Chat with AI
Deck 12: Incident Analysis
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/25
Play
Full screen (f)
Deck 12: Incident Analysis
1
Windows logs are also known as
A) Microsoft logs
B) Application logs
C) Operating system logs
D) Event logs
A) Microsoft logs
B) Application logs
C) Operating system logs
D) Event logs
D
2
Syslog.conf line *.info /tmp/messages is interpreted to mean
A) Send info messages from all services to the /tmp/messages file
B) Send all log messages from all services to the /tmp/messages file
C) Send all log messages from all services to the default log file location
D) Send info messages from select services to the /tmp/messages file
A) Send info messages from all services to the /tmp/messages file
B) Send all log messages from all services to the /tmp/messages file
C) Send all log messages from all services to the default log file location
D) Send info messages from select services to the /tmp/messages file
A
3
Information about users currently logged into the system is recorded in
A) authlog
B) wtmp
C) messages
D) utmp
A) authlog
B) wtmp
C) messages
D) utmp
D
4
Syslog.conf line mail.crit /tmp/messages is interpreted to mean
A) Send all log messages from the mail service to the /tmp/messages file
B) Send critical log messages from the mail service to the /tmp/messages file
C) Send all log messages from the mail service to the /tmp/messages file
D) Send critical log messages from the mail service to the default log file location
A) Send all log messages from the mail service to the /tmp/messages file
B) Send critical log messages from the mail service to the /tmp/messages file
C) Send all log messages from the mail service to the /tmp/messages file
D) Send critical log messages from the mail service to the default log file location
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
5
Developers use logs to
A) Analyze security incidents
B) Ensure that the application is behaving as expected
C) Monitor disk space requirements of applications
D) Ensure optimum performance of the application
A) Analyze security incidents
B) Ensure that the application is behaving as expected
C) Monitor disk space requirements of applications
D) Ensure optimum performance of the application
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
6
In Windows, login and logout attempts are recorded by default in the
A) Application log
B) Security log
C) System event log
D) Forwarded events log
A) Application log
B) Security log
C) System event log
D) Forwarded events log
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
7
Syslog selectors are composed of
A) Information, warning
B) Facility, priority
C) Event logs, application logs
D) Syslog, logmon
A) Information, warning
B) Facility, priority
C) Event logs, application logs
D) Syslog, logmon
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
8
The simplest way to determine when the system was last rebooted is to look at the output from
A) authlog
B) wtmp
C) last
D) utmp
A) authlog
B) wtmp
C) last
D) utmp
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
9
Security administrators use logs to
A) Analyze security incidents
B) Ensure that the application is behaving as expected
C) Monitor disk space requirements of applications
D) Ensure optimum performance of the application
A) Analyze security incidents
B) Ensure that the application is behaving as expected
C) Monitor disk space requirements of applications
D) Ensure optimum performance of the application
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
10
When investigating an incident on a Unix/ Linux system, generally the first file to be examined is
A) wtmp
B) utmp
C) authlog
D) messages
A) wtmp
B) utmp
C) authlog
D) messages
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
11
System administrators use logs to
A) Analyze security incidents
B) Ensure that the application is behaving as expected
C) Ensure optimum performance of the application
D) Refine the code base of applications
A) Analyze security incidents
B) Ensure that the application is behaving as expected
C) Ensure optimum performance of the application
D) Refine the code base of applications
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
12
Syslog facilities include all of the following except
A) auth
B) cron
C) kern
D) debug
A) auth
B) cron
C) kern
D) debug
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
13
Syslog priorities include all of the following except
A) debug
B) error
C) audit
D) panic
A) debug
B) error
C) audit
D) panic
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
14
The application log in Windows will contain logging information from all of the following except
A) Internet Information Services
B) Microsoft Office
C) Video games
D) Databases
A) Internet Information Services
B) Microsoft Office
C) Video games
D) Databases
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
15
Login attempts on a Unix/ Linux system are recorded in
A) authlog
B) messages
C) wtmp
D) utmp
A) authlog
B) messages
C) wtmp
D) utmp
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
16
Historical login and logout attempts on a Unix/ Linux system are recorded in
A) authlog
B) wtmp
C) messages
D) utmp
A) authlog
B) wtmp
C) messages
D) utmp
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
17
Event criticality in Windows logs is indicated by labels including
A) Urgent, notice
B) Notice, warning
C) Critical, urgent
D) Information, warning
A) Urgent, notice
B) Notice, warning
C) Critical, urgent
D) Information, warning
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
18
The Unix logging facility is called
A) Syslog
B) Defcon
C) Event logs
D) Logmon
A) Syslog
B) Defcon
C) Event logs
D) Logmon
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
19
A common default location for Linux syslog messages is
A) /tmp/messages
B) /etc/log/messages
C) /var/log/messages
D) /messages
A) /tmp/messages
B) /etc/log/messages
C) /var/log/messages
D) /messages
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
20
In Windows, operating system log messages are recorded in the
A) Application log
B) Security log
C) System event log
D) Forwarded events log
A) Application log
B) Security log
C) System event log
D) Forwarded events log
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
21
In IT, BYOD stands for
A) Bring your own drink
B) Buy your own drink
C) Buy your own dress'
D) Bring your own device
A) Bring your own drink
B) Buy your own drink
C) Buy your own dress'
D) Bring your own device
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
22
File timestamps can be useful for all of the following except
A) Identifying files manipulated by the hacker
B) Determine how the hacker compromised the system
C) Identifying the attacker
D) Preventing similar attacks on other similar systems
A) Identifying files manipulated by the hacker
B) Determine how the hacker compromised the system
C) Identifying the attacker
D) Preventing similar attacks on other similar systems
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
23
File timestamps are known as MAC timestamps, where MAC stands for
A) Medium access control
B) Modification, access, creation
C) Multiple account creation
D) Media, agent and creativity
A) Medium access control
B) Modification, access, creation
C) Multiple account creation
D) Media, agent and creativity
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
24
During incident response, volatile data refers to
A) Data that will be lost during reboot
B) Data that is changing rapidly
C) Data generated by end users during normal use of the system
D) Data generated by a temperamental user
A) Data that will be lost during reboot
B) Data that is changing rapidly
C) Data generated by end users during normal use of the system
D) Data generated by a temperamental user
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
25
Cloud storage adds complexity to the work of security administrators
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
