Security+ Unit 5

What is the purpose of automated reports in SIEM?

To generate security reports automatically for analysis.

What is a SIEM dashboard used for?

To display real-time status information on security events.

What is packet capturing used for?

To analyze network traffic and identify anomalies.

What are the three main principles of security policies?

Confidentiality, Integrity, and Availability (CIA).

What is an Acceptable Use Policy (AUP)?

A document that outlines acceptable use of company assets.

What is a disaster recovery plan (DRP)?

A plan for restoring IT operations after a disaster.

What are the four phases of the incident response lifecycle?

Preparation, Detection & Analysis, Containment & Eradication, Post-incident Activity.

What is NIST SP800-61?

A guide for handling computer security incidents.

What organization publishes security standards like ISO and NIST?

International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST).

What are access controls used for?

To manage user access to data and resources.

What is qualitative risk assessment?

A subjective analysis of risk based on experience and expert judgment.

What is the formula for Single Loss Expectancy (SLE)?

SLE = Asset Value (AV) x Exposure Factor (EF).

What is the difference between risk appetite and risk tolerance?

Risk appetite is the level of risk an organization is willing to accept; risk tolerance is the acceptable variation within that appetite.

What is Recovery Time Objective (RTO)?

The maximum time a system can be down before causing serious damage.

What is Recovery Point Objective (RPO)?

The maximum acceptable amount of data loss measured in time.

What is a right-to-audit clause?

A contract provision allowing security audits of third-party vendors.

What is penetration testing used for?

Simulating attacks to find vulnerabilities in a system.

What is the purpose of regulatory compliance?

To ensure an organization follows laws and industry standards.

What is GDPR?

The General Data Protection Regulation, an EU law protecting personal data privacy.

What is a non-disclosure agreement (NDA)?

A legal contract to keep confidential information private.

What is the purpose of cybersecurity audits?

To evaluate IT security controls and identify weaknesses.

What is the difference between an internal and external audit?

Internal audits are done by the organization, while external audits are done by third parties.

What is phishing awareness training?

Training employees to recognize and avoid phishing attacks.

What is the purpose of user security awareness training?

To educate employees on cybersecurity risks and best practices.

What is the role of operational security (OPSEC)?

To protect sensitive data from being exposed to adversaries.

What are some key components of security awareness training?

Key components include identifying social engineering tactics, understanding password security, and recognizing the importance of reporting suspicious activities.