security
Are you a Security PreSales Ninja?
Security Ninja Quiz
Quiz-summary
0 of 18 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
Information
Take this quiz and determine if you are a Security PreSales Ninja.
NOTE: this quiz has a 20 minute time limit to complete.
Enter your full name and email address in the results table to save to the leaderboard!
|
You must specify a text. |
|
|
You must specify an email address. |
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 18 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
| Average score |
|
| Your score |
|
Categories
- Not categorized 0%
- AAA Security 0%
- Attack Vectors 0%
- Data Protection 0%
- Network Security 0%
- Sales Engineering 0%
- Security Management 0%
- System Admin 0%
-
“” you have graduated and we consider you a Security PreSales Ninja – great work!
| Pos. | Name | Entered on | Points | Result |
|---|---|---|---|---|
| Table is loading | ||||
| No data available | ||||
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- Answered
- Review
-
Question 1 of 18
1. Question
What’s the major difference between Symmetric and Asymmetric encryption?
Correct
Awesome! You know the basics!
Incorrect
Sorry, you are not even close…
-
Question 2 of 18
2. Question
If you are alerted by a DMZ IDS that an IIS buffer overflow attack was targeting your Apache web server, what should you do?
Correct
Awesome! You know the basics!
Incorrect
Sorry, you are not even close…
-
Question 3 of 18
3. Question
You have an older server with a password-protected BIOS configuration. What are two ways you can get past this problem without knowing the BIOS password? Choose the best two answers…
Correct
Awesome! You know the basics!
Incorrect
Sorry, you are not even close…
-
Question 4 of 18
4. Question
What shell command should you use on Linux to perform “root” privilege functions without knowing the “root” password?
Correct
Awesome! You know the basics of Linux security!
Incorrect
Sorry, you are not even close…
-
Question 5 of 18
5. Question
What is the key difference between a Network Intrusion Prevention System (NIPS) vs Network Intrusion Detection System (NIDS)?
Correct
Awesome! You know the difference between IDS and IPS!
Incorrect
Sorry, you are not even close…
-
Question 6 of 18
6. Question
Select the most effective method you would use to secure a WiFi network?
Correct
Awesome! You know the WiFi security basics!
Incorrect
Sorry, you are not even close…
-
Question 7 of 18
7. Question
Select the best answer that describes a “false-negative” as it relates to information security.
Correct
Awesome! You know the basics!
Incorrect
Sorry, you are not even close…
-
Question 8 of 18
8. Question
If one attacker is trying to connect to a server with an excessive number of TCP packets, from a spoofed IP address, what is this attack commonly called?
Correct
Awesome! You know the basics of SYN flooding!
Incorrect
Sorry, you are not even close…
-
Question 9 of 18
9. Question
Match the SIEM product to the appropriate vendors below. Select the tile from the top and drag to the blank space next to each vendor:
Sort elements
- Qradar SIEM - was originally known as Q1 Labs before their acquisition.
- Enterprise Security Manager (ESM) - was originally known as NitroSecurity before their acquisition.
- ArcSight ESM - was founded in 2000 and acquired by this large company in 2010
- Security Analytics - was originally referred to as EnVision before they acquired NetWitness in 2011
-
IBM Security
-
McAfee
-
HP Enterprise Security Products
-
EMC / RSA
Correct
Awesome! You know the basic SIEM competitors!
Incorrect
Sorry, you are not even close…
-
Question 10 of 18
10. Question
The acronym “SIEM” translates to which of the following?
Correct
Awesome! Security Information & Event Management is correct!
Incorrect
Sorry, Security Information & Event Management was the correct answer.
-
Question 11 of 18
11. Question
What would you use to authenticate a Linux workstation on an Active Directory domain?
Correct
Awesome! You know the basics!
Incorrect
Sorry, SMB client or Samba was the correct answer.
-
Question 12 of 18
12. Question
An anonymous person calls your telephone and says they are from your credit card company and asks you to tell them your credit card number and expiry as a verification that they are speaking to the right person. What method of attack are they attempting?
Correct
Awesome! You know social engineering basics!
Incorrect
Sorry, you are not even close…
-
Question 13 of 18
13. Question
Scenario: your company top executive (CEO) alerts you that they have received an official looking email from the local law enforcement agency regarding a court subpoena directed at their full legal name and the email instructs them to click on a link and install special software to view the encrypted subpoena. Is this an attempted attack and, if so, what method of attack is this referred to?
Correct
Awesome! You know phishing basics!
Incorrect
Sorry, but you are close…
-
Question 14 of 18
14. Question
Scenario: An employee at a financial services company has been suspected of fraud by law enforcement and you have been consulted to perform the Forensic extraction of data from the user’s PC. Arrange the following tiles in the correct order based on each item’s volatility. List the items from most volatile (top) to least volatile (bottom).
-
Data in RAM / CPU cache, including recently used data, applications, system and network processes.
-
Swap files (aka paging files) stored on local disk drives
-
User and application data stored on local disk drives
-
Logs and personal files stored on remote systems
-
Archive media containing user backups
Correct
Awesome! You have a handle on forensic basics.
Incorrect
Sorry, you didn’t arrange the list correctly.
-
-
Question 15 of 18
15. Question
As a pre-sales engineer, the process of mastering your own solution before giving an effective product demonstration is referred to as the “Demo Pyramid”. During your “ramp-up” this process forms a series of layered stages, with each stage building upon the previous level. Sort the tiles below into the pyramid, in the order of beginner to mastery (lowest at the bottom, highest at the top):
-
Solution
-
Construction
-
Functional Explanation
-
Feature Explanation
-
Memorization & Recital
Correct
Well done! You show great skill in pre-sales…
Incorrect
Sorry, that’s not correct. You should read “Making the Technical Sale”…
-
-
Question 16 of 18
16. Question
Since Sales Engineers work closely with Sales Reps on a daily basis there is some basic sales terminology they must understand. Use the matrix below to sort the list of tiles and place them next the matching terms listed in the first column.
Sort elements
- This refers to the most popular tool that sales reps use to create opportunities, forecast closing dates and used for many other customer relationship management tasks.
- A method of calculating over achievement to increase the rate of pay for reps who exceed revenue targets.
- Usually a short term bonus (anywhere from one week out to a full quarter) designed to motivate sales reps with immediate payout.
- A tool usually developed by marketing that's used by the sales team to understand competition and helps qualify opportunities they are pursuing.
- A set amount of selling that a salesperson is expected to meet over a given time frame.
-
SFDC
-
Accelerators
-
SPIF(F)
-
SWOT
-
Quota
Correct
Excellent! You are proficient in sales terminology…
Incorrect
Sorry, you need to brush up on your sales terminology…
-
Question 17 of 18
17. Question
Within a large sales organization different teams provide valuable resources to complete the sale. Use the list of tiles below to best match the responsibilities of the various team members.
Sort elements
- Responsible for developing an account plan to try to secure a prospect as a customer, focus is on the financial and legal terms of the contract closing and manage the ongoing relationship with the customer.
- Provide technical overview of product architecture, functionality, data requirements, and integration with other enterprise applications.
- Often translate business objectives set for a product by Marketing or Sales into engineering requirements.
- Attempt to help the customer solve specific problems with a product after they have purchased through email or over the telephone.
- Top source of lead generation for the sales team and often performs their role remotely through virtual presentations and cold-calling prospective customers.
-
Regional Sales Representative
-
Pre-Sales Engineer
-
Product Management
-
Product Technical Support
-
Inside Sales Representative
Correct
Excellent! You show true proficiency in a sales organization.
Incorrect
Sorry, you need to better understand roles and responsibilities within a sales team.
-
Question 18 of 18
18. Question
Scenario: you are the lead Sales Engineer assisting three sales reps in a 3:1 ratio. All of the reps come to you at the same time with what they consider to be top priority tasks listed below. Read the task requests from each of the reps in this question and then choose which possible options you would use to assist the reps from the multiple choices below (HINT: more than one answer):
- REP #1: needs you to respond to an RFP with a closing date of one week away for a $20,000 opportunity set to close in the next quarter
- REP #2: needs you to create a custom demo for a prospect to be delivered in one week for a $15,000 opportunity set to close in the current quarter
- REP #3: needs you to go onsite and provide a one week Proof of Concept (POC) for a new prospect with no budget and no closing date
Correct
Wow! You have a strong time management and sense of sales priorities…
Incorrect
Sorry, that was not the answer we were looking for…
NetCerebral’s Device EPS Calculator
Hi folks, this post is another form I created using the Calculated Fields Form plugin for WordPress. Basically, this simple form calculates the number of devices input in the form fields and multiplies the number of devices by the designated Events Per Second (EPS) average for each device type. It then provides a live calculation of total number of devices, total average EPS and total average Events Per Day (EPD).
This handy calculation can then be used on my other calculator NetCerebral’s Simple Log Storage Calculator as the average EPS, need as the primary input to calculate amount of storage and IOPs required for the EPD and retention periods defined.
Who’s In Your Cloud?
Wikipedia cites:
Cloud Computing describes systems that provide computation, software, and data access services without requiring end-user knowledge of or dependence on the system’s physical location and configuration
As an example, take an online vacation reservation system that may be a hosted cloud model such as Software as a Service (SaaS), in which your business would host an application that consists of a web front-end, database, storage and billing services.
While the cloud provider provides an Application Programming Interface (API) and access to the various components through traditional interfaces such as SSH, FTP or SOAP, there is limited access to the underlying systems as they are usually multi-tenancy in which multiple customers share their applications on the same system. This creates challenges for monitoring and controlling the security controls governing your application.
Cloud providers will provide SLAs and frequent security reports but there is no visibility into who is administering the systems hosting your application or what vulnerabilities may be present that will allow attackers to successfully compromise the systems using SQL injection or Cross-site scripting attacks.
Cloud providers will usually allow you to conduct third-party web application penetration testing against your own URL but will not allow you to monitor their servers nor will they send you events from their network security devices (IDS/IPS, firewalls, etc), which would allow real-time correlation and threat mitigation. Essentially, you lose control of your sensitive data and who may be accessing the systems in adherence to your security policies.
With the rise of Botnets, Scareware, Phishing, Brand theft, social network vulnerabilities and many other forms of evolving malware, Cloud Computing companies that will be most successful will be those that offer security monitoring services with logical segregation that uses context regarding your business, such as:
- Real-time threat feeds
- Lists of nefarious IP addresses
- Countries of concern
- Export control
- Software vulnerabilities
- Geo-spatial disparity
- Customer activity profiling
- Privileged user accountability
- Perimeter threat baselining
- Terminated employee monitoring
With this context information correlated with real-time events gathered from all of the control points between the cloud components, customers could receive real-time alerts from the cloud and would access a GUI to drill-down and conduct post-analysis of threats and then create their own dashboards or reports regarding attackers, application issues and administration accountability.
This model would alleviate the loss of visibility by placing applications into the cloud and ensure your auditors have access to the security and compliance data they need during an assessment.
- Linux SecOps – Look Who’s Knocking July 19, 2021
- Calculating Peak EPS for Security Log Monitoring May 21, 2021
- Event Log Convergence = Business Intelligence April 18, 2021
- Chronology of a Ransomware Attack January 20, 2021
- SIEM Storage Calculator December 28, 2019
- AIO WP Security Firewall Log Hacks August 12, 2019
- Essential Firewall Rules for Internet Facing Firewalls July 23, 2019
- SIEM-as-a-Service: do the survey and let me know if you’re an early adopter… July 6, 2016
- Are you a Security PreSales Ninja? July 28, 2015
- SCAM: Call from Computer Maintenance Department July 22, 2015
- Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
- S3 Ep137: 16th century crypto skullduggery
- Serious Security: That KeePass “master password crack”, and what we can learn from it
- Serious Security: Verification is vital – examining an OAUTH login bug
- S3 Ep136: Navigating a manic malware maelstrom
- Ransomware tales: The MitM attack that really had a Man in the Middle
- PyPI open-source code repository deals with manic malware maelstrom
- Phone scamming kingpin gets 13 years for running “iSpoof” service
- Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
- S3 Ep135: Sysadmin by day, extortionist by night