Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
All right , let's get started . Hey , i'm Sean Gerber with CISSP Cyber Training and we are going to be going over some CISSP exam questions , do we are ? this is domain 7 of Focus on the CISSP exam and we are going to get into some key questions . You may see on the CISSP exam .
Like we talked about before , the CISSP exam is not about memorizing the questions . Those are not . It's not going to help you doing that . You want to understand the concepts behind it . So we are going to go over some of the concepts as it relates to the questions and this is tied in with , specifically , domain 7 .
Okay , so , before we get going , i want to also put a plug out there for my blueprint . I have a CISSP blueprint . That is one of the products that I offer at CISSP Cyber Training , part of my membership plan . You will get the blueprint .
This blueprint will allow you access directly to understand what are the steps you need to do , and not just a study guide that walks you through . This is step one . This is step two .
It's no kidding , a study guide is part of it , but it's also going to have in there where okay , the week one , this is what you do , complete these 35 things and you will go , and it's got the links on where to go , what you should do , how you should , what you should read , and then it walks you through specifically each individual step .
I'm building this out even as we go , but right now it's really a really good product , but it's only going to get better over time . I highly recommend that you go check it out . It's pretty awesome , so , but we'll just go ahead and get started again . Check out my CISSP blueprint at CISSPcybertrainingcom .
Okay , so which of the following is a not not again , focus on the not a primary purpose of logging and monitoring and information security ? A detecting security incidents . B analyzing system performance . C reporting on regulatory compliance . Or D controlling access to network resources .
So , again , which of the following is not a primary purpose of logging and monitoring in information security ? So , again , what's the primary purpose ? Detecting security incidents , analyzing system performance reporting , regulatory compliance We talked about all those in the previous podcast , right D controlling access to network resources . It is not a control .
It provides the detecting , analyzing and reporting , but does not control access to network resources . Question two what is the primary purpose of a security information ? and it's actually incident and event management system . Okay . So what is the primary purpose of a SIM ?
Provide centralized logging and monitoring of security events , enforce access control policies across the network , prevent malware infections from spreading or to perform penetration testing . So what is the purpose of a SIM ? Provide centralized logging and monitoring , enforce access control policies , prevent malware infections and spreading , or perform network penetration testing .
The answer is A centralized logging and monitoring of network resources and security events . Actually , not network resources , just security events . Okay , question three what is the difference between a security event and a security incident ? A security event is a minor issue , while a security incident is a major problem .
Next question A , or choice A B if event refers to a system activity , while a security incident is a confirmed security breach . B or C a security event is generated by automated tools and a security incident is reported by a human user .
Or D a security event is accidental , while a security incident is intentional Okay , so that one you might get a little confused on . But basically , what's the difference between an event and a security incident ? And this is what I talk about with when you're dealing with reporting , especially to any sort of regulatory or legal folks ?
Again , you need to follow what are the requirements around reporting and monitoring of your systems . If there are requirements that you must report these systems , you must report them . You must do that .
However , how you define what is a security incident or a security event is really an important factor , and because they do have different kinds of consequences behind them . But the answer of this is B , right . A security event refers to a system activity , whereas security incident is a confirmed security breach .
I would say the confirmed is probably a little bit squishy there , but you're going to have to break down which one does that mean when you're taking the test . What is the best right answer in that case , and what are they trying to get at when they're saying that ?
out of all of those answers , i would pick B , even though I'm a little bit squishy on the whole confirmed part . I would pick , still pick B . Which of the following is an example of a security control that can be implemented to protect log files from unauthorized access ? A encrypting the files . B hiding the log files in an obscure directory .
A or C renaming the log files periodically . Or D deleting the log files after a period of time . So again , which of the following is an example of security control that can be implemented to protect log files from unauthorized access ?
So if you look at all those choices from encrypting , hiding , renaming , deleting the hiding , renaming and deleting that was B , c and D that does not make any sense as it relates to protecting the log files . But encrypting the log files would be a protection that you would put in place .
Potentially , which of the following is not a benefit of using log analysis tools for security monitoring ? A improved incident response times . B identification of security policy violations . C reduction of network latency . Or D detection of anomalous network behavior Okay . So the question again is what ?
which of the following is not a benefit of using log analysis tools for security monitoring ? A improved incident response Okay , so that is a benefit . B identification of security policy violations Yeah , that's a benefit . C reduction of network latency has nothing to do with network latency .
And then D detection of anomalous network behavior Yes , it would help with that , so that would be a benefit . So the answer , the correct answer , which is the wrong right , is reduction of network latency . It is not a benefit of using log analysis tools for security monitoring . Which of the following is a limitation of using honeypots for security monitoring ?
A honeypots are expensive to implement . B honeypots can be detected by attackers . C honeypots can generate false positives . Or D honeypots are ineffective at detecting advanced , persistent threats . So which of the following is a limitation of using honeypots for security monitoring ? A limitation So are they expensive ?
No , they're not expensive to operate , so that would be thrown out . Honeypots can be detected by attackers Yes , they can , but not not easily . Again , if you configure them correctly definitely not easily . Honeypots can generate false positives . Yes , they can definitely generate false positives .
And then honeypots are ineffective at detecting APTs or advanced persistent threats . No , they're very good at detecting APTs . Now , if the APT is really good , it may determine it's a honeypot , but they can be very helpful in determining if someone is in your network . So the answer is C honeypots can generate false positives . All right , seven .
Which of the following is the best practice for log retention policies ? A retain logs indefinitely to ensure compliance . B set retention periods based on legal requirements only . C retain logs for a minimum of six months . Or D reset retention periods based on business and security requirements .
Okay , so which of the following is the best practice for log retention policies ? Retain logs indefinitely . Set retention periods based on legal requirements only . See only ? no , that's not true . Retain logs for a minimum of six months . That may not be best in your company's interest . Or set retention periods based on business and security requirements .
Yes , the answer is D . Do it based on your business and security requirements . Eight what is the primary purpose of log correlation and security monitoring ? A to identify patterns of behavior that may indicate security incidents . B enforce access control policies across the network . C detect malware infections before they spread . Or D perform network penetration testing .
So the primary purpose of log correlation , of security monitoring , is A identify patterns of behavior that may indicate a security incident . Again , you wanna make sure that you indicate what's going on within your environment . Number nine two more to go . What is the difference between network tap and a port mirror ? Ooh , big , tough question there .
K A a network tap is a physical device , while a port mirror is a software-based tool . Maybe ? B ? the network tap is used for network intrusion detection , while a port mirror is used to a network performance monitoring . Hmm , c , a network tap forwards all network traffic to a monitoring device Yes , that's true While a port mirror selectively copies network traffic .
Yes , that is correct . And then D , a network tap is used for wireless networks while a port mirror is used for wired networks . That is not correct . So again , the difference is between a tap and a port mirror . A tap , again , you tap that into your network and it basically ends up forwarding all network traffic to a monitoring device .
This is typically done when you don't wanna have what we call a bump in the wire , where you don't wanna have it going through a system so that if , in the event , there would be a failure of that device , then it would cause an outage .
So you typically will tap your network and pull data from it , whereas a mirroring tool will collect specific copies of network traffic . I've never used a mirroring tool . I've heard of them but never used them on myself . But I have used a network tap on numerous occasions , especially for security tools . D or D 10, .
What is the following is a common technique used to evade detection by logging , log monitoring tools . Okay . Last question Which of the following is a common technique used to evade detection by log monitoring tools A performing network scans during off peak hours . B using encrypted communications . C injecting false log entries or . D spoofing IP addresses .
So which of the following is a common technique used to evade detection by log monitoring tools ? The answer is C injecting false log entries into the system . Again , you wanna make sure that if you're trying to evade detection , putting false log entries into a system will cause people to be confused .
However , again , if you're an attacker and you start putting false things in , it's gonna tell people specifically going well , okay , yeah , these are fake . They may cause them to be delayed a little bit in their reaction , but once they figure out they're fake , they know they have a problem .
So you gotta be very careful if you're an attacker doing something Again , i'm saying that from a positive standpoint You wanna use your powers for good , not evil . By using messing with logs it can be a bit problematic . So you really do wanna avoid that . All right , i hope you all have a wonderful day . That's all I've got for you today , and it's again .
Go to CIS's P-Cyber Training , check it out , look at my Blueprint , see if you can find that It's a really good product and I think you're gonna really enjoy it . All right , have a wonderful day . We'll catch you on the flip side , see ya .