Documente Academic
Documente Profesional
Documente Cultură
Points 19.00/20.00
Grade 95.00 out of 100.00
Question 1
Correct
1.00 points out of 1.00
Flag question
Question text
Operating systems cybersecurity logs generally record system
events and ________ records.
Select one:
a. Power
b. Cooling
c. Startup/shutdown
d. Audit
Question 2
Correct
1.00 points out of 1.00
Flag question
Question text
________ are the two types of cyber event log management
tools.
Select one:
a. Network and operating system
b. Automated log management and Security Information and
Event Management (SIEM)
Question 3
Correct
1.00 points out of 1.00
Flag question
Question text
Tracking all access to credit card data via cyber log
management is required under ________.
Select one:
a. HIPPA
b. GLBA
c. FISMA
d. PCI
Question 4
Incorrect
0.00 points out of 1.00
Flag question
Question text
"Which resources may be affected, and to what degree," are
part of an incident's ________.
Select one:
a. Effect
b. Criticality
c. Inventory
d. Containment
Question 5
Correct
1.00 points out of 1.00
Flag question
Question text
Which of the following activities is NOT part of the investigation
activities for incident analysis?
Select one:
a. Synchronizing server clocks
Question 6
Correct
1.00 points out of 1.00
Flag question
Question text
An incident symptom may indicate a future, past, or current
event; an indication signifies that an incident may have
occurred or be occurring now, and ________ is a sign that an
incident may occur in the future.
Select one:
a. A premonition
b. A correlation
c. A precursor
d. A prioritization
Question 7
Correct
1.00 points out of 1.00
Flag question
Question text
Cyber event false alarms and non-security alerts could include
which of the following?
Select one:
a. Human or operational errors
b. Detection
c. Testing
d. All of the above
Question 8
Correct
1.00 points out of 1.00
Flag question
Question text
What are the two types of cyber event log management tools?
Select one:
a. Network and operating system
b. Automated log management, and security information and
event management (SIEM)
Question 9
Correct
1.00 points out of 1.00
Flag question
Question text
SIEM is an abbreviation for:
Select one:
a. Security infrastructure and environment modeling
b. System interaction and environment monitoring
c. Security information and event management
Question 10
Correct
1.00 points out of 1.00
Flag question
Question text
A resource's "criticality" is based upon all of the following traits
EXCEPT:
Select one:
a. Its users
b. Its trust relationships and interdependencies with other
resources
c. Its data and services
d. Its power consumption
Question 11
Correct
1.00 points out of 1.00
Flag question
Question text
SIEM tools collect event logs in two different configuration
manners; what are they?
Select one:
a. Batch and real time
b. Network and operating system
c. System software and application software
d. Agent and agentless
Question 12
Correct
1.00 points out of 1.00
Flag question
Question text
Agentless SIEM tools hold the following advantage over Agent-
based SIEM tools:
Select one:
a. The lack of filtering and aggregation at the individual server
level causes larger amounts of data to be transferred over
networks.
b. They analyze the data from different log sources, correlate
events, identify and prioritize significant events, and initiate
responses to events.
c. All logs go to a common format such as syslog.
d. Installation and configuration control on the clients is not an
issue.
Question 13
Correct
1.00 points out of 1.00
Flag question
Question text
Cyber event "scope" includes ________.
Select one:
a. How the incident was detected, logs of specific data, the
nature of the incident/attack, how systems are being effected
and the importance of those systems
b. Who has reported the incident
c. Which networks, segments, servers, users, and applications
have been affected
d. When the incident was reported
Question 14
Correct
1.00 points out of 1.00
Flag question
Question text
Types of cyber event false alarms and non-security alerts would
include which of the following?
Select one:
a. Inaccurate reports
b. Detection
c. Both inaccurate reports and detection
d. None of the above
Question 15
Correct
1.00 points out of 1.00
Flag question
Question text
Initial incident data should be obtained by the organization's
________ and ________.
Select one:
a. IT and MIS
b. Director and VP
c. Help desk and FIRE
d. Help desk and CSIRT
Question 16
Correct
1.00 points out of 1.00
Flag question
Question text
What is an incident precursor?
Select one:
a. A sign that an incident may occur in the future
Question 17
Correct
1.00 points out of 1.00
Flag question
Question text
Which one of the following activities is NOT part of baselining
for incident analysis?
Select one:
a. Creating a diagnostic matrix
b. Using packet sniffers on networks
Question 18
Correct
1.00 points out of 1.00
Flag question
Question text
Which one of the following is NOT a typical automation method
for cyber incident management?
Select one:
a. Software tools installed and managed by the organization
b. Removable hard drive units
Question 19
Correct
1.00 points out of 1.00
Flag question
Question text
Event ________ is used to relate events reported by different
subsystems and possibly occurring at different times and on
different systems.
Select one:
a. Discovery
b. Correlation
c. Containment
d. Mitigation
Question 20
Correct
1.00 points out of 1.00
Flag question
Question text
A cyber incident response SLA matrix sets escalation times in
relation to ________ and ________.
Select one:
a. Incident type / number of users
b. Response times / incident type
c. Impacts / number of users
d. Impact / criticality