Upgrade to remove ads
Only $35.99/year

ch.13

Terms in this set (20)

Which of the following is NOT part of the AAA framework?

Authentication
Access
Authorization
Accounting
Access
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?

Data custodian/steward
Data privacy officer
Data controller
Data processor
Data custodian/steward
Which access control scheme is the most restrictive?

Role-Based Access Control
DAC
Rule-Based Access Control
MAC
MAC
Which type of access control scheme uses predefined rules that makes it the most flexible scheme?

ABAC
DAC
MAC
NAC
ABAC
Which statement about Rule-Based Access Control is true?

It requires that a custodian set all rules.
It is no longer considered secure.
It dynamically assigns roles to subjects based on rules.
It is considered a real-world approach by linking a user's job function with security.
It dynamically assigns roles to subjects based on rules.
Which of these is a set of permissions that is attached to an object?

ACL
SRE
Object modifier
Entity attribute (EnATT)
ACL
What can be used to provide both filesystem security and database security?

RBASEs
LDAPs
CHAPs
ACLs
ACLs
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time?

Greenwich Mean Time (GMT)
Civil time
Daylight savings time
Time offset
Time offset
Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create?

Generic account
Service account
User account
Privilege account
Service account
Which of these is NOT an incident response process step?

Recovery
Reporting
Eradication
Lessons learned
Reporting
Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan?

Walkthrough
Simulation
Tabletop
Incident Response Plan Evaluation (IRP-E)
Tabletop
Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose?

Diamond Model of Intrusion Analysis
Kill Chain
Mitre ATT&CK
Basic-Advanced Incident (BAI) Framework
Diamond Model of Intrusion Analysis
Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create?

Playbook
Runbook
SIEM-book
ARC Codebook
Playbook
Which of the following should be performed in advance of an incident?

Containment
Segmentation
Isolation
Capture
Segmentation
What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor?

SIP
VoIP
Call manager
IP voice
Call manager
Which of the following is NOT a problem associated with log management?

Multiple devices generating logs
Large volume of log data
Different log formats
Time-stamped log data
Time-stamped log data
Which tool is an open source utility for UNIX devices that includes content filtering?

syslog
nxlog
rsyslog
syslog-ng
syslog-ng
Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets?

NetFlow
sFlow
IPFIX
journalctl
sFlow
Which of the following is the most fragile and should be captured first in a forensics investigation?

ARP cache
Kernel statistics
CPU cache
RAM
CPU cache
Which of the following is a Linux utility that displays the contents of system memory?

Autopsy
WinHex
dd
memdump
memdump
Students also viewed