Question

1.Which of the following statements about endpoint solution is true?(choose one or more)

A. Similar to network based monitoring, encryption can be an obstacle for endpoint based monitorinng

B. Endpoint agents can actively prevent attacks in realtime

C. Network based monitoring can be simpler to deploy than endpoint monitoring because it can concentrate on a few network appliannces

D. Endpoint agents can monitor application programs, users, as well as network activities

2. Which of the following windows events typically deserve high security alert by itself?

A. Logclearing

B. User added to global admin group

C. Modification of HKLM registration nkey

D. New admin user creation

3.Which of the following windows events have the highest security risk?

A. Received a power operations request

B. Host has successfully loaded driver

C. Received request to load driver

D. New USB device plugged in

4.Which of the following are important to detect pass-the-hash attacks?(choose one or more)

A. Monitor new service creationnns

B. Enterprise-wide norm: use token based authentication such as Kerberos

C. Monitor modifications to HKLM/HKCU keys

D. Monitoring susscessful logon eventsw

5. Which of the following endpoint events might be generated by malicious activities in the "installation" phase of the kill chain?(choose one or more)

A. User added to global admin group

B. New user created

C. New service created

D. modifications to HKLM/HKCU

Answer 1

2. Which of the following windows events typically deserve high security alert by itself?

Answer:D. New admin user creation

• Admin rights enable users to install new software, add accounts and amend the way systems operate. Full administrator rights allow users to own any file on the network - privileges always beat permissions.
• Therefore this means that admin users can change ownership of relevant documents or folders and either restrict access, copy or transfer data without other authority, or tamper with protected security policies.</p>

3.Which of the following windows events have the highest security risk?

Answer: New USB device plugged in

• Attackers can use USB drives to infect other computers with malware that can detect when the USB drive is plugged into a computer.
• The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer.

I was only sure about two questions.

If you have any doubts, leave a comment below and I'll help you out.