4.0 Flashcards

Question

Dnsenum

Answer 1

Command-line utility for DNS enumeration and information gathering, including querying DNS records, identifying subdomains, and discovering DNS zone transfers.

Answer 2

Command-line utility to provide information on current routing parameters. Used to view and manipulate the IP routing table

Answer 3

an automated scanner designed to collect a large amount of information while scanning for vulnerabilities.

Answer 4

A Linux command used to change access permissions of a file.

Answer 5

Command-line utility for logging messages to system logs, allowing users to record events, errors, and informational messages for troubleshooting and monitoring purposes.

Answer 6

Microsoft Windows-based task automation and configuration management framework, consisting of a command-line shell and scripting language.

Answer 7

Data Dump Command-line utility for data duplication, conversion, and manipulation, commonly used for creating disk images, copying data between devices, and performing low-level data operations.

Answer 8

Software for hexadecimal editing, disk editing, and data recovery on Windows systems, offering tools for analyzing and manipulating binary data, disk structures, and file systems at a low level.

Answer 9

Forensic software for acquiring and analyzing digital evidence, including imaging drives, extracting data, and examining file systems, used in forensic investigations and data recovery tasks.

Answer 10

As a suite, tcpreplay is a group of free, open source utilities for editing and replaying previously captured network traffic. As a tool, it specifically replays a PCAP file on a network.

Answer 11

Command-line packet analyzer for capturing and displaying network packets in real time, enabling users to monitor network traffic, filter packets based on criteria, and troubleshoot network issues.

Answer 12

A useful tool for exploring what is publicly available about your organization on the web such as it can provide information on employees, e-mails, and subdomains. It performs open source intelligence (OSINT) gathering to help determine a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources

Answer 13

The phase of incident response that occurs before a specific incident.

Answer 14

isthe process where a team member suspects that a problem is bigger than an isolated incident and notifies the incident response team for further investigation.

Answer 15

The set of actions taken to constrain the incident to a minimal number of machines.

Answer 16

is the process of returning the asset into the business function and restoring normal business operations.

Answer 17

Involves removing the problem, and in today’s complex system environment, this may mean rebuilding a clean machine.

Answer 18

document what went wrong and allowed the incident to occur in the first place. Then examine the incident response process itself.

Answer 19

Examine the actual steps that take place associated with a process, procedure, or event.

Answer 20

Allow personnel to go through the actual steps of an exercise but to perform response and recovery steps rather than just talk about them.

Answer 21

A comprehensive matrix of attack elements, including the tactics and techniques used by attackers on a system.

Answer 22

A cognitive model used by the threat intelligence community to describe a specific event

Answer 23

A framework used to defend against the chain of events an attacker takes, from the beginning of an attack to the end of an attack.

Answer 24

Disaster Recovery Plan The data and resources necessary, and the steps required to restore critical organizational processes.

Answer 25

Business Continuity Plan Describes what is needed in order for the business to continue to operate

Answer 26

Identifies how long data is retained, and sometimes specifies where it is stored.

Answer 27

Agents placed on systems throughout a network to collect logs from devices and send these logs to the SIEM system.

Answer 28

Data about data instead of the data itself; Information that describes other data.

Answer 29

A feature available on many routers and switches that can collect IP traffic statistics and send them to a NetFlow collector. Useful for intrusions.

Answer 30

A piece of software or an integrated software/hardware system that can capture and decode network traffic.

Answer 31

are copies of what was in memory at a point in time—typically a point when some failure occurred

Answer 32

A text-based protocol used for signaling voice, video, and messaging applications over IP. UDP port 5060

Answer 33

System Logging Protocol A standard protocol used in Linux systems to send system log or event messages to a specific server, called a syslog server.

Answer 34

The command to examine logs on a server.

Answer 35

A situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract.

Answer 36

a small piece of data, sometimes only 1 or 2 bits, and is used to quickly verify the integrity of data. The purpose of detecting errors that may have been introduced during its transmission or storage.

Answer 37

Tracing something back to its origin, a reference to the origin of data.

Answer 38

Tools for discovering, developing, and executing exploits. Penetration testing, security research, and sometimes malicious activities. Popular Frameworks: Metasploit, Core Impact, Canvas, Exploit Pack.

Answer 39

The process of deliberately, permanently, and irreversibly removing or destroying data stored on a memory device to ensure that it cannot be recovered.

Answer 40

Can monitor PII, PHI, and other sensitive information to ensure regulatory compliance (HIPAA, PCI DSS, GDPR)

Answer 41

Can identify trends in network traffic, event volume, or changes in activities/ activity levels across identities, endpoints, network and infrastructure.

Answer 42

Provide information about events on hosts and network devices. Email notification and response automation (playbooks, SOAR) optional.

Answer 43

Correlates, aggregates, and analyzes the log files from multiple sources can generate a broad, centralized view.

Answer 44

Tools that monitor and analyze network bandwidth usage to track data transfer rates, identify bottlenecks, and ensure efficient network performance.

Answer 45

A multi-platform log collection and processing tool that can gather logs from different sources, process them, and forward them to various destinations.

Answer 46

A packet sampling protocol that provides a scalable method of monitoring network traffic across high-speed networks.

Answer 47

IP Flow Information Export A protocol standardized by the IETF for exporting IP flow information from routers, switches, and other network devices.

Answer 48

protecting any documents that can be used in evidence from being altered or destroyed. sometimes called litigation hold

Answer 49

Evidence must be relevant to a fact at issue in the case.

Answer 50

where evidence is collected across multiple time zones, you must record offset based on time zone.

Answer 51

A space on a hard drive used as the virtual memory extension of a computer's RAM.

Answer 52

A small, high-speed storage layer that holds frequently accessed data to speed up future requests.

Answer 53

Written into supply chain contracts, allow an auditor can visit the premises to inspect and ensure that the contractor is complying with contractual obligations.

Answer 54

Are virtual 'sticky notes’ or labels attached to documents, making them easier to search/find.

Answer 55

Information that is vital for formulating and implementing policies, strategies, and decisions, often related to national security, defense, or business strategies.

Answer 56

The process of identifying, collecting, and producing electronically stored information (ESI) in response to a request for production in a lawsuit or investigation. Just gathering, no analyzation.