1.0 Security Operations Flashcards
Windows Registry
System hardening
File structure
Configuration file locations
System process
Hardware architecture
Serverless
Virtualization
Containerization
On-premises
Cloud
Hybrid
Network segmentation
Zero trust
Secure access secure edge (SASE)
Software-defined networking (SDN)
Multifactor authentication (MFA)
Single sign-on (SSO)
Federation
Privileged access management (PAM)
Passwordless
Cloud access security broker (CASB)
Public key Infrastructure (PKI)
Secure sockets layer (SSL) inspection
Data loss prevention (DLP)
Personally Identifiable Information (PII)
Cardholder data (CHD)
Bandwidth consumption
Beaconing
Irregular peer-to-peer communication
Rogue devices on the network
Scans/sweeps
Unusual traffic spikes
Activity on unexpected ports
Processor consumption
Memory consumption
Drive capacity consumption
Unauthorized software
Malicious processes
Unauthorized changes
Unauthorized privileges
Data exfiltration
Abnormal OS process behavior
File system changes or anomalies
Registry changes or anomalies
Unauthorized scheduled tasks
Anomalous activity
Introduction of new accounts
Unexpected output
Unexpected outbound communication
Service interruption
Application logs
Social engineering attacks
Obfuscated links
Wireshark
tcpdump
Security information and event management (SIEM)
Security orchestration, automation, and response (SOAR)
Endpoint detection and response (EDR)
Domain name service (DNS) and Internet Protocol (IP) reputation
WHOIS
AbuselPDB
Strings
VirusTotal
Joe Sandbox
Cuckoo Sandbox
Command and control
Interpreting suspicious commands
Header
Impersonation
DomainKeys Identified Mail (DKIM)
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Sender Policy Framework (SPF)
Embedded links
Hashing
Abnormal account activity
Impossible travel
JavaScript Object Notation (JSON)
Extensible Markup Language (XML)
Python
PowerShell
Shell script
Regular expressions
Advanced persistent threat (APT)
Hactivists
Organized crime
Nation-state
Script kiddie
Insider threat-intentional
Insider threat-unintentional
Supply chain
Timeliness
Relevancy
Accuracy
Social media
Blogs/forums
Government bulletins
Computer emergency response team (CERT)
Cybersecurity incident response team (CSIRT)
Deep/dark web
Paid feeds
Information sharing organizations
Internal sources
Incident response
Vulnerability management
Risk management
Security engineering
Detection and monitoring
Indicators of Compromise (IoC)
Configurations/misconfigurations
Isolated networks
Business-critical assets and processes
Active defense
Honeypot
Repeatable/do not require human interaction
Data enrichment
Threat feed combination
Minimize human engagement
Application programming interface (API)
Webhooks
Plugins
Single pane of glass
