GMON FULL EXAM 2023.

GMON FULL EXAM 2023.Cyber Kill Chain - ANSWER Beaks down attacks into detectable pieces Service-Side Attacks - ANSWER Takes advantage of vulnerable services Border Router - ANSWER Can detect persistent HTTP SI Firewall - ANSWER Can prevent Exfil High-end Taps - ANSWER Gives you buffers Signature matching - ANSWER Use this to detect credit cards Bro - ANSWER This is an IDS Hash to Hash comparison - ANSWER How x509 cert verification is done Cert negotiation - ANSWER Client will always have the public key of cert auth during what? Application Whitelisting - ANSWER This can be handled by a HIPS Service Accounts - ANSWER This account lacks accountability Rollback - ANSWER Mitigate patch risks with this Vulnerability Scanner - ANSWER Use this to verify patch status Force unique local admin - ANSWER How to you mitigate Pass the Hash? HW/SW Inventory - ANSWER How do you correlate IPs and Ports? CAM - ANSWER What aids in asset inventory? HIDS - ANSWER What can detect Pivot? SeDebug - ANSWER What privilege can recover plaintext? Local Admin - ANSWER What account type does not have lockout thresh hold set by default? Logon type 3 - ANSWER What logon type closes connection? Disable it - ANSWER What should you do to built in admin? Turn on image load - ANSWER How to you keep sysmon from flooding? Long Tail analysis - ANSWER Looking for least common alert PRADS - ANSWER What can discover new IPs? Change management logs - ANSWER How can you tell what changed in an updated app? The IDS sensor closest to the clients - ANSWER Which IDS sensor do you tune to detect EXEs that transfer anywhere other than the Software distribution server? Check to see if website has reputation for hosting malware - ANSWER What is provided by the free version of VirusTotal Capture approval and exception methodologies - ANSWER Organization is implementing whitelisting and priority is to have sustainable process. What is most important (keyword process) Debug programs - ANSWER What can permission can decrypt registry entries?