Troubleshooting Common Security Issues Flashcards
Which of the following is a valid principle relevant to logs and event anomalies?
It’s important to determine what to log and what not to log.
You should gather and log as much information as you can.
Context doesn’t matter much when logging information.
It’s important to determine what to log and what not to log.
A valid principle relevant to logs and event anomalies is that you should determine what to log and what not to log
Which of the following is true about managing user permission issues?
User rights and permissions reviews are not powerful security controls.
Ensuring that user lists and associated rights are complete and current is a straightforward task with today’s tools.
The strength of this control is highly dependent on it being kept current and properly maintained.
The strength of this control is highly dependent on it being kept current and properly maintained.
When managing user permissions, it is important to recall that the strength of this control is highly dependent on being kept current and properly maintained
What is the most likely reason for access violation errors?
Intruders are trying to hide their footprints.
The user is unauthorized and is either making a mistake or is attempting to get past security.
A SIEM system will not identify access violations.
The user is unauthorized and is either making a mistake or is attempting to get past security.
The most likely reason for access violation errors is that the user is unauthorized and is either making a mistake or is attempting to get past security
Which of the following is a risk typically related to certificates?
Failure to install a needed trust chain makes a key that should be trusted, untrusted.
A chain of trust violation can always be “fixed” when the end user installs a certificate into the trust repository.
Maintaining the repository of trusted certificates across an enterprise is a simple task.
Failure to install a needed trust chain makes a key that should be trusted, untrusted.
A risk typically related to certificates is the failure to install a needed trust chain, which makes a key that should be trusted, untrusted
Which of the following properly defines data exfiltration?
A means for carrying public keys and vouching for their authenticity.
Someone attempts to access a resource that they do not have permission to access.
An attacker attempts to steal a copy of your data and export it from your system.
An attacker attempts to steal a copy of your data and export it from your system.
Data exfiltration is when an attacker attempts to steal a copy of your data and export it from your system
Which of the following is true about firewalls?
Firewalls are encrypted remote terminal connections.
Over time, rulesets stabilize and become easier to maintain.
Firewalls are network access policy enforcement devices that allow or block passage of packets based on a ruleset.
Firewalls are network access policy enforcement devices that allow or block passage of packets based on a ruleset.
Firewalls are network access policy enforcement devices that allow or block passage of packets based on a ruleset
Which of the following is not true about insider threats?
Segregation of duties can help manage insider threats.
Ensuring that system admins do not have the ability to manipulate the logs on the systems they administer can mitigate the insider threat.
The best defense against insider threats is a single strong layer of defense.
The best defense against insider threats is a single strong layer of defense.
The best defense against insider threats is to have multiple strong layers of defense
Which of the following is not a risk related to social media?
An employee can inadvertently share confidential company information.
Extreme viewpoints can present a legal liability to the company.
Viable training programs can help mitigate social media risks.
Viable training programs can help mitigate social media risks.
While social media significantly facilitates collaboration, it does introduce risks such as an employee inadvertently sharing confidential company information. An employee expressing extreme viewpoints can present a legal liability to the company. Viable training programs can help mitigate social media risks