Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • AWR 169 W Module 3 Post Test

    Încărcat de

    Outman El mountasir
    355 vizualizări13 pagini
    texas university

    Titlu original

    AWR 169 W Module 3 Post Test.docx

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    texas university

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    355 vizualizări13 pagini

    AWR 169 W Module 3 Post Test

    Încărcat de

    Outman El mountasir
    texas university

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 13

    AWR-169-W – Module 3 Post-Test

    Points 19.00/20.00
    Grade 95.00 out of 100.00

    Question 1
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Operating systems cybersecurity logs generally record system
    events and ________ records.
    Select one:
    a. Power
    b. Cooling
    c. Startup/shutdown
    d. Audit

    Question 2
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    ________ are the two types of cyber event log management
    tools.
    Select one:
    a. Network and operating system
    b. Automated log management and Security Information and
    Event Management (SIEM)

    c. System software and application software


    d. Batch and real time

    Question 3
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Tracking all access to credit card data via cyber log
    management is required under ________.
    Select one:
    a. HIPPA
    b. GLBA
    c. FISMA
    d. PCI

    Question 4
    Incorrect
    0.00 points out of 1.00
    Flag question

    Question text
    "Which resources may be affected, and to what degree," are
    part of an incident's ________.
    Select one:
    a. Effect
    b. Criticality

    c. Inventory
    d. Containment

    Question 5
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Which of the following activities is NOT part of the investigation
    activities for incident analysis?
    Select one:
    a. Synchronizing server clocks

    b. Performing event correlation


    c. Using packet sniffers on networks
    d. Using Internet search engines for research

    Question 6
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    An incident symptom may indicate a future, past, or current
    event; an indication signifies that an incident may have
    occurred or be occurring now, and ________ is a sign that an
    incident may occur in the future.
    Select one:
    a. A premonition
    b. A correlation
    c. A precursor

    d. A prioritization

    Question 7
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Cyber event false alarms and non-security alerts could include
    which of the following?
    Select one:
    a. Human or operational errors

    b. Detection
    c. Testing
    d. All of the above

    Question 8
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    What are the two types of cyber event log management tools?
    Select one:
    a. Network and operating system
    b. Automated log management, and security information and
    event management (SIEM)

    c. System software and application software


    d. Batch and real time

    Question 9
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    SIEM is an abbreviation for:
    Select one:
    a. Security infrastructure and environment modeling
    b. System interaction and environment monitoring
    c. Security information and event management

    d. System information and event monitoring

    Question 10
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    A resource's "criticality" is based upon all of the following traits
    EXCEPT:
    Select one:
    a. Its users
    b. Its trust relationships and interdependencies with other
    resources
    c. Its data and services
    d. Its power consumption

    Question 11
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    SIEM tools collect event logs in two different configuration
    manners; what are they?
    Select one:
    a. Batch and real time
    b. Network and operating system
    c. System software and application software
    d. Agent and agentless

    Question 12
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Agentless SIEM tools hold the following advantage over Agent-
    based SIEM tools:
    Select one:
    a. The lack of filtering and aggregation at the individual server
    level causes larger amounts of data to be transferred over
    networks.
    b. They analyze the data from different log sources, correlate
    events, identify and prioritize significant events, and initiate
    responses to events.
    c. All logs go to a common format such as syslog.
    d. Installation and configuration control on the clients is not an

    issue.

    Question 13
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Cyber event "scope" includes ________.
    Select one:
    a. How the incident was detected, logs of specific data, the
    nature of the incident/attack, how systems are being effected
    and the importance of those systems
    b. Who has reported the incident
    c. Which networks, segments, servers, users, and applications
    have been affected
    d. When the incident was reported

    Question 14
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Types of cyber event false alarms and non-security alerts would
    include which of the following?
    Select one:
    a. Inaccurate reports

    b. Detection
    c. Both inaccurate reports and detection
    d. None of the above

    Question 15
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Initial incident data should be obtained by the organization's
    ________ and ________.
    Select one:
    a. IT and MIS
    b. Director and VP
    c. Help desk and FIRE
    d. Help desk and CSIRT

    Question 16
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    What is an incident precursor?
    Select one:
    a. A sign that an incident may occur in the future

    b. A sign that an incident is occurring now


    c. A sign that an incident may have occurred
    d. A symptom of an imminent shutdown

    Question 17
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Which one of the following activities is NOT part of baselining
    for incident analysis?
    Select one:
    a. Creating a diagnostic matrix
    b. Using packet sniffers on networks

    c. Synchronizing server clocks


    d. Profiling networks and systems

    Question 18
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Which one of the following is NOT a typical automation method
    for cyber incident management?
    Select one:
    a. Software tools installed and managed by the organization
    b. Removable hard drive units

    c. Managed security service providers


    d. Problem resolution services

    Question 19
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    Event ________ is used to relate events reported by different
    subsystems and possibly occurring at different times and on
    different systems.
    Select one:
    a. Discovery
    b. Correlation

    c. Containment
    d. Mitigation

    Question 20
    Correct
    1.00 points out of 1.00
    Flag question

    Question text
    A cyber incident response SLA matrix sets escalation times in
    relation to ________ and ________.
    Select one:
    a. Incident type / number of users
    b. Response times / incident type
    c. Impacts / number of users
    d. Impact / criticality

    S-ar putea să vă placă și