A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Choose two.)
Separation of duties ensures that no single individual has control over all aspects of a critical function, reducing the risk of misuse or mistakes, such as the inappropriate deletion of log files. Personnel training ensures that the system administrator and other employees understand the importance of retaining log files and other appropriate procedures, helping to prevent the issue from occurring again.
An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in the future?
Implementing a separate logical network segment for management interfaces is the best recommendation to prevent unauthorized access to managed network devices. By isolating the management traffic from the user and production traffic, the organization can restrict access to the management interfaces to only those who are authorized and require access, thereby reducing the risk of unauthorized configuration changes by insiders.
A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?
Implementing a wireless network configured for mobile device access and monitored by sensors provides the flexibility required for users to synchronize their calendars, email, and contacts to their smartphones or other personal devices. It allows users to connect their devices wirelessly, which is more convenient and versatile compared to other options such as a kiosk or a single computer setup. Additionally, monitoring by sensors adds a layer of security to ensure that the data is protected, meeting the mobile data protection requirements.
A security analyst received a compromised workstation. The workstation's hard drive may contain evidence of criminal activities. Which of the following is the
FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?
To ensure the integrity of the hard drive while performing the analysis, the first thing the security analyst must do is use write blockers. Write blockers prevent any write operations to the hard drive, hence preserving the original data. This ensures that the evidence remains unaltered and admissible in court or for further forensic analysis. Making a copy of the hard drive would come after ensuring that no data can be modified, which is achieved by using write blockers.
File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made: chmod 777 ""Rv /usr
Which of the following may be occurring?
The command 'chmod 777' changes permissions to make a directory and its contents readable, writable, and executable by everyone. This means that administrative commands within the /usr directory have been made world readable, writable, and executable.