Question 1mediummultiple choice
Read the full Security Operations explanation →CISSP Security Operations • Complete Question Bank
Complete CISSP Security Operations question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. Exhibit: syslog entry from a firewall <134>2024-03-15T14:23:45Z FW-01 %ASA-4-106023: Deny tcp src inside:192.168.1.10/3345 dst outside:203.0.113.5/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Refer to the exhibit.
Exhibit: snippet from a security policy in JSON format
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/confidential/*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "10.100.0.0/16"
}
}
}
]
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Maximum acceptable downtime after a disaster
Maximum acceptable data loss measured in time
Average time between system failures
Average time to repair a failed system
Service level agreement defining performance metrics
Refer to the exhibit.
syslog-ng configuration:
filter f_auth { facility(auth) or facility(authpriv); };
log { source(s_sys); filter(f_auth); destination(d_central); };Refer to the exhibit. Firewall ACL: access-list 100 permit tcp any any eq 80 access-list 100 permit tcp any any eq 443 access-list 100 permit udp any any eq 53 access-list 100 deny ip any any log
Refer to the exhibit. Windows Event Log entry: Log Name: Security Event ID: 4625 Account For Which Logon Failed: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Failure Information: Failure Reason: Account locked out. Sub Status: 0xc0000234
Feb 10 12:34:56 host1 sshd[1234]: Failed password for root from 10.0.0.1 port 22 ssh2 Feb 10 12:34:57 host1 sshd[1234]: Failed password for root from 10.0.0.1 port 22 ssh2 Feb 10 12:34:58 host1 sshd[1234]: Failed password for root from 10.0.0.1 port 22 ssh2 Feb 10 12:35:00 host1 sshd[1234]: Accepted password for admin from 10.0.0.2 port 22 ssh2
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketA/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "192.0.2.0/24"
}
}
},
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucketA/*"
}
]
}Mar 15 08:20:00 firewall1: %ASA-4-106023: Deny tcp src outside:203.0.113.5/1234 dst inside:10.0.0.10/80 by access-group "OUTSIDE_IN" Mar 15 08:20:01 firewall1: %ASA-4-106023: Deny tcp src outside:203.0.113.5/1235 dst inside:10.0.0.10/80 by access-group "OUTSIDE_IN" Mar 15 08:20:02 firewall1: %ASA-4-106023: Deny tcp src outside:203.0.113.5/1236 dst inside:10.0.0.10/80 by access-group "OUTSIDE_IN"
Refer to the exhibit. Exhibit: May 15 09:12:34 fw01 %ASA-4-106023: Deny tcp src inside:192.168.1.10/54321 dst outside:203.0.113.5/80 by access-group "outside-in" [0x0, 0x0]
Refer to the exhibit. Exhibit: May 15 09:15:00 authsrvr sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2
Refer to the exhibit. ``` access-list outside_in extended permit tcp any host 10.10.10.10 eq 80 log access-list outside_in extended permit tcp any host 10.10.10.10 eq 443 log access-list outside_in extended permit tcp host 192.168.1.100 host 10.10.10.10 eq 3389 log access-list outside_in extended deny ip any any log ```