Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CyberOps > SecurityX_Objective_1.1_Flashcards > Flashcards

SecurityX_Objective_1.1_Flashcards

(8 cards)

Start Studying
1
Q

What does a SIEM do?

A

Collects, correlates, and analyzes logs from multiple sources to detect and investigate threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What command filters SSH login failures in Linux?

A

grep “Failed password” /var/log/auth.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is tcpdump used for?

A

Capturing and analyzing network packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What command starts a SYN scan with Nmap?

A

nmap -sS -T4 -Pn <IP></IP>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which Event ID corresponds to a failed login on Windows?

A

4625

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What tool detects ARP spoofing?

A

arpwatch or tcpdump (monitor for suspicious ARP replies)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s the difference between IDS and EDR?

A

IDS detects network intrusions; EDR monitors and responds to endpoint threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does tail -f do?

A

Continuously displays new lines from a log file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CyberOps (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions