Our monthly Meetup (https://www.meetup.com/NoVA-IT-Cyber-Security-Group/) for July was informative with all the great minds participating to make it even better! We thank everybody who attended and joined our community to share knowledge.
The session covered a powerful tool- “Nutanix” and also touched upon various emerging technologies in the public sector including Software Defined Data Center (SDCC) / Software Defined Networking (SDN), Third Platform Solutions, Biometric and Perimeter Security Solutions.
Speaker: Prem Jadhwani, CEO & President (Intellectual Point) and CTO (GAI) shared his subject matter expertise on data centers, cyber security, cloud computing, data analytics, mobile and wireless, IoT, SDN and other emerging technologies.
Splunk is a real-time data processing tool for logs generated by IoT devices.
Splunk converts unreadable machine data to visual friendly dashboards. All the processing is performed in real-time from all the IoT (Internet of Things) devices that have multiple sources of data like censors, cameras, records, etc.
All the data from IoT devices comes in various formats which could become an issue for any other tool but splunk accepts data in any format and it is not restricted to the way data in inserted. Unlike databases that have tables and columns and rows to hold data, splunk is extremely flexible and turns all the data into something called “events”.
The dashboards are user friendly so they save a lot of time that is otherwise used in understanding the data generated by IoT devices. It makes log processing highly efficient by saving time of employees and in return saving money of the companies
We provide hands-on certification training for Big Data Analytics: Tableau + Splunk
Average Annual Salary of a Splunk Engineer: $155K (source: Paysa)
Splunk Quiz: 10 Questions Quiz
Splunk Interview Questions: 30 Interview Questions & Answers
Splunk Job openings:
- Splunk Software Engineer
- Splunk Senior Sales Engineer
- Splunk Senior Software Engineer
- Splunk Sales Engineer
- Splunk Technical Support Engineer
- Splunk Engineering Manager
- Splunk Senior Product Manager
- Splunk Director of Product Management
- Splunk Cloud Operations Engineer
- Splunk Product Manager
- Splunk Software Engineer In Test
- Splunk Principal Software Engineer
- Splunk Senior UX Designer
- Splunk Director of Engineering
- Splunk Senior Systems Engineer
- Splunk Software QA Engineer
- Splunk Senior Engineering Manager
- Splunk Software Engineer
- Splunk Principal Product Manager
- Splunk Senior Technical Writer
- Splunk Security Engineer
- Splunk Senior Solutions Engineer
- Splunk UX Designer Salaries
- Splunk Technical Writer
- Splunk Senior Cloud Operations Engineer
- Splunk Senior Security Engineer
- Splunk Senior Web Developer
- Splunk Staff Sales Engineer
- Splunk Senior Technical Support Engineer
- Splunk Chief Technology Officer
- Splunk UX Designer Lead
- Splunk Technical Operations Manager
- Splunk Application Engineer
- Splunk Front End Developer
- Splunk Advisory Software Engineer
- Splunk Principal UX Designer
- Splunk Solutions Engineer
- Splunk Principal Engineer
- Splunk Senior Director of Engineering
- Splunk Senior Principal Software Engineer
|Amazon Web Services Certified Solutions Architect||AWS||32||IP|
|Certified Authorization Professional||CAP||40||IP|
|Certified Ethical Hacking||CEH||32||IP|
|Certified in Risk and Information Systems Control||CRISC||32||ISACA|
|Certified Information Security Manager||CISM||32||ISACA|
|Certified Information Systems Auditor||CISA||32||ISACA|
|Certified Network Defender||CND||32||IP|
|Certified Scrum Master||CSM||16||Lithespeed|
|Certified Secure Computer User||CSCU||16||IP|
|Cisco Certified Network Associate||CCNA||32||IP|
|Cisco Certified Network Professional||CCNP||32||IP|
|Certified Information Systems Security Professional||CISSP||32/40||IP|
|Certified Cloud Security Professional||CCSP||16||IP|
|CompTIA Advanced Security Practitioner||CASP||32||IP|
|CompTIA Cloud Essentials||Cloud Ess||N/A||N/A|
|CompTIA Cybersecurity Analyst||CSA+||32||IP|
|Computer Hacking Forensic Investigator||CHFI||32||IP|
|DevOPs (Database Administration)||DevOps||32||IP|
|IBM COGNOS 8 BI||IBM||N/A||N/A|
|Information Power Center 8.6 Certification Prep||Informatica||N/A||N/A|
|ITIL V3 Foundation||ITIL||16||IP|
|Microsoft C+ & ASP.net Developer Certification Prep||C+||N/A||N/A|
|Microsoft Certified Solutions Expert||MCSE||32||IP|
|Microsoft Cloud Platform & Certified Solutions Associate||MCSA||32||IP|
|Microsoft Office||Word, Excel, Power Point, Project, Access||80||IP|
|Microsoft Share Point Certification Prep||Sharepoint||N/A||N/A|
|Microsoft Technology Associate||MTA||16||IP|
|Oracle OCA Certification Prep||Oracle||N/A||N/A|
|Professional Business Analysis||PBA||40||IP|
|Project Management Professional||PMP||40||IP|
|Python Programming for CyberSecurity Professionals||Python||32||IP|
|Tableau Desktop Associate||Tableau||32||IP|
Question 1) A. Social engineering
Question 2) D. gpupdate
Question 3) A. Use compressed air to free the dust from the components and remove it with an ESD vacuum.
Question 4) B. Event Viewer
Question 5) B. Digitizer
Question 6) B. offer different repair/replacement options, if applicable.
Question 7) B. Antivirus
Question 8) C. Close all running apps.
Question 9) B. Scheduled nightly backups
Question 10) D. 64-bit
Objective: Identify common security threats and vulnerabilities.
Ann, an executive, reports that she received a call from someone asking for information about her email account. Which of the following type of potential security threats does this scenario describe?
A. Social engineering
Objective: Given a scenario, apply appropriate Microsoft command line tools.
A computer on a Windows domain has been identified as not having the most current policy. Which of the following tools would a technician run on the local machine to rectify this?
Objective: Given a scenario with potential environmental impacts, apply the appropriate controls.
A technician opens a customer’s computer and sees large amounts of accumulated dust. Which of the following is the BEST method of removing the dust from the computer?
A. Use compressed air to free the dust from the components and remove it with an ESD vacuum.
B. Dampen an ESD cloth with denatured alcohol and use it to gently wipe the dust away.
C. Use a shop vacuum with enough power to ensure all dust has been removed.
D. Remove as much dust as possible by hand and use compressed air to blow the rest out.
Objective: Given a scenario, troubleshoot common PC security issues with appropriate tools and best practices.
A month ago a technician installed a new application on a Windows workstation. Recently, a user opened a help ticket reporting that the workstation is intermittently crashing. The user is unsure if the crashing started before or after the application was installed. Which of the following is the BEST tool for the technician to use to determine if the crashes are caused by the application?
A. Application Monitor
B. Event Viewer
C. Performance Monitor
D. Component Services
Objective: Identify basic features of mobile operating systems.
Which of the following features of a mobile device operates the touch screen?
Objective: Demonstrate proper communication techniques and professionalism.
To demonstrate good communication techniques while resolving an issue, the technician should:
A. utilize as much technical jargon as possible when speaking.
B. offer different repair/replacement options, if applicable.
C. review all personal materials found on the computer.
D. provide immediate solutions as the customer is explaining the issues.
Objective: Compare and contrast common preventive methods.
Which of the following types of digital security requires regular and frequent updates to remain effective?
A. Smart card
C. ID badges
Objective: Given a scenario, troubleshoot common mobile OS and application issues with appropriate tools.
A user’s smartphone runs very slowly at the end of the day. When the user restarts the phone in the morning, it runs at its normal speed. Which of the following should be done throughout the day to BEST resolve this issue?
A. Reset to the smartphone to factory default.
B. Uninstall any unused apps.
C. Close all running apps.
D. Charge the smartphone.
Objective: Perform common preventive maintenance procedures using the appropriate Windows OS tools.
The leadership team of an organization has set an RPO of 24 hours for data loss. Which of the following should the system administrator implement to ensure the leadership team’s requirements are met?
A. Scheduled antivirus updates
B. Scheduled nightly backups
C. Scheduled patch management
D. Scheduled disk maintenance
Objective: Compare and contrast various features and requirements of Microsoft Operating Systems (Windows Vista, Windows 7, Windows 8, Windows 8.1).
A technician is loading an OS on a workstation that will support an application that requires 8GB of RAM. Which of the following types of OS will be supported?
During a recent audit, it was discovered that many servers and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue?
A. Network mapping
B. Vulnerability scan
C. Port scan
D. Protocol analysis
A system administrator must configure the company’s authentication system to ensure that users will be unable to reuse the last ten passwords within a six months period. Which of the following settings must be configured? (Select TWO).
A. Minimum password age
B. Password complexity
C. Password history
D. Minimum password length
E. Multi-factor authentication
F. Do not store passwords with reversible encryption
Which of the following helps to establish an accurate timeline for a network intrusion?
A. Hashing images of compromised systems
B. Reviewing the date of the antivirus definition files
C. Analyzing network traffic and device logs
D. Enforcing DLP controls at the perimeter
Which of the following internal security controls is aimed at preventing two system administrators from completing the same tasks?
A. Least Privilege
B. Separation of Duties
C. Mandatory Vacation
D. Security Policy
Which of the following is the BEST reason for placing a password lock on a mobile device?
A. Prevents an unauthorized user from accessing owner’s data
B. Enables remote wipe capabilities
C. Stops an unauthorized user from using the device again
D. Prevents an unauthorized user from making phone calls
A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?
B. Digital signatures
E. Perfect forward secrecy
A company has had their web application become unavailable several times in the past few months due to increased demand. Which of the following should the company perform to increase availability?
A. Implement a web application firewall to prevent DDoS attacks
B. Configure the firewall to work with the IPS to rate limit customer requests
C. Implement a load balancer to distribute traffic based on back end server utilization
D. Configure the web server to detect race conditions and automatically restart the web services
A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people’s first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?
Which of the following would be MOST appropriate if an organization’s requirements mandate complete control over the data and applications stored in the cloud?
A. Hybrid cloud
B. Community cloud
C. Private cloud
D. Public cloud
Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of?
A. Size of the files
B. Availability of the files
C. Accessibility of the files from her mobile device
D. Sensitivity of the files
Which of the following attacks involves the use of previously captured network traffic?
A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?
B. Security Policy
C. Consent to Monitoring Policy
D. Acceptable Use Policy
Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?
A. Trusted OS
B. Host software baselining
C. OS hardening
Ann, a college professor, was recently reprimanded for posting disparaging remarks regarding her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remarks. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?
A. Data labeling and disposal
B. Use of social networking
C. Use of P2P networking
D. Role-based training
Given the following set of firewall rules:
From inside to outside allow source any destination any port any
From inside to dmz allow source any destination any port tcp-80
From inside to dmz allow source any destination any port tcp-443
Which of the following would prevent FTP traffic from reaching a server in the DMZ from the inside network?
A. Implicit deny
B. Policy routing
C. Port forwarding
D. Fowarding proxy
In order to gain an understanding of the latest attack tools being used in the wild, an administrator puts a Unix server on the network with the “root” user’s password set to “root.” Which of the following BEST describes this technique?
C. Gray box testing
A user is unable to login after 5 p.m. to complete a financial report. The user calls the help desk to report the issue. A technician verifies that the user’s credentials are valid, and the user account is enabled. Which of the following is causing this issue?
A. Separation of duties
B. Multifactor authentication
C. Rule-based access control
D. Least privilege
A wireless site survey has been performed at a company. One of the results of the report is that the wireless signal extends too far outside of the building. Which of the following security issues could occur as a result of this finding?
A. Excessive wireless access coverage
B. Interference with nearby access points
C. Exhaustion of DHCP address pool
D. Unauthorized wireless access
During a code review, a software developer discovers a security risk that may result in hundreds of hours of rework. The security team has classified this issue as low risk. Executive management has decided that the code will not be rewritten. This is an example of:
A. risk avoidance.
B. risk transference.
C. risk mitigation.
D. risk acceptance.
A security architect is designing an enterprise solution for the sales force of a corporation which handles sensitive customer data. The solution must allow users to work from remote offices and support traveling users. Which of the following is the MOST appropriate control for the architect to focus on to ensure confidentiality of data stored on laptops?
A. Full-disk encryption
B. Digital signatures
C. Federated identity management
D. Cable locks
Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met?
A. Logic bomb
An attacker wearing a building maintenance uniform approached a company’s receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge, and checks the company’s list of approved maintenance personnel prior to granting physical access to the secure area. The controls used by the receptionist are in place to prevent which of the following types of attacks?
B. Shoulder surfing
During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the organization incurs in this situation in the future?
A. Time-of-day restrictions
B. User access reviews
C. Group-based privileges
D. Change management policies
A technician reports a suspicious individual is seen walking around the corporate campus. The individual is holding a smartphone and pointing a small antenna, in order to collect SSIDs. Which of the following attacks is occurring?
A. Rogue AP
B. Evil twin
D. War driving
A security director has contracted an outside testing company to evaluate the security of a newly developed application. None of the parameters or internal workings of the application have been provided to the testing company prior to the start of testing. The testing company will be using:
A. gray box testing.
B. active control testing.
C. white box testing.
ANSWERS (Password: i<3iPoint)
Ransomware is one of the major threats computer users now face, even though recent reports suggest that many people don’t actually know what it is.
Delivered via spam or phishing emails that trick users into clicking on malicious links, ransomware renders computer systems, devices or files inaccessible and holds the victim hostage until payment is made, usually in the form of bitcoins.
“Victims are faced with the choice of paying up or losing all their valuable data forever. Unfortunately, this approach works for cybercriminals, because consumers and businesses are unprepared for their data — whether it’s a business’ intellectual property or family photos — to be taken from them with no hope of retrieval unless they pay,” says Usman Choudhary, chief product officer at ThreatTrack Security. “Understandably, nearly 1 in 3 security professionals at companies say they’d be willing to pay for the safe recovery of stolen or encrypted data, and that number jumps to 55 percent at organizations that have already been targeted. Meanwhile, your average home user feels as if they have no choice but to pay”.
To help IT pros ensure their organizations don’t fall prey to ransomware, the VIPRE antivirus team at ThreatTrack has issued five essential safety tips as follows:
1 Back up your data — External hard drives keep dropping in price and growing in capacity, so they provide an easy and affordable way to back up your data. There are also numerous cloud-based ‘set it and forget it’ options for automatically backing up your data to an offsite server. Backing up is by far the best do-it-yourself tactic you can take to protect yourself from being blackmailed.
2 Start a schedule — It’s good to back up your data but it needs to be done regularly to be effective. ThreatTrack recommends backing up your data at least once a week and, ideally, once a day.
3 Be aware of phishing emails — Employees need to be aware of the latest social engineering tactics being used to lure people into clicking on malicious links and attachments. There are many resources available that can help, including online tutorials and security awareness training services. Just sending out regular communications about the various tactics and terms used — spam, malware, spear-phishing, etc — will help employees become more vigilant about identifying phishing attempts.
4 Update your software — Ransomware authors often seek to exploit vulnerabilities in popular software applications. If you’re diligent about keeping applications up to date, you’ll minimize your exposure to potential attacks. Better yet, make sure that any applications that can be set to update themselves automatically have that feature turned on.
5 Keep work and personal data separate — A recent survey showed that nearly a third of IT security staff were asked to remove malware from an executive’s computer/device because they had let a family member use it. With so many people working from home it can be hard to separate work from personal life, but keeping these two worlds apart can go a long way toward protecting data and minimizing the impact of an attack.
If you are struck by ransomware, ThreatTrack recommends you immediately cut off any connections, shutting down your computer and disconnecting it from the network. While the damage to that system has already been done, you can help stop the spread of malware to other systems or devices.