Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ Certification Exam SY0-601 > 24 > Flashcards

24 Flashcards

1
Q

Which of the following answers refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events?

A

** COOP **

Continuity of Operations (COOP) Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following terms refers to a group of experts designated to handle a natural disaster or an interruption of business operations?

A

** IRT **

Incident Response Teams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A technology that enables real-time analysis of security alerts generated by network hardware and applications is known as:`

A

** SIEM **

Security information and event management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which SIEM dashboard configuration setting provides a countermeasure against false positive/negative errors?

A

Sensitivity levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A correlation engine used for processing various types of log data into an actionable information is a feature of:

A

SIEM dashboard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following answers refers to a protocol used for managing real-time sessions that include voice, video, application sharing, or instant messaging services?

A

** SIP **

Session Initiation Protocol (SIP) is used to signal and control interactive communication sessions. The uses for such sessions include voice, video, chat and instant messaging, as well as interactive games and virtual reality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of server is used for collecting diagnostic and monitoring data from networked devices?

A

Syslog server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Examples of utilities that enable logging of data from different types of systems in a central repository include: (Select all that apply)

A
  • syslog
  • rsyslog
  • syslog-ng
  • NXLog
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following are log managing utilities for Unix and Unix-like systems that implement the basic syslog protocol and extend it with additional functionalities? (Select 2 answers)

A
  • syslog-ng
  • rsyslog
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a cross-platform log-managing tool?

A

NGLog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following answers refers to a Linux utility for querying and displaying logs that are stored in binary form?

A

** journalctl **

Journalctl is a utility for querying and displaying logs from journald, systemd’s logging service. Since journald stores log data in a binary format instead of a plaintext format, journalctl is the standard way of reading log messages processed by journald

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The term “Metadata” refers to a type of data that provides information about other data, but not the content of the data. This type of data can be viewed, but by default it is not visible to the user. The basic metadata related to email communication comes from email headers and includes detailed information about the sender and recipient of the message as well as the path that a message went through. Examples of mobile device metadata include device model, geolocation, information about the camera used to take a photo, Internet, phone, text messaging, and application usage statistics, as well as metadata from different types of files stored on the device. In web browsing, metadata comes from HTML meta tags placed in the head section of a web page. In case of files, the basic metadata examples include information about the author (e.g. the person who created the file), file type, size, creation date and time, last modification date and time.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling?

A

Netflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage?

A

sFlow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called:

A

** IPFIX **

Internet Protocol Flow Information Export (IPFIX) is an accounting technology that monitors traffic flows through a switch or router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

One of the best practices for malware removal involves the process of isolation of files and applications suspected of containing malware to prevent further execution and potential harm to the user’s system. This process is referred to as:

A

Quarantine

15
Q

A SOAR playbook is a checklist of actions that can be performed in response to a security incident.

A

True

16
Q

The term “SOAR runbook” refers to an exact sequence of actions that might be used to enable an automated response to a security incident.

A

True

17
Q

In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as

A

Chain of custody

18
Q

File timestamp is a metadata that contains information about a file and reflects when the file was created, last accessed, and last modified. In digital forensics, timestamps can be used for example to validate the integrity of an access log file (i.e. to check whether the file has been tampered with to mask unauthorized access attempt). Because different systems might be set to different time zones, in order to determine the chronological order of events during a security incident it is also important to take into account time offset which denotes the difference between the timestamp and a chosen reference time (a.k.a. time normalization).

A

True

19
Q

In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as

A

Order of volatility

The order of volatility from most volatile to least volatile is:
* Data in cache memory, including the processor cache and hard drive cache.
* Data in RAM, including system and network processes.
* A paging file (sometimes called a swap file) on the system disk drive
* Data stored on local disk drives

20
Q

Which memory type provides a CPU with the fastest access to frequently used data?

A

Cache memory

21
Q

A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers)

A
  • Swap File
  • Pagefile
22
Q

Which of the following can be used as an extension of RAM? (Select 2 answers)

A
  • Pagefile
  • Swap partition
23
Q

Which of the following answers refers to an example order of volatility for a typical computer system?

A
  1. Cache memory
  2. RAM
  3. Swap/Pagefile
  4. Temporary files
  5. Disk files
  6. Archival media

CompTIA Security+ Certification Exam SY0-601 (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions