network

Question 47

Q

Ports 465 and 587 (4.5)

Answer

A

Over TCP
SMTPS: Simple Mail Transfer Protocol Secure
Provides secure SMTP communication

Question 48

Q

Port 514 (4.5)

Answer

A

Over UDP
Syslog
Used for sending log messages

Question 49

Q

Port 636 (4.5)

Answer

A

Over TCP
LDAPS: Lightweight Directory Access Protocol Secure
LDAP communication over SSL/TLS

Question 50

Q

Port 993 (4.5)

Answer

A

Over TCP
IMAPS: Internet Message Access Protocol Secure
Used for secure email retrieval over SSL/TLS

Question 51

Q

Port 995 (4.5)

Answer

A

Over TCP
POP3S: Post Office Protocol Secure
Used for secure email retrieval over SSL/TLS

Question 52

Q

Port 1433 (4.5)

Answer

A

Over TCP
Microsoft SQL
Used to facilitate communication with Microsoft SQL Server

Question 53

Q

Ports 1645 and 1646 (4.5)

Answer

A

Over TCP
RADIUS TCP
Used for remote authentication, authorization, and accounting

Question 54

Q

Ports 1812 and 1813 (4.5)

Answer

A

Over UDP
RADIUS UDP
Used for authentication and accounting as defined by the Internet Engineering Task Force (IETF)

Question 55

Q

Port 3389 (4.5)

Answer

A

Over TCP
RDP: Remote Desktop Protocol
Enables remote desktop access

Question 56

Q

Port 6514 (4.5)

Answer

A

Over TCP
Syslog TLS
Used in a secure syslog that uses SSL/TLS to encrypt the IP packets using a certificate before sending them across the IP network to the syslog collector

Question 57

Q

ACL (4.5)

Answer

A

Access Control List- A rule set that is placed on firewalls, routers, and other network infrastructure devices that permit or allow traffic through a particular interface

Question 58

Q

IAM (4.6)

Answer

A

Identity and Access Management- Systems and processes used to manage access to information in an organization to ensure that the right individuals have access to the right resources at the right times for the right reasons

Question 59

Q

Identification (4.6)

Answer

A

Process where a user claims an identity to a system, typically using a unique identifier like a username or an email address

Question 60

Q

Authentication (4.6)

Answer

A

Process of verifying the identity of a user, device, or system and this involves validating the credentials provided by the user against a database of authorized users

Question 61

Q

Authorization (4.6)

Answer

A

Process that determines what permissions or levels of access the user has

Question 62

Q

Accounting (4.6)

Answer

A

Process of tracking and recording user activities

Question 63

Q

IAM 4 Steps (4.6)

Answer

A

Identification
Authentication
Authorization
Accounting

Question 64

Q

Provisioning (4.6)

Answer

A

Process of creating new user accounts, assigning them appropriate permissions, and providing users with access to systems

Answer 65

A

Process of verifying the identity of a user before the account is created

Answer 66

A

The ability of different systems, devices, and applications to work together and share information

Answer 67

A

Process of validating that user accounts and access rights are correct and up-to-date

Answer 68

A

Multi-Factor Authentication- Security system that requires more than one method of authentication from independent categories of credentials to verify the users identity

Answer 69

A

Users can create and access online accounts without needing to input a password; public key is stored on server and private key is stored on users device (therefore if server is compromised the attacker only gets the public key)

Answer 70

A

Measures the passwords ability to resist guessing and brute-force attacks

Answer 71

A

Length- should be 12-16 characters
Complexity- mix case, numbers and symbols
Reuse- using the same password for different accounts increases risk
Expiration- mandates regular password changes (no longer recommended because users are more likely to reuse passwords
Age- length of time password has been in use

Answer 72

A

Tools that store, generate, share, and autofill passwords to enhance security

Answer 73

A

Provides improved security and a more user-friendly experience
-Biometrics
-Hardware tokens
-One-time passwords (OTP- e.g. code sent to phone or email)
-Magic links (email link automatically logs user into website)
-Passkeys (integrates with browser or operating system

Answer 74

A

Single Sign-On- Authentication process that allows a user to access multiple applications or websites by logging in only once with a single set of credentials

Answer 75

A

Identity Provider- System that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network

Answer 76

A

LDAP/LDAPS- Lightweight Directory Access Protocol
OAuth- Open Authorization
SAML- Security Assertion Markup Language

Answer 77

A

Open standard for token-based authentication and authorization that allows an individuals account information to be used by third-party services without exposing the users password (e.g. when you sign on a website using Google account)

Answer 78

A

Security Assertion Markup Language- A standard for logging users into applications based on their sessions in another context; allows services to separate from identity providers and removes the need for direct user authentication

Answer 79

A

Process that allows for the linking of electronic identities and attributes to store information across multiple distinct identity management systems

Answer 80

A

Login Initiation
Redirection to an identity provider
Authenticating the user
Generation of an assertion
Returning to a service provider
Verification and access

Answer 81

A

Privileged Access Management- Solutions that helps organizations restrict and monitor privileged access within an IT environment

Answer 82

A

Just-In-Time Permissions (JIT Permissions)
Password Vaulting
Temporal Accounts

Answer 83

A

Security model where administrative access is granted only when needed for a specific period

Answer 84

A

Technique used to store and manage passwords in a secure environment, such as in a digital vault

Answer 85

A

Used to provide time-limited access to resources, and they are automatically disabled or deleted after a certain period of time

Answer 86

A

Mandatory Access Control- Employs security labels to authorize user access to specific resources; used in environments of high data security where users cant modify their own permissions

Answer 87

A

Discretionary Access Control- Resources owner determines which users can access each resource

Answer 88

A

Role-Based Access Control- Assigns users to roles and uses these roles to grant permissions to resources

Answer 89

A

Rule-Based Access Control- Enables administrators to apply security policies to all users

Answer 90

A

Attribute-Based Access Control- Uses object characteristics for access control decisions

Answer 91

A

File creation date, resource owner, file owner, and data sensitivity

Answer 92

A

Controls restrict resource access based on request times (e.g. don’t allow user logins during midnight hours)

Answer 93

A

A user should only have the minimum access rights needed to perform their job functions and tasks, and nothing additional or extra

Answer 94

A

Occurs when a user gains excessive rights during their career progression in the company

Answer 95

A

User Access Control- A mechanism designed to ensure that actions requiring administrative rights are explicitly authorized by the user

Answer 96

A

Discretionary Access Control- Each object has a list of entities that are allowed to access it

Answer 97

A

Permission schemes that are defined by various properties for a given file or process

Answer 98

A

Process of measuring changes in the network, hardware, or software environment

Answer 99

A

A group of policies that can be loaded through one procedure

Answer 100

A

gpedit (Windows)

Answer 101

A

Set of rules or policies that can be applied to a set of users or computer accounts within an operating system

Answer 102

A

Security-Enhanced Linux- Set of controls (default context-based permission scheme) that are installed on top of another Linux distribution like CentOS or Red Hat Linux

defines 3 main contexts for each file and process
1. User- Defines what users can access an object(_u)
2. Role- Defines what roles can access a given object (_r)
3. Type- Groups objects together that have similar security requirements or characteristics
4. Level- Used to describe the sensitivity level of a given file, directory, or process

Answer 103

A

Unconfined_u (All Users)
User_u (Unprivileged users)
Sysadmin_u (System Administrators)
Root (Root User)

Answer 104

A

Disabled- SELinux is essentially turned off, and so MAC is not going to be implemented

Enforcing- All the SELinux security policies are being enforced

Permissive- SELinux is enabled but the security policies are not enforced

Answer 105

A

Targeted- Policies are enforced only for specified objects
Strict- Policies are enforced for every object

Answer 106

A

Standard security configuration applied to guarantee minimum security for a system, network, or application

Answer 107

A

Establish- Set up a system including security and applications and then create image

Deploy- Apply baseline image to assets

Maintain- Ensure systems are locked down and continually install patches/updates etc.

Answer 108

A

Extended Service Set Configuration- Involves multiple wireless access points working together to create a unified and extended coverage area for users in a large building or facility

Answer 109

A

Channels 1, 6, and 11 (When selected the listed channels won’t interfere with each other)

Answer 110

A

Process of planning and designing a wireless network to provide a solution

Answer 111

A

Graphical representation of the wireless coverage, the signal strength, and frequency utilization data at different locations on a map

Answer 112

A

Wired Equivalency Protocol- Outdated 1999 wireless security standard meant to match wired LAN security for wireless networks

64-bit- 40 bits of key data with 24-bits of initialization vector
128-bit- 104 bits of key data with 24-bits of initialization vector

Answer 113

A

Wi-Fi Protected Access- Introduced in 2003 as a temporary improvement over WEP while the more robust IEEE 802.11i standard was in development

Answer 114

A

Wi-Fi Protected Access 2- Improved data protection and networks access control by addressing weaknesses in WPA version; replaced TKIP with the AES (Advanced Encryption Standard) protocol and adopted CCMP for stronger Encryption

Answer 115

A

Temporal Key Integrity Protocol- Generates new 128-bit keys for each packet, eliminating WEPs key-reuse vulnerabilities

Answer 116

A

Wi-Fi Protected Access 3- Latest version using AES (Advanced Encryption Standard) encryption and introducing new features like SAE (Simultaneous Authentication of Equals), OWE (Enhanced Open/Opportunistic Wireless Encryption), updated cryptographic protocols, and management protection frames

Answer 117

A

Counter Cipher Mode with Black Chaining Message Authentication Code Protocol

Answer 118

A

Advanced Encryption Standard

Answer 119

A

Message Integrity Code

Answer 120

A

Simultaneous Authentication of Equals- Enhances security by offering a key establishment protocol to guard against offline dictionary attacks

Answer 121

A

Enhanced Open/Opportunistic Wireless Encryption- Major advancement in wireless security, especially for networks using open authentication

Answer 122

A

Uses a newer variant of AES (Advanced Encryption Standard) known as the AES GCMP (Galois Counter Mode Protocol)

Answer 123

A

Galois Counter Mode Protocol- Supports 128-bit AES (Advanced Encryption Standard) for personal networks and 192-bit AES for enterprise networks with WPA3

Answer 124

A

Required to protect network from key recovery attacks; prevents eavesdropping, forging, and tampering

Answer 125

A

Authentication, Authorization, and Accounting Protocol- Plays a vital role in network security by centralizing user authentication to permit on authorized users to access network resources

Answer 126

A

Remote Authentication Dial-In User Service- Client/server protocol offering AAA (Authentication, Authorization, Accounting) services for network users

Answer 127

A

Terminal Access Controller Access-Control System Plus- Separates the functions of AAA (Authentication, Authorization, Accounting) to allow for more granular control over processes

Answer 128

A

Confirm user identity for network security and authorized access

EAP- Extensible Authentication Protocol
PEAP- Protected Extensible Authentication Protocol
EAP-TTLS- Extensible Authentication Protocol-Tunneled Transport Layer Security
EAP-FAST- Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling

Answer 129

A

Extensible Authentication Protocol- Authentication framework that supports multiple authentication methods

Answer 130

A

Protected Extensible Authentication Protocol- Authentication protocol that secures EAP within an encrypted an authenticated TLS (Transport Layer Security) tunnel

Answer 131

A

Extensible Authentication Protocol-Tunneled Transport Layer Security- Authentication protocol that extends TLS (Transport Layer Security) support across multiple platforms

Answer 132

A

Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling- Developed by Cisco, it enables secure re-authentication while roaming within a network without full authentication reach time

Answer 133

A

Critical aspect of software development that focuses on building applications that are secure by design

Answer 134

A

Input Validation
Secure Cookies
Static Code Analysis
Dynamic Code Analysis
Code Signing
Sandboxing

Answer 135

A

Acts as a gatekeeper to ensure that applications only act on well-defined and uncontaminated data

Answer 136

A

Rules that delineate acceptable and unacceptable inputs

Answer 137

A

Static Application Security Testing (aka Static Code Analysis)- A method of debugging an application by reviewing and examining its source code before the program is ever run

Answer 138

A

Performing the code review using a human instead of a static analysis tool

Answer 139

A

Testing method that analyzes an application while it’s running

Answer 140

A

aka Fuzz Testing- Finds software flaws by bombarding it with random data to trigger crashes and security vulnerabilities

Answer 141

A

Type of software testing that evaluates the stability and reliability of a system under extreme conditions

Answer 142

A

Technique used to confirm the identity of the software author and guarantee that the code has not been altered or corrupted since it was signed

Answer 143

A

Security mechanism that is used to isolate running programs by limiting the resources and the changes they can make to a system

Answer 144

A

Network access is granted using software installed on a device requesting network access

Answer 145

A

Network Access Control- Scans devices for their security status before granting network access, safeguarding against both known and unknown devices

Answer 146

A

Network access is granted by users connect to Wi-Fi, access a web portal, and click a link for login

Answer 147

A

Users can only log onto network during specific times of the day

Answer 148

A

Users can only log on from specified areas/locations

Answer 149

A

Technique used to restrict or control the content a user can access on the Internet

Answer 150

A

Installing a small piece of software known as an agent on each device that will require web filtering

Answer 151

A

Server that acts as an intermediary between an organizations end users and the Internet

Answer 152

A

Used to analyze a websites URL to determine if it is safe or not to access

Answer 153

A

Websites are categorized based on content, like social media, adult content, or gambling, which are frequently restricted in the workplace

Answer 154

A

Specific guidelines set by an organization to prevent access to certain websites or categories of websites

Answer 155

A

Blocking or allowing website based on their reputation score which is usually determined by a third party website

Answer 156

A

Technique used to block access to certain websites by preventing the translation of specific domain names to their corresponding IP addresses

Answer 157

A

DomainKeys Identified Mail- Allows the receiver to check if the email was actually sent by the domain it claims to be sent from and if the content was tampered with during transit

Answer 158

A

Sender Policy Framework- Email authentication method designed to prevent forging sender addresses during email delivery

Answer 159

A

Domain-based Message Authentication, Reporting, and Conformance- An email validation system designed to detect and prevent email spoofing

Answer 160

A

Server or system that serves as the entry and exit point for emails

Answer 161

A

Physical server that is located within an organizations own data center or premises that provides an organization with full control over their email system

Answer 162

A

Email gateway that is hosted by third-party cloud service providers to provide greater scalability and ease of maintenance

Answer 163

A

Used to combine the benefits of both on-premise and cloud-based gateways into a single offering

Answer 164

A

Process of detecting unwanted and unsolicited emails and preventing them from reaching as users email inbox

Answer 165

A

Endpoint Detection and Response- Category of security tools that monitor endpoint and network events and record the information in a central database; not as comprehensive as XDR (Extended Detection and Response)

Answer 166

A

File Integrity Monitoring- Used to validate the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline

Answer 167

A

Extended Detection and Response- Security strategy that integrates multiple technologies into a single platform to improve detection accuracy and simplify the incident response process; more comprehensive than EDR (Endpoint Detection and Response)

Answer 168

A

User Behavior Analytics- Deploys big data and machine learning to analyze user behaviors for detecting security threats

Answer 169

A

User and Entity Behavior Analytics- Built upon the foundation of UBA (User Behavior Analytics) with monitoring of entities as an addition function

Answer 170

A

Set of rules or procedures for transmitting data between electronic devices

Answer 171

A

HTTPS instead of HTTP
FTPS instead of FTP
SSH instead of Telnet
IMAPS instead of IMAP
POP3S instead of POP3
SMTPS instead of SMTP
SNMPS instead of SNMP

Answer 172

A

Logical construct that identifies specific processes or services in a given system

Well Known = 0 - 1,023 (system processes and services)
Registered Ports = 1,024 - 49,151 (software applications)
Dynamic/Private Ports = 49152 - 65,535 (client-side connections)

Answer 173

A

Refers to the way data is moved from one place to another, usually using either TCP (has error checking built in) or UDP (no error checking or delivery assurance) to transmit the data

Answer 174

A

Systematic and ongoing process of identifying, evaluating, prioritizing, and mitigating vulnerabilities

Answer 175

A

Ensures that the libraries and components that the application depends on are secure and up-to-date

Answer 176

A

Used to simulate a real-world attack on a system to evaluate its security posture

Answer 177

A

Continual process used to understand the threats faced by an organization

Answer 178

A

Process that involves conducting a comprehensive review of the information system, security policies, and procedures

Answer 179

A

Continuous stream of data related to potential or current threats to an organizations security

Answer 180

A

Open Source Intelligence- Intelligence that is collected from publicly available sources including reports, forums, news articles, blogs, and social media posts

Answer 181

A

Threat intelligence feeds that are provided by commercial vendors, usually under a subscription service type of business model

Answer 182

A

Part of the Internet tat is intentionally hidden and inaccessible through standard web browsers

Answer 183

A

Term used to describe the ethical practice where a security researcher discloses information about vulnerabilities in a software, hardware, or online service

Answer 184

A

Common Vulnerability and Exposures- System that provides a standardized way to uniquely identify and reference known vulnerabilities in software and hardware

Answer 185

A

Exposure Factor- Used as a quantifiable metric to help a cybersecurity professional understand the exact percentage of an asset that is likely to be damaged or affected if a particular vulnerability is exploited

Answer 186

A

Refers to the level of risk that an organization is willing to accept in pursuit of its objectives and before action is deemed necessary to mitigate the risk

Answer 187

A

Strategies that identify, assess, and address vulnerabilities in a system or network to strengthen an organizations security posture

Answer 188

A

Patching
Purchasing cybersecurity insurance policies
Network segmentation
Implementing compensating controls
Granting exceptions and exemptions

Answer 189

A

Rescans
Audits
Verification

Answer 190

A

Process of documenting aand communicating details about security weaknesses identified in software or systems to the individuals or organzations responsible for addressing the issue

Answer 191

A

Involves the identification, documentation, and communication of the organizations vulnerabilities within the organizational structure

Answer 192

A

Involves discussions with the vendors, partners, customers, or the public at large, depending on the specific vulnerability involved

Answer 193

A

Art of disclosing vulnerabilities ethically and judiciously to the affected stakeholders before making the announcement to the public at large

Answer 194

A

Observation of computer system, including the utilization and consumption of its resources

Answer 195

A

Established performance metrics and data points for standard behavior of a system, network, or application

Answer 196

A

Emphasizes the management and monitoring of software application performance and availability

Answer 197

A

observation of the performance and availability of an organizations physical and virtual infrastructure

Answer 198

A

Process of collecting and consolidating log data from various sources into a centralized location

Answer 199

A

Involves setting up notification to inform relevant stakeholders when specific events or conditions occur

Answer 200

A

Involves examining systems, networks, or applications to identify vulnerabilities, configuration issues, or other potential problems

Answer 201

A

Checks for vulnerabilities in systems, networks, or applications by comparing the systems state against databases of vulnerabilities

Answer 202

A

Checks for misconfiguration that could impact system performance or security

Answer 203

A

Checks the source code of an application for potential issues, such as security vulnerabilities or coding errors

Answer 204

A

Involves generating summaries or detailed reports based on the collected and analyzed data

Answer 205

A

Involves storing data for long-term retentions and future reference, including organizations log data, performance data, and incident data

Answer 206

A

Involves taking appropriate actions in response to alerts and ensuring that the identified issues have been effectively addressed

Answer 207

A

Steps used to resolve the identified issues or vulnerabilities

Answer 208

A

Involves verifying that the remediation implemented was actually successful and has effectively addressed the given issue or vulnerability

Answer 209

A

Isolating a system, network, or application to prevent the spread of a threat and limit its potential impact

Answer 210

A

Adjusting alert parameters to reduce errors, false positive, and to improve the overall relevance of the alerts being generated by a given system

Answer 211

A

Simple Network Management Protocol- Internet protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior

Answer 212

A

Simple Network Management Protocol Trap Message- A message that’s sent from a network device to an SNMP management system without being solicited by the system

Answer 213

A

Sent message to get a unique objective identifier to distinguish each message as a unique message being received

Answer 214

A

Object Identifier (used with SNMP- Simple Network Management Protocol- trap messages)

Answer 215

A

Management Information Base- Used to describe the structure of the management data of a device subsystem using a hierarchical namesapace containing object identifiers

Answer 216

A

Simple Network Management Protocol Trap- May be configured to contain all the information about a given alert or event as a payload

Answer 217

A

SNMPv1 and v2 both transmit in plaintext. V3 offer…
Confidentiality using encryption (DES for earlier implementations and 3DES or AES for newer implementations)
Integrity using hashes
Authentication by validating source of messages

Answer 218

A

Security Information and Event Manager- Solution that provides real-time or near-real-time analysis of security alerts that are generated by network hardware and applications

Answer 219

A

Software agent installed on each system, such as a server or workstation, from which the SIEM (Security Information and Event Manager) needs to collect log data

Answer 220

A

Under this approach, the SIEM (Security Information and Event Manager) system directly collects log data from each system using standard protocols such as SNMP (Simple Network Management Protocol) or WMI (Windows Management Instrumentation)

Answer 221

A

Security Information and Event Manager- Splunk, ELK or Elastic Stack, ArcSight, QRadar

Answer 222

A

Common Vulnerability Scoring System- Used to provide a numerical score to reflect the severity of a given vulnerability

0.0 = None
0.1 - 3.9 = Low
4.0 - 6.9 = Medium
7.0 - 8.9 = High
9.0 - 10.0 = Critical

Answer 223

A

fundamental security tool that protects systems against malware, including viruses, worms, trojans, ransomware, and spyware

Answer 224

A

Data Loss Prevention Systems- Used to monitor and control data endpoints, network traffic, and data store in the cloud to prevent potential data breaches from occurring

Answer 225

A

Network Intrusion Detection System- Passively identify potential threats

Answer 226

A

Network Intrusion Prevention System- Actively identify and block or prevent potential threats

Answer 227

A

Serve as a barrier between a trusted internal network and an untrusted external network

Answer 228

A

Tools that identify security weaknesses in a system, including missing patches, incorrect configurations, and other types of known vulnerabilities

Answer 229

A

Security content Automation Protocol- Open standards that automate vulnerability management, measurement, and policy compliance for systems in an organization

Answer 230

A

OVAL- Open Vulnerability and Assessment Language
XCCDF- Extensible Configuration Checklist Description Format
ARF- Asset Reporting Format

Answer 231

A

Open Vulnerability and Assessment Language- XML (extensible Markup Language) schema for describing system security states and querying vulnerability reports and information

Answer 232

A

Extensible Configuration Checklist Description Format- XML (Extensible Markup Language) schema for developing and auditing best-practice configuration checklists and rules

Answer 233

A

Asset Reporting Format- XML (Extensible Markup Language) schema for expressing information about assets and the relationships between assets and reports

Answer 234

A

Common Configuration Enumeration- Scheme for provisioning secure configuration checks across multiple sources

Answer 235

A

Common Platform Enumeration- Scheme for identifying hardware devices, operating systems, and applications

Answer 236

A

Common Vulnerabilities and Exposures- List of records where each item contains a unique identifier used to describe a publicly known vulnerability

Answer 237

A

Set of security configuration rules for some specific set of products to provide a detailed checklist that can be used to secure systems to a specific baseline

Answer 238

A

Full Packet capture- Captures the entire packet, including the header and the payload for all traffic entering and leaving a network

Answer 239

A

Relies on a flow collector, which records metadata and statistics rather than recording each frame that passes through the network

Answer 240

A

A Cisco developed means of reporting network flow information to a structured database

Answer 241

A

Internet Protocol Information Export- Defines traffic flows based on shared packet characteristics

Answer 242

A

Software that passively monitors a network like a sniffer, but only logs full packet capture of potential interest

Answer 243

A

Multi router Traffic Grapher- Creates graphs showing traffic flows through the network interfaces of routers and switches by polling the appliances using SNMP (Simple Network Management Protocol)

Answer 244

A

A central point of access for all the information, tools, and systems

Answer 245

A

Define requirements
Identify and integrate data sources
Customize the interface
Develop SOPs and documentation
Continuously monitor and maintain the solution

Answer 246

A

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Post-Incident activity/lessons learned

Answer 247

A

Cybersecurity methods for finding hidden threats not caught by regular security monitoring

Answer 248

A

Use SIEM (Security Information and Event Manager) and analysis platforms to spot concerns in the logs and real-world security threats

Answer 249

A

A systematic process to identify the initial source of the incident and how to prevent it from occurring again

Answer 250

A

Define the scope of the incident
Determine the causal relationships
Identify an effective solution
Implement and track the solution

Answer 251

A

Tabletop Exercise- Exercises simulate incident within a control framework

Answer 252

A

Process of investigating and analysing digital devices and data to uncover evidence for legal purposes

Answer 253

A

Identification
Collection
Analysis
Reporting

Answer 254

A

Ensures the safety of the scene, secures it to prevent any evidence contamination, and determines the scope of the evidence to be collected

Answer 255

A

Refers to the process of gathering, preserving, and documenting physical or digital evidence in various fields

Answer 256

A

Involves systematically scrutinizing the data to uncover relevant information, such as potential signs of criminal activity. hidden files, timestamps, and user interactions

Answer 257

A

Involves documenting the finding, processes, and methodologies used during a digital forensic investigation

Answer 258

A

Dictates the sequence in which data sources should be collected and preserved based on their susceptibility to modification or loss

Collect data from systems memory
Capture data from the system state
Collect data from the storage devices
Capture network traffic and logs
Collect remotely store or archived data

Answer 259

A

Documented and verifiable record that tracks the handling, transfer, and preservation of digital evidence from the moment it is collected until it is presented in a court of law

Answer 260

A

Involves creating a bit-by-bit or logical copy of a storage device, preserving its entire content, including deleted files and unallocated space

Answer 261

A

Focuses on extracting files and data fragments from storage media without relying on the file system

Answer 262

A

Formal notification that instructs employees to preserve all potentially relevant electronic data, documents, and records

Answer 263

A

Process of identifying, collecting, and producing electronically stored information during legal proceedings

Answer 264

A

The method and tools used to created a forensically sound copy of the data from a source device, such as system memory or a hard disk

Answer 265

A

A file that records either events that occur in an operating system or other software that runs or messages between different users of a communication software

Answer 266

A

Linux command line utility used for querying and displaying logs from the journal, which is responsible for managing and storing log data on a Linux machine

Answer 267

A

A multi-platform log management tool that helps to easily identify security risks, policy breaches, or analyze operational problems

Answer 268

A

Data the describes other data by providing an underlying definition or description by summarizing basic information about data that makes finding and working with particular instances of data easier

Answer 269

A

Security, Orchestration, Automation, Response

Answer 270

A

Checklist of actions for specific incident responses

Answer 271

A

Automated versions of playbooks with human interaction points

Answer 272

A

REpresentational State Transfer- Architectural style that uses standard HTTP methods and status codes, uniform resource identifiers, and MIME (Multipurpose Internet Mail Extensions) types

Answer 273

A

Simple Object Access Protocol- Protocol that defines a strict standard with a set structure for the message, usually in XML (eXtensible Markup Language) format

Answer 274

A

Tool to transfer data to or from a server using one of the supported protocols

Answer 275

A

Automated version of a Playbook and includes clearly defined interaction points for human intervention and analysis

Answer 276

A

Coordinated and sequenced execution of multiple automated tasks, ensuring they work harmoniously within a larger, complex process

Answer 277

A

Software development practice where new code changes are automatically tested and prepared for a release that allows for reliable, manual deployments to a production environment at any chosen time

Brainscape's Knowledge GenomeTM

SY0-701: 4.0 (Security Operations) Flashcards

Brainscape's Knowledge Genome^TM