Exam (elaborations)
CYBER SECURITY matrix Questions and Answers 100% Solved
- Course
- Institution
CYBER SECURITY matrix
[Show more]
Content preview
CYBER SECURITY matrixVirtual machine: - answer Can be used as a sandbox to provide an isolated
environment where testing can occur and changes can be safely configured.
Honeypot: - answer run in an isolated environment, it is intended as a lure for hackers to
attempt to penetrate a system.
is a safe network site that is used to lure attackers and then used to detect and study
the hacking attempts.
Demilitarized zone: - answer is a segment of a company's network that provides limited
public access and is used for servers that provide services used by the public, such as
email or a web server.
Quarantined network: - answer provides an isolated environment for computers that are
not in compliance with security standards. They are placed here after a user logs in and
security standards are not met.
Information: - answerthe blank event type records an event that describes the
successful operation of an application, driver, or service.
Success audit: - answerthe blank audit event type logs an event that records an audited
security access attempt that is successful.
Warning: - answerthe blank event type records an event that is not necessarily
significant but may indicate a possible future problem.
Error: - answerhe blank event type indicates that a significant event occurred that
resulted in the loss of data or functionality.
IPS / Intrusion Prevention system: - answeris designed to watch for potential threats
and prevent or stop the attack.
Proxy server: - answeris used as an intermediary device to transfer information between
an end-user and a web server.
IDS / Intrusion Detection system: - answeris designed to watch for potential threats but
takes no measures to stop the attack.
NAT: - answerblank server only translates a private IP to a public IP address or a public
to a private address. It does not address any security issues that may exist.
,Run the nslookup set recurse command: - answerit tells the DNS server to search other
servers if it can't resolve a name.
Run the nslookup set querytype command: - answerit will change a query's resource
record type.
Run the nslookup set retry command: - answerit sets the number of retries attempted if
a response isn't received.
Run the nslookup set domain command: - answerit changes the name of the default
DNS server.
What is an advantage of using the MAC address of a device rather than the IP address
to permit or deny access on your guest wireless network? - answerThe MAC address of
the device remains the same, but the IP address can change.
Something you know authentication: - answerthis multifactor authentication method
requires you to know your username, password, and the answer to your secret
question.
Something you have authentication: - answerrequires you to hold an object such as a
key, a smartcard, or a token.
Something you are authentication: - answerrefers to biometric authentication through a
biometric scan.
Somewhere you are authentication: - answeris based on location.
Implement SOAR: - answermore focused on detection and automation to reduce human
intervention.
Implement SIEM: - answertypically focuses on finding and aggregating events and
creating alerts for further investigation.
Perform a packet capture: - answerwill display what is in the packets but not provide a
way to create automatic containment of the emails.
Perform a vulnerability scan: - answerscans show potential threats
Privilege Escalation: - answerit happens when unauthorized high-level access is used to
gain entry to a system. It often starts with low-level access and the attacker uses a
vulnerability to obtain higher-level access.
PowerShell: - answerit is used to create scripts to automate Windows tasks.
, System Restore: - answerthis is used to restore a computer system to a previous state.
Server Update Service: - answerthis allows administrators to manage and deploy
updates.
CBDA: - answerfirst SSH traffic to host 10.0.0.1 is permitted, then other traffic to this
host is denied, then web traffic to all other hosts is permitted, and finally, all other IP
traffic is blocked.
BDCA: - answerin this order all IP traffic to 10.0.0.1 is blocked in the first entry, which
includes SSH traffic.
ABCD: - answerin this order all IP traffic will be blocked from any address to any
address.
DCBA: - answerin this order the first entry permits all web traffic from any address to
any address, which includes host 10.0.0.1 which is only supposed to receive SSH
traffic.
A cybersecurity technician is concerned that one of the corporate systems in the
company may have been compromised by an advanced persistent threat (APT) type of
malware. The cybersecurity technician has quarantined the infected system and
unplugged it from the network.
What should the technician do next?
A. Start the system in Safe mode and run an updated anti-malware software.
B. Reinstall the operating systems and applications and then restore the data from
known good
backups.
C.Restore the data from known good backups.
D. Run an updated anti-malware application. - answerReinstall the operating systems
and applications and then restore the data from known good
backups.
Explanation:
Reinstall the operating systems and applications and then restore the data from known
good backups: This answer is correct because APT malware may have modified OS
registry entries and application file entries that anti-malware software would not be able
to fully remediate.
Restore the data from known good backups: This answer is incorrect because APT
(advanced persistent threat) malware may have modified OS registry entries and
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
72841 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now