Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CFR-410 > 3.0 Detect > Flashcards

3.0 Detect Flashcards

1
Q

Analyze security system logs, security tools, and data

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IP networking/Ip resolving

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Dos attacks/DDos attacks

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security vulnerability databases

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Intrusion detection systems

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Network encryption

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SSL decryption

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SIEM

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Firewalls

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DLP

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IPS

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IDS

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Evaluate and interpret metada

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Malware

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network topology

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Anomalies

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

False positives

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Superhuman logins/geo-velocity

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

APT activity

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Botnets

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Unauthorized programs in the startup menu

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Presence of attack tools

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Registry entries

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Unusual network traffic

A

Bandwidth usage
Malicious network communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Off hour usage

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

New administrator/user accounts

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Guest account usage

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Unknown open ports

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Unknown use of protocols

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Service disruption

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Website defacement

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Unauthorized changes/modifications

A

Suspicious files
Patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Recipient of suspicious emails

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Unauthorized sessions

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Failed logins

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Rogue hardware

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Agent-based log collection

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Agentless log collection

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Syslog log collection

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Source validation

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Verification of log integrity

A
42
Q

Evidence collection

A
43
Q

Ip address and hostname resolution

A
44
Q

Field name consistency

A
45
Q

Time zones

A
46
Q

Threat hunting

A
47
Q

Long tail analysis

A
48
Q

Intrusion detection

A
49
Q

Behavioral monitoring

A
50
Q

Log retention

A
51
Q

Log aggregator and analytics tools

A

SIEM

52
Q

Linux tools

A

grep
cut
diff

53
Q

grep

A
54
Q

cut

A
55
Q

diff

A
56
Q

Windows tools

A

find
WMIC
Event viewer

57
Q

find

A
58
Q

WMIC

A
59
Q

Event Viewer

A
60
Q

Bash

A
61
Q

Powershell

A
62
Q

Network-based

A
63
Q

WAP logs

A
64
Q

WIPS logs

A
65
Q

Controller logs

A
66
Q

Packet capture

A
67
Q

Traffic log

A
68
Q

Flow data

A
69
Q

Device state data

A
70
Q

SDN

A
71
Q

Host-based

A
72
Q

Linux syslog

A
73
Q

Application logs

A
74
Q

Cloud Audit logs

A
75
Q

Threat feeds

A
76
Q

Asset discovery methods and tools

A
77
Q

Alerting systems

A
78
Q

Intrusion prevention or detections systems (IDS/IPS)

A
79
Q

Firewalls

A
80
Q

Endpoint detection and response (EDR)

A
81
Q

Common indicators of potential compromise, anomalies, and patterns

A
82
Q

Analysis tools

A
83
Q

Document and communicate results

A
84
Q

Communication and documentation policies and processes

A
85
Q

Security incident reports

A

Description
Potential impact
Sensitivity of information
Logs

86
Q

Escalation processes and procedures

A

Specific technical processes
Techniques
Checklists
Forms

87
Q

Incident response teams

A
88
Q

Levels of authority

A
89
Q

Personnel roles and responsibilities

A
90
Q

Document and communicate results

A
91
Q

Command and control

A
92
Q

Data exfiltration

A
93
Q

Pivoting

A
94
Q

Lateral movement

A
95
Q

Persistence/maintaining access

A
96
Q

Keylogging

A
97
Q

Anti-forensics

A
98
Q

Covering tracks

A
99
Q

Prioritization or severity ratings of incidents

A
100
Q

Communication policies and procedures

A
101
Q

Levels of authority

A
102
Q

Communicate recommended courses of action and countermeasures

A

CFR-410 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions