Test SYS-601 Flashcards
Scalability (Scaling out)
-Scalability is the capacity to increase resources to meet demand within similar cost ratios. Scaling out adds more resources in parallel to a system. Adding an additional CPU is an example of scaling out.
-Scalability means that if service demand doubles, costs do not more than double. Adding more resources such as RAM is an example of scaling out.
Scalability (Scaling Up)
-Giving important processes higher priority in a system is not scaling out, but more so scaling up. Scaling up is done by increasing existing resources.
-Freeing up CPU resources in a system by eliminating services is not scaling out, but more so scaling up. Scaling up is done by increasing existing resources.
What is the file
%SystemRoot%\System32\Drivers\etc\hosts
responsible for?
the file responsible for mapping IP addresses to domain names in Windows. It does not store passwords. The HOSTS file existed long before Domain Name System (DNS), and while all name resolution now functions through DNS, the HOSTS file is still present, and most operating systems check it before using DNS.
%SystemRoot%\System32\config\SAM
is where local users and passwords are stored as part of the Registry (Security Account Manager) on Windows machines.
/etc/passwd
- is where user account details and encrypted passwords are stored on Linux (on older systems), but this file is universally accessible.
-Consequently, passwords are moved to /etc/shadow, which is only readable by the root user on Linux.
What does the ARP cache show
The ARP cache shows the MAC address of the interface associated with each IP address the local host has communicated with recently.
What does ipconfig show
-Windows ipconfig shows the configuration assigned to network interface(s), including the hardware or media access control (MAC) address, IPv4 and IPv6 addresses.
-ipconfig shows whether the IP address is static or assigned by DHCP. If the address is DHCP-assigned, the output also shows the address of the DHCP server that provided the lease.
What is Ping used for
The admin can use the ping command to probe a host on a particular IP address or host name using the Internet Control Message Protocol (ICMP).
What does asymmetric encryption proves
Asymmetric encryption is ideal for proving identity, but it requires significant computing overhead and is inefficient for bulk encryption.
What are the drawback’s of asymmetric encryption
The drawback of asymmetric encryption is that it involves substantial computing overhead compared to symmetric encryption.
Symmetric encryption
Symmetric encryption is very fast. It is used for bulk encryption of large amounts of data. The main problem is secure key distribution and storage.
Stream cipher
In a stream cipher, each byte or bit of data in the plaintext is encrypted one at a time. This is suitable for encrypting communications where the total length of the message is not known.
Endpoint detection and response (EDR)
the product is to provide real-time and historical visibility into the compromise, contain the malware within a single host, and facilitate remediation of the host to its original state.
aims to provide enhanced protection, visibility, and control over endpoints
Next-generation endpoint
Next generation endpoint agents use cloud management, rather than reporting to an on-remises server;
Next-generation endpoint detection systems use artificial intelligence (AI) and machine learning to perform user and entity behavior analysis (UEBA)
What does Ba seline deviation reporting mean?
it means testing the actual configuration of hosts to ensure that their configuration settings match the baseline template.
The 6 steps of incident response in order
- Preparation
2.Identification
3.Containment
4.Eradication
5.Recover
6.Lessons Learned
Page 3. of Emmanuel notes
What is the goal of the containment stage
The goal of the containment stage is to secure data while limiting the immediate impact on customers and business partners
What is the purpose of identification (Incident response)
Based on an alert or report, identification determines whether an incident has taken place, how severe it might be (triage), and notifies stakeholders.
What happens during Eradication? (Incident response)
Once the security admin contains the incident, eradication removes the cause and restores the affected system to a secure state.
What does the recovery stage consist of? (Incident response)
This recovery phase may involve restoration of data from backup and security testing.
How can a company install a virtual machine on a bare metal virtual platform?
A bare metal virtual platform means that a type 1 hypervisor is installed directly onto a host machine and manages access to the host hardware directly without going through a host Operating System (OS) like Windows Server.
How is VirtualDesktop Infrastructure (VDI) achieved?
Virtual Desktop Infrastructure (VDI) is achieved by replacing desktop computers with low specification and low power thin client computers.
A rouge access point (AP)
A malicious user can set up an unauthorized (rouge) access point with something as basic as a smartphone with tethering capabilities, and non-malicious users could do so by accident.
An access point that requires a wireless controller to function is known as a what?
a thin WAP
