INMT 441 FINAL PRACTICE TEST
QUESTIONS WITH COMPLETE
SOLUTIONS GRADED A+
Infrastructure logs - Answer-Include logs generated by various components within and
organization's infrastructure, such as virtualization platforms, storage systems, or
cloud services.
Methods and tools of Log collection and aggregation - Answer--agents, software, log
forwarders, Syslog, Application Programming Interfaces (APIs) or log shippers
-once collected parse, normalize, filter, and aggregate
Benefits of security logging and monitoring - Answer--detection of security breaches
-event reconstruction
-faster recovery via audit logs and reverse engineering
What is a Security Information and Event Management (SEIM) System? - Answer-- works
as a security system and warns against threats after analyzing different factors
-collects behavioral data in business systems and continuously analyses it
-useful for catching abnormal activity patterns
-have started using ML and AI
How does SEIM contribute to an org's cybersecurity strategy? - Answer--
visibility/peace of mind
-flexibility
-cost efficient
SIEM Examples - Answer--takes you 10 failures at guessing your password before
giving in and resetting it
-SIEM wouldn't alert for the 10 tries since that's statistically normal, but it would alert if
"you" tried 75 times followed by immediate success would set off alarms
, Incident Classification Types - Answer--Natural Incidents
-Man Made Incidents
Examples of Natural Incidents - Answer-fire, flood, earthquake, lightening, tornado,
hurricane, electrostatic discharge, dust contamination
Examples of Artificial/man-made Incidents - Answer-data breach, malware attack,
Denial of Service attack, unauthorized access, unauthorized data manipulation,
incidents in data integrity
Common definite indicators of a security Breach: - Answer--use of dormant accounts
-changes to logs
-presence of hacker tools
-notifications by partner or peer
-notification by hacker
What challenges do organizations face when implementing logging, monitoring, and
incident management processes? - Answer-trash in trash out, privacy concerns,
ensuring everyone knows the plan but not in a way that they could abuse it, it takes
resources to do those actions
cloud-based backup storage - Answer-allows the data to be replicated in the cloud and
does not require a physical storage location. very popular, but comes with additional risks
How do fault-tolerant computer systems contribute to an organization's BC/DR
strategy?
- Answer-contain redundant hardware, software, and power supply components that
create an environment that provides continuous, uninterrupted service. can detect
hardware failures and automatically switch to backup devices, can also be removed
and repaired without disrupting the system
What common threats can be prevented through vulnerability assessments? - Answer-
- code injection attacks
-faulty authentication mechanism
-default settings that are not replaced with proper security protocols
, Main Objectives of incident response plan - Answer--monitor and coordinate
emergency response efforts
-minimize potential damages due to data breaches and system outage
Main Objectives of disaster recovery plan - Answer-enable recovery or continuation of
vital technology infrastructure and systems following a natural or human induced event
Main Objective business continuity plan - Answer-to continue the delivery of goods
and/or services at pre-defined acceptable levels following a disruptive event.
Main objective crisis management plan - Answer-to deal with a disruptive and
unexpected event that threatens the organization or its stakeholders
How is the relationship between incident response, disaster recovery, business
continuity, and crisis management plan? - Answer-the relationship is a cascading
order of action depending on how the pervious plan handles the adverse event. If IR
plan fails
-> DR plan. if DR plan fails -> BC. BC ->CM
How can continuous monitoring help organizations detect security threats and operational
issues? - Answer-constant vigilance prevents surprise
What role does user reporting play in incident detection and response? - Answer-
software can make mistakes and not recognize signs of trouble, so having users able
to report signs of an incident helps plugs these holes.
How do intrusion detection systems, anti-malware, and firewall software contribute to
a orgs' cybersecurity strategy? - Answer-if you don't even let the threat into your
system and/or catch its presence before it causes any trouble thanks to these tools,
that's one less threat you have to deal with.
describe the incident analysis and reporting process in the context of a cybersecurity
incident: - Answer-In the case that an incident does occur, it is good to review,
analyze, and record the incident to learn from it. Using the data, you get from that
report to patch vulnerabilities and take note of how you could prevent and detect the
incident in the future.
How do orgs balance the need for efficient log analysis with the need to protect user
privacy and maintain compliance with data protection regulations? - Answer-They remain
transparent about the data they are recording, informing the user and requiring consent
forms to be signed before the user enters the system. They then work to ensure the data
they collect's safety in accordance with data regulations and good practices.
