this image, what issue may occur because of the log handling settings?Log data may be lost when the log is archived.Log data may be overwritten.Log data may not include needed information.Log data may fill the system disk.14 What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices?SyslogNetlogEventlogRemote Log Protocol (RLP)
15 Ryan is a security risk analyst for an insurance company. He is currently examining a scenario in which a malicious hacker might use a SQL injection attack to deface a web server because of a missing patch in the company’s web application. In this scenario, what is the threat?Unpatched web applicationWeb defacementMalicious hackerOperating system
16 Chris is responsible for his organization’s security standards and has guided the selection and implementation of a security baseline for Windows PCs in his organization. How can Chris most effectively make sure that the workstations he is responsible for are being checked for compliance and that settings are being applied as necessary?Assign users to spot-check baseline compliance.Use Microsoft Group Policy.Create startup scripts to apply policy at system start.Periodically review the baselines with the data owner and system owners.
For questions 20–22, please refer to the following scenario.
The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. Use this diagram and your knowledge of logging systems to answer the following questions.
1 Jennifer needs to ensure that all Windows systems provide identical logging information to the SIEM. How can she best ensure that all Windows desktops have the same log settings?Perform periodic configuration audits.Use Group Policy.Use Local Policy.Deploy a Windows syslog client.
2 During normal operations, Jennifer’s team uses the SIEM appliance to monitor for exceptions received via syslog. What system shown does not natively have support for syslog events?Enterprise wireless access pointsWindows desktop systemsLinux web serversEnterprise firewall devices
3 What technology should an organization use for each of the devices shown in the diagram to ensure that logs can be time sequenced across the entire infrastructure?SyslogNTPLogsyncSNAP
4 Susan needs to predict high-risk areas for her organization and wants to use metrics to assess risk trends as they occur. What should she do to handle this?Perform yearly risk assessments.Hire a penetration testing company to regularly test organizational security.Identify and track key risk indicators.Monitor logs and events using a SIEM device.
5 Tom is considering locating a business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region, shown here, and determines that the area he is considering lies within a 100-year flood plain.What is the ARO of a flood in this area?10010.10.01
6 Which of the following strategies is not a reasonable approach for remediating a vulnerability identified by a vulnerability scanner?Install a patch.Use a workaround fix.Update the banner or version number.Use an application layer firewall or IPS to prevent attacks against the identified vulnerability.
7 Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on port 22. What type of scanning is the outsider likely engaging in?FTP scanningTelnet scanningSSH scanningHTTP scanning
8 Jim would like to identify compromised systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known command-and-control servers. Which one of the following techniques would be most likely to provide this information if Jim has access to a list of known servers?Netflow recordsIDS logsAuthentication logsRFC logs
9 Susan needs to scan a system for vulnerabilities, and she wants to use an open source tool to test the system remotely. Which of the following tools will meet her requirements and allow vulnerability scanning?NmapOpenVASMBSANessus
10 Jim is designing his organization’s log management systems and knows that he needs to carefully plan to handle the organization’s log data. Which of the following is not a factor that Jim should be concerned with?The volume of log dataA lack of sufficient log sourcesData storage security requirementsNetwork bandwidth
Kara used nmap to perform a scan of a system under her control and received the results shown here. Refer to these results to answer questions 30 and 31.
1 If Kara’s primary concern is preventing eavesdropping attacks, which port should she block?22804431433
2 If Kara’s primary concern is preventing administrative connections to the server, which port should she block?22804431433
3 During a port scan, Susan discovers a system running services on TCP and UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects to the machine?A Linux email serverA Windows SQL serverA Linux file serverA Windows workstation
4 After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?AcceptTransferReduceReject
5 What is the best way to provide accountability for the use of identities?LoggingAuthorizationDigital signaturesType 1 authentication
6 Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?PatchingReportingRemediationValidation
7 Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk management strategy did Rolando’s organization pursue?Risk avoidanceRisk mitigationRisk transferenceRisk acceptance
8 During a log review, Danielle discovers a series of logs that show login failures.Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaaeWhat type of attack has Danielle discovered?A pass-the-hash attackA brute-force attackA man-in-the-middle attackA dictionary attack
9 During a third-party audit, Jim’s company receives a finding that states, “The administrator should review backup success and failure logs on a daily basis, and take action in a timely manner to resolve reported exceptions.” What is the biggest issue that is likely to result if Jim’s IT staff need to restore from a backup?They will not know if the backups succeeded or failed.The backups may not be properly logged.The backups may not be usable.The backup logs may not be properly reviewed.
For questions 39–41, please refer to the following scenario.
Ben’s
