Security+ Unit 5

Log Data & SIEM

Q: What is the purpose of automated reports in SIEM? A: To generate security reports automatically for analysis.

Q: What is a SIEM dashboard used for? A: To display real-time status information on security events.

Q: What is packet capturing used for? A: To analyze network traffic and identify anomalies.

Security Policies

Q: What are the three main principles of security policies? A: Confidentiality, Integrity, and Availability (CIA).

Q: What is an Acceptable Use Policy (AUP)? A: A document that outlines acceptable use of company assets.

Q: What is a disaster recovery plan (DRP)? A: A plan for restoring IT operations after a disaster.

Incident Response

Q: What are the four phases of the incident response lifecycle? A: Preparation, Detection & Analysis, Containment & Eradication, Post-incident Activity.

Q: What is NIST SP800-61? A: A guide for handling computer security incidents.

Security Standards

Q: What organization publishes security standards like ISO and NIST? A: International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST).

Q: What are access controls used for? A: To manage user access to data and resources.

Risk Management

Q: What is qualitative risk assessment? A: A subjective analysis of risk based on experience and expert judgment.

Q: What is the formula for Single Loss Expectancy (SLE)? A: SLE = Asset Value (AV) x Exposure Factor (EF).

Q: What is the difference between risk appetite and risk tolerance? A: Risk appetite is the level of risk an organization is willing to accept; risk tolerance is the acceptable variation within that appetite.

Business Impact Analysis

Q: What is Recovery Time Objective (RTO)? A: The maximum time a system can be down before causing serious damage.

Q: What is Recovery Point Objective (RPO)? A: The maximum acceptable amount of data loss measured in time.

Third-Party Risk Management

Q: What is a right-to-audit clause? A: A contract provision allowing security audits of third-party vendors.

Q: What is penetration testing used for? A: Simulating attacks to find vulnerabilities in a system.

Compliance & Privacy

Q: What is the purpose of regulatory compliance? A: To ensure an organization follows laws and industry standards.

Q: What is GDPR? A: The General Data Protection Regulation, an EU law protecting personal data privacy.

Q: What is a non-disclosure agreement (NDA)? A: A legal contract to keep confidential information private.

Audits & Assessments

Q: What is the purpose of cybersecurity audits? A: To evaluate IT security controls and identify weaknesses.

Q: What is the difference between an internal and external audit? A: Internal audits are done by the organization, while external audits are done by third parties.

Security Awareness & Training

Q: What is phishing awareness training? A: Training employees to recognize and avoid phishing attacks.

Q: What is the purpose of user security awareness training? A: To educate employees on cybersecurity risks and best practices.

Q: What is the role of operational security (OPSEC)? A: To protect sensitive data from being exposed to adversaries.

Q: What are some key components of security awareness training? A: Key components include identifying social engineering tactics, understanding password security, and recognizing the importance of reporting suspicious activities.