Question 1

Windows logs are also known as&#10;A) Microsoft logs&#10;B) Application logs&#10;C) Operating system logs&#10;D) Event logs

Accepted Answer

Windows logs are commonly referred to as event logs, which are automatically generated by the operating system and contain information about system events, errors, and warnings. While they may be specific to the Windows operating system, they are not typically referred to as Microsoft logs, and while they may contain information about applications, they are not solely referred to as application logs. Similarly, while they are generated by the operating system, they are not solely referred to as operating system logs.

Question 2

Syslog.conf line *.info /tmp/messages is interpreted to mean&#10;A) Send info messages from all services to the /tmp/messages file&#10;B) Send all log messages from all services to the /tmp/messages file&#10;C) Send all log messages from all services to the default log file location&#10;D) Send info messages from select services to the /tmp/messages file

Accepted Answer

The asterisk (*) wildcard matches all facilities in the syslog.conf file. The .info after the wildcard specifies all messages with a severity level of info or higher. Therefore, this configuration line will send all info messages from all services to the /tmp/messages file.

Question 3

Information about users currently logged into the system is recorded in&#10;A) authlog&#10;B) wtmp&#10;C) messages&#10;D) utmp

Accepted Answer

The utmp file contains information about users currently logged into the system, including their username, terminal device, and login time. This file can be accessed using the "who" command, and is updated whenever a user logs in or out of the system.

Question 4

Syslog.conf line mail.crit /tmp/messages is interpreted to mean&#10;A) Send all log messages from the mail service to the /tmp/messages file&#10;B) Send critical log messages from the mail service to the /tmp/messages file&#10;C) Send all log messages from the mail service to the /tmp/messages file&#10;D) Send critical log messages from the mail service to the default log file location

Accepted Answer

The line "mail.crit /tmp/messages" in syslog.conf specifies that only log messages with a severity of "crit" from the mail service should be sent to the /tmp/messages file. Any log messages with a severity level lower than "crit" will not be sent to that file.

Question 5

Developers use logs to&#10;A) Analyze security incidents&#10;B) Ensure that the application is behaving as expected&#10;C) Monitor disk space requirements of applications&#10;D) Ensure optimum performance of the application

Accepted Answer

Logs provide information about the behavior of the application, allowing developers to ensure that it is functioning as intended.

Question 6

In Windows, login and logout attempts are recorded by default in the&#10;A) Application log&#10;B) Security log&#10;C) System event log&#10;D) Forwarded events log

Accepted Answer

Login and logout attempts are security-related events, and therefore are recorded in the Security log in Windows. The Application log records events related to applications, while the System event log records events related to system components. The Forwarded events log is used for events that are forwarded from other computers in the network.

Question 7

Syslog selectors are composed of&#10;A) Information, warning&#10;B) Facility, priority&#10;C) Event logs, application logs&#10;D) Syslog, logmon

Accepted Answer

Syslog selectors are composed of two main components: facility and priority. The facility indicates where the message came from (e.g. kernel, user-level daemons, etc.) and the priority indicates the severity of the message (e.g. emergency, alert, critical, etc.).

Question 8

The simplest way to determine when the system was last rebooted is to look at the output from&#10;A) authlog&#10;B) wtmp&#10;C) last&#10;D) utmp

Accepted Answer

The "last" command displays information about the last logins/logouts, including the time of the last system reboot.

Question 9

Security administrators use logs to&#10;A) Analyze security incidents&#10;B) Ensure that the application is behaving as expected&#10;C) Monitor disk space requirements of applications&#10;D) Ensure optimum performance of the application

Accepted Answer

Security administrators use logs to analyze security incidents. Logs provide information about events and activities on a system or application, which can assist in identifying and investigating potential security breaches. Logs may also be used to develop security policies and procedures to prevent future incidents.

Question 10

When investigating an incident on a Unix/ Linux system, generally the first file to be examined is&#10;A) wtmp&#10;B) utmp&#10;C) authlog&#10;D) messages

Accepted Answer

The answer of When investigating an incident on a Unix/...

Question 11

System administrators use logs to&#10;A) Analyze security incidents&#10;B) Ensure that the application is behaving as expected&#10;C) Ensure optimum performance of the application&#10;D) Refine the code base of applications

Accepted Answer

The answer of System administrators use logs to&#10;A) Analyze security...

Question 12

Syslog facilities include all of the following except&#10;A) auth&#10;B) cron&#10;C) kern&#10;D) debug

Accepted Answer

The answer of Syslog facilities include all of the following...

Question 13

Syslog priorities include all of the following except&#10;A) debug&#10;B) error&#10;C) audit&#10;D) panic

Accepted Answer

The answer of Syslog priorities include all of the following...

Question 14

The application log in Windows will contain logging information from all of the following except&#10;A) Internet Information Services&#10;B) Microsoft Office&#10;C) Video games&#10;D) Databases

Accepted Answer

The answer of The application log in Windows will contain...

Question 15

Login attempts on a Unix/ Linux system are recorded in&#10;A) authlog&#10;B) messages&#10;C) wtmp&#10;D) utmp

Accepted Answer

The answer of Login attempts on a Unix/ Linux system...

Question 16

Historical login and logout attempts on a Unix/ Linux system are recorded in&#10;A) authlog&#10;B) wtmp&#10;C) messages&#10;D) utmp

Accepted Answer

The answer of Historical login and logout attempts on a...

Question 17

Event criticality in Windows logs is indicated by labels including&#10;A) Urgent, notice&#10;B) Notice, warning&#10;C) Critical, urgent&#10;D) Information, warning

Accepted Answer

The answer of Event criticality in Windows logs is indicated...

Question 18

The Unix logging facility is called&#10;A) Syslog&#10;B) Defcon&#10;C) Event logs&#10;D) Logmon

Accepted Answer

The answer of The Unix logging facility is called&#10;A) Syslog&#10;B)...

Question 19

A common default location for Linux syslog messages is&#10;A) /tmp/messages&#10;B) /etc/log/messages&#10;C) /var/log/messages&#10;D) /messages

Accepted Answer

The answer of A common default location for Linux syslog...

Question 20

In Windows, operating system log messages are recorded in the&#10;A) Application log&#10;B) Security log&#10;C) System event log&#10;D) Forwarded events log

Accepted Answer

The answer of In Windows, operating system log messages are...

Question 21

In IT, BYOD stands for&#10;A) Bring your own drink&#10;B) Buy your own drink&#10;C) Buy your own dress'&#10;D) Bring your own device

Accepted Answer

The answer of In IT, BYOD stands for&#10;A) Bring your...

Question 22

File timestamps can be useful for all of the following except&#10;A) Identifying files manipulated by the hacker&#10;B) Determine how the hacker compromised the system&#10;C) Identifying the attacker&#10;D) Preventing similar attacks on other similar systems

Accepted Answer

The answer of File timestamps can be useful for all...

Question 23

File timestamps are known as MAC timestamps, where MAC stands for&#10;A) Medium access control&#10;B) Modification, access, creation&#10;C) Multiple account creation&#10;D) Media, agent and creativity

Accepted Answer

The answer of File timestamps are known as MAC timestamps,...

Question 24

During incident response, volatile data refers to&#10;A) Data that will be lost during reboot&#10;B) Data that is changing rapidly&#10;C) Data generated by end users during normal use of the system&#10;D) Data generated by a temperamental user

Accepted Answer

The answer of During incident response, volatile data refers to&#10;A)...

Question 25

Cloud storage adds complexity to the work of security administrators

Accepted Answer

The answer of Cloud storage adds complexity to the work...

Deck 12: Incident Analysis