Question 1

In Windows, operating system log messages are recorded in the

Accepted Answer

A)  Application log 
B)  Security log 
C)  System event log 
D)  Forwarded events log 
A)  Application log 
B)  Security log 
C)  System event log 
D)  Forwarded events log C

Question 2

File timestamps can be useful for all of the following except

Accepted Answer

A)  Identifying files manipulated by the hacker 
B)  Determine how the hacker compromised the system 
C)  Identifying the attacker 
D)  Preventing similar attacks on other similar systems 
A)  Identifying files manipulated by the hacker 
B)  Determine how the hacker compromised the system 
C)  Identifying the attacker 
D)  Preventing similar attacks on other similar systems C

Question 3

Syslog facilities include all of the following except

Accepted Answer

A)  auth 
B)  cron 
C)  kern 
D)  debug 
A)  auth 
B)  cron 
C)  kern 
D)  debug D

Question 4

Syslog priorities include all of the following except

Accepted Answer

A)  debug 
B)  error 
C)  audit 
D)  panic 
A)  debug 
B)  error 
C)  audit 
D)  panic

Question 5

Information about users currently logged into the system is recorded in

Accepted Answer

A)  authlog 
B)  wtmp 
C)  messages 
D)  utmp 
A)  authlog 
B)  wtmp 
C)  messages 
D)  utmp

Question 6

When investigating an incident on a Unix/ Linux system, generally the first file to be examined is

Accepted Answer

A)  wtmp 
B)  utmp 
C)  authlog 
D)  messages 
A)  wtmp 
B)  utmp 
C)  authlog 
D)  messages

Question 7

System administrators use logs to

Accepted Answer

A)  Analyze security incidents 
B)  Ensure that the application is behaving as expected 
C)  Ensure optimum performance of the application 
D)  Refine the code base of applications 
A)  Analyze security incidents 
B)  Ensure that the application is behaving as expected 
C)  Ensure optimum performance of the application 
D)  Refine the code base of applications

Question 8

The application log in Windows will contain logging information from all of the following except

Accepted Answer

A)  Internet Information Services 
B)  Microsoft Office 
C)  Video games 
D)  Databases 
A)  Internet Information Services 
B)  Microsoft Office 
C)  Video games 
D)  Databases

Question 9

Historical login and logout attempts on a Unix/ Linux system are recorded in

Accepted Answer

A)  authlog 
B)  wtmp 
C)  messages 
D)  utmp 
A)  authlog 
B)  wtmp 
C)  messages 
D)  utmp

Question 10

Login attempts on a Unix/ Linux system are recorded in

Accepted Answer

A)  authlog 
B)  messages 
C)  wtmp 
D)  utmp 
A)  authlog 
B)  messages 
C)  wtmp 
D)  utmp

Question 11

The Unix logging facility is called

Accepted Answer

A)  Syslog 
B)  Defcon 
C)  Event logs 
D)  Logmon 
A)  Syslog 
B)  Defcon 
C)  Event logs 
D)  Logmon

Question 12

Syslog.conf line *.info /tmp/messages is interpreted to mean

Accepted Answer

A)  Send info messages from all services to the /tmp/messages file 
B)  Send all log messages from all services to the /tmp/messages file 
C)  Send all log messages from all services to the default log file location 
D)  Send info messages from select services to the /tmp/messages file 
A)  Send info messages from all services to the /tmp/messages file 
B)  Send all log messages from all services to the /tmp/messages file 
C)  Send all log messages from all services to the default log file location 
D)  Send info messages from select services to the /tmp/messages file

Question 13

Security administrators use logs to

Accepted Answer

A)  Analyze security incidents 
B)  Ensure that the application is behaving as expected 
C)  Monitor disk space requirements of applications 
D)  Ensure optimum performance of the application 
A)  Analyze security incidents 
B)  Ensure that the application is behaving as expected 
C)  Monitor disk space requirements of applications 
D)  Ensure optimum performance of the application

Question 14

File timestamps are known as MAC timestamps, where MAC stands for

Accepted Answer

A)  Medium access control 
B)  Modification, access, creation 
C)  Multiple account creation 
D)  Media, agent and creativity 
A)  Medium access control 
B)  Modification, access, creation 
C)  Multiple account creation 
D)  Media, agent and creativity

Question 15

In IT, BYOD stands for

Accepted Answer

A)  Bring your own drink 
B)  Buy your own drink 
C)  Buy your own dress' 
D)  Bring your own device 
A)  Bring your own drink 
B)  Buy your own drink 
C)  Buy your own dress' 
D)  Bring your own device

Question 16

Event criticality in Windows logs is indicated by labels including

Accepted Answer

A)  Urgent, notice 
B)  Notice, warning 
C)  Critical, urgent 
D)  Information, warning 
A)  Urgent, notice 
B)  Notice, warning 
C)  Critical, urgent 
D)  Information, warning

Question 17

Windows logs are also known as

Accepted Answer

A)  Microsoft logs 
B)  Application logs 
C)  Operating system logs 
D)  Event logs 
A)  Microsoft logs 
B)  Application logs 
C)  Operating system logs 
D)  Event logs

Question 18

Syslog.conf line mail.crit /tmp/messages is interpreted to mean

Accepted Answer

A)  Send all log messages from the mail service to the /tmp/messages file 
B)  Send critical log messages from the mail service to the /tmp/messages file 
C)  Send all log messages from the mail service to the /tmp/messages file. 
D)  Send critical log messages from the mail service to the default log file location 
A)  Send all log messages from the mail service to the /tmp/messages file 
B)  Send critical log messages from the mail service to the /tmp/messages file 
C)  Send all log messages from the mail service to the /tmp/messages file. 
D)  Send critical log messages from the mail service to the default log file location

Question 19

The simplest way to determine when the system was last rebooted is to look at the output from

Accepted Answer

A)  authlog 
B)  wtmp 
C)  last 
D)  utmp 
A)  authlog 
B)  wtmp 
C)  last 
D)  utmp

Question 20

Cloud storage adds complexity to the work of security administrators

Accepted Answer

A) True 
 B)False

In Windows, operating system log messages are recorded in the

File timestamps can be useful for all of the following except

Syslog facilities include all of the following except

Syslog priorities include all of the following except

Information about users currently logged into the system is recorded in

When investigating an incident on a Unix/ Linux system, generally the first file to be examined is

System administrators use logs to

The application log in Windows will contain logging information from all of the following except

Historical login and logout attempts on a Unix/ Linux system are recorded in

Login attempts on a Unix/ Linux system are recorded in

The Unix logging facility is called

Syslog.conf line *.info /tmp/messages is interpreted to mean

Security administrators use logs to

File timestamps are known as MAC timestamps, where MAC stands for

In IT, BYOD stands for

Event criticality in Windows logs is indicated by labels including

Windows logs are also known as

Syslog.conf line mail.crit /tmp/messages is interpreted to mean

The simplest way to determine when the system was last rebooted is to look at the output from

Cloud storage adds complexity to the work of security administrators

Introduction

System Administration

System Administration 2

Basic Information Security Model

Asset Identification and Characterization

Threats and Vulnerabilities

Encryption Controls

Identity and Access Management

Hardware and Software Controls

Shell Scripting

Incident Handling

Policies, Standards and Guidelines

It Risk Analysis and Risk Management

Filters

Exam 12: Incident Analysis

In Windows, operating system log messages are recorded in the

File timestamps can be useful for all of the following except

Syslog facilities include all of the following except

Syslog priorities include all of the following except

Information about users currently logged into the system is recorded in

When investigating an incident on a Unix/ Linux system, generally the first file to be examined is

System administrators use logs to

The application log in Windows will contain logging information from all of the following except

Historical login and logout attempts on a Unix/ Linux system are recorded in

Login attempts on a Unix/ Linux system are recorded in

The Unix logging facility is called

Syslog.conf line *.info /tmp/messages is interpreted to mean

Security administrators use logs to

File timestamps are known as MAC timestamps, where MAC stands for

In IT, BYOD stands for

Event criticality in Windows logs is indicated by labels including

Windows logs are also known as

Syslog.conf line mail.crit /tmp/messages is interpreted to mean

The simplest way to determine when the system was last rebooted is to look at the output from

Cloud storage adds complexity to the work of security administrators

Introduction

System Administration

System Administration 2

Basic Information Security Model

Asset Identification and Characterization

Threats and Vulnerabilities

Encryption Controls

Identity and Access Management

Hardware and Software Controls

Shell Scripting

Incident Handling

Policies, Standards and Guidelines

It Risk Analysis and Risk Management

Filters