4.0 Operations and Incident Response Flashcards

1
Q

a command-line utility that you can use to trace the path that an Internet Protocol (IP) packet takes to its destination.

A

Linux: traceroute domainname

Windows: tracert domainname

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Command that lets an Internet server administrator or any computer user enter a host name (for example, “whatis.com”) and find out the corresponding IP address or domain name system (DNS) record

A

Linux: dig domainname

Windows: nslookup domainname

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Command for Displaying all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings

A

Linux: ifconfig

Windows: ipconfig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

program scans the network that a computer is connected to and outputs a list of ports, device names, operating systems, and several other identifiers that help the user understand the details behind their connection status

A

nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

command can be used to send large volumes of TCP traffic at a target while spoofing the source IP address, making it appear random or even originating from a specific user-defined source

A

HPing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

command is a networking tool used for troubleshooting and configuration, that can also serve as a monitoring tool for connections over the network. Both incoming and outgoing connections, routing tables, port listening, and usage statistics are common uses for this command

A

netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

a back-end tool that allows for port scanning and port listening

A

netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

analyzing a business network to discover IP addresses and identify relevant information associated with those IP addresses and devices.

A

IP Scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

command allows you to make manual entries into the network routing tables.

A

route

Example

route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

a command-line tool that lets you transmit HTTP requests and receive responses from the command line or a shell script

A

curl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Linux that acts as a wrapper for a variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open ports / banners, and employee names related to a domain from different public sources

A

TheHarvester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities

A

Sn1per

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

automated tool developed in the Python language, which performs port scanning on the target host

A

Scanless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

multithreaded perl script to list DNS information of a domain and to discover non-contiguous ip blocks.

A

Dnsenum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools

A

Nessus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

is a tool that is used to launch malware in a secure and isolated environment, the idea is the sandbox fools the malware into thinking it has infected a genuine host

A

Cuckoo sandbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Linux command to used to change the access mode of a file

A

Chmod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

a linux command prints the first lines of one or more files (or piped data) to standard output

A

Head

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

a linux command which prints the last few number of lines (10 lines by default) of a certain file, then terminates.

A

Tail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

a Linux command used in searching and matching text files contained in the regular expressions

A

grep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

provides an interface to the syslog subroutine, which writes entries to the system log

A

logger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files

A

TCPreplay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

packet analyzer that is launched from the command line. It can be used to analyze network traffic by intercepting and displaying packets that are being created or received by the computer it’s running on. It runs on Linux

A

TCPDump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

basic purpose of this linux command is to transfer data from one drive to another while also making sure that the data itself is not changed

A

dd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

used for forensics, data recovery, low-level data processing, and IT security. It allows the user to view files in hexadecimal format

A

winHex

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

a tool for creating disk images and is absolutely free to use. It was developed by The Access Data Group. It is a tool that helps to preview data and for imaging

A

FTK Imager

27
Q

are supported software packages that contain reliable exploit modules and other useful features, such as agents used for successful repositioning

A

Exploitation frameworks

28
Q

recovers passwords using various techniques. The process can involve comparing a list of words to guess passwords or the use of an algorithm to repeatedly guess the password

A

password crackers

29
Q

the process of irreversibly removing or destroying data stored on a memory device (hard drives, flash memory / SSDs, mobile devices, CDs, and DVDs, etc.) or in hard copy form

A

Data sanitization

30
Q

A plan that has a set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information systems

A

incident response plans

31
Q

This is a process for identifying an attack, understanding its severity and prioritizing it, investigating and mitigating the attack, restoring operations, and taking action to ensure it won’t recur

A

incident response process

32
Q

Incident Response Process technique that does the following

These are things you would before an attack happens

  • communication, who gets contacted, what are the phone numbers, etc
  • resources: documentation, diagrams, base-lines
  • incident mitigation software
  • policies to follow
A

IRP Preparation

33
Q

Incident Response Process technique that does the following

This step in the IRP is figuring out the type of attack

buffer overflows
- anti-virus can identify
- host-based monitors detect configuration changes: something is going to happen or is already underway
- network traffic flow deviates

A

IRP Identification

34
Q

This is a incident response process technique for making sure the attack doesn’t get out of hand

Techniques you would use

  • don’t leave it alone
  • sandbox
  • isolation can sometimes be problematic because some malware will delete itself and other data once it detects is doesn’t have an internet connection
A

IRP Containment

35
Q

Incident Response Process technique that does the following
- remove malware
- disable breached user accounts
- fix vulnerabilities

A

IRP Eradication

36
Q

Incident response process technique that has:

  • different ways to detect incidents, due to large amount of data
  • security incidents are normally complex
A

IRP Detection

37
Q

Incident Reponse Process technique that is referring to the aftermath:

  • have it soon after the attack
  • what happened?
  • evaluate how incident plans worked
  • did the precursors help?
A

IRP Lesson Learned

38
Q

Incident Response process technique to get back to working operation
can take months
- a phased approach
- start with high-value parts

A

IRP Recovery

39
Q

set of data matrices, and assessment tool developed by this corporation to help organizations understand their security readiness and uncover vulnerabilities in their defenses.

A

MITRE ATT&CK

40
Q

analysis is an approach employed by several information security professionals to authenticate and track cyber threats.

A

Diamond Model of Intrusion Analysis

41
Q

a way to understand the sequence of events involved in an external attack on an organization’s IT environment.

A

Cyber Kill chain

42
Q

Palnning effort within individual agencies to ensure they can continue to perform their mission essential functions during a wide range of emergencies

A

continuity of operations planning

43
Q

signaling protocol that enables the Voice Over Internet Protocol (VoIP) by defining the messages sent between endpoints and managing the actual elements of a call

A

Session Initiation Protocol

44
Q

a protocol that computer systems use to send event data logs to a central location for storage

A

syslog/rsyslog/syslog-ng

45
Q

Linux command for querying and displaying logs from journald, systemd’s logging service

A

journalctl

46
Q

open source log collection tool
and centralization tool that offers log processing features, including log enrichment (parsing, filtering, and conversion) and log forwarding

A

NXLog

47
Q

standard for monitoring network flow data

allows you to monitor IP network traffic information as data packets enter or exit an interface.

A

Netflow

48
Q

provides a more comprehensive picture of network traffic, because it includes the full packet header, from which any field can be extracted

A

SFlow

49
Q

works with Cisco equipment
To do so, collects data packets from across the network

A

IPFix

50
Q

used to monitor data traffic and analyze captured signals as they travel across communication channels

A

Protocol analyzer output

51
Q

automate, control, and secure administrative policies on laptops, smartphones, tablets, or any other device connected to an organization’s network.

A

Mobile Device Management

52
Q

SOAR technique consists of a series of conditional steps to perform actions, such as data enrichment, threat containment, and sending notifications, automatically as part of the incident response or security operations process.

A

SOAR Runbook

53
Q

SOAR technique designed to help SOC teams respond to known threats because security breaches are not typically the result of unknown threats

A

Soar playbook

54
Q

the process by which organizations preserve potentially relevant information when litigation is pending or reasonably anticipated

A

Legal Hold

55
Q

the sequence or order in which the digital evidence is collected.

A

order of volatility

56
Q

A piece of evidence, such as text or a reference to a resource, that is submitted to support a response to a question.

A

Artifacts

57
Q

entitles your organization to review your vendor’s work product and reporting which may include self-assessments, third-party audits and other, official documents detailing the sufficiency of internal systems and controls

A

right-to-audit clauses

58
Q

any government or governmental unit which has authority to regulate the sale or use of a Co-Development Product in any territory

A

Regulatory/jurisdiction

59
Q

A mathematical value created using a cryptographic algorithm that is assigned to data and later used to test the data to verify that the data has not changed

A

checksum

60
Q

form of digital investigation that attempts to find evidence in email, business communications and other data that could be used in litigation or criminal proceedings

A

e-discovery

61
Q

What are the six steps in the incident response process?

A

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lesson Learn

62
Q

A model standard describes malicious activity and enables intrusion analysis, threat hunting, and threat detection.

A

Diamond Model Intrusion Analysis

63
Q

Name the four diamond model intrusion analysis

A

Adversary , Capability , Infrastructure and Victim