3.4 Cyber Incident Response

Question 1

what is data exfiltration?

Answer 1

the unauthorized copying, transfer or retrieval of data from a computer or server

Question 2

what should you do if you discover rogue devices on the network?

Answer 2

locate and remove them

Question 3

what happens in vertical privilege escalation?

Answer 3

the attacker obtains higher privileges by performing operations that allow the attacker to run unauthorized code

Question 4

what are the SIX network-related symptoms of incidents?

Answer 4

bandwidth consumption

beaconing

irregular peer-to-peer communication

rogue devices on the network

scan sweeps

unusual traffic spikes

Question 5

what is meant by anomalous activity?

Answer 5

activity that is outside the norms

Question 6

when does an escalation of privileges attack occur?

Answer 6

when an attacker has used a design flaw in an application to obtain unauthorized access to the application

Question 7

what are scan sweeps?

Answer 7

an attempt by an unauthorized entity to map your network

Question 8

what happens in horizontal privilege escalation?

Answer 8

the attacker obtains the same level of permissions as he already has but uses a different user account to do so

Question 9

what are the eight host-related symptoms of an incident?

Answer 9

processor consumption

memory consumption

drive capacity consumption

unauthorized software

malicious processes

unauthorized changes

Question 10

what is beaconing?

Answer 10

when malware attempts to remotely connect to a command and control host or network

Question 11

what are the SIX application-related symptoms of incidents?

Answer 11

anomalous activity

introduction of new accounts

unexpected output

unexpected outbound communication

service interruption

memory overflows