4.0 Respond Flashcards by Dontay Gibson

Q

Incident response plans and processes

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Communication with internal and external stakeholders

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Personnel role and responsibilities

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Incident reporting

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Allow list/block list

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

IDS/IPS rules configuration

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Network segmentation

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Web content filtering

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Port blocking

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Firewall

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

IDS/IPS

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Web proxy

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Anti-malware

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Endpoint security solutions

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

DLP

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Windows tools to analyze incidents

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Registry

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Network

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

File system

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Malware

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Processes

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Services

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Volatile memory

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Active Directory tools

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Linux- based tools to analyze incidents

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Network

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

File system

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Malware

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Processes

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Volatile memory

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Session management

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Digital evidence collection

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Physical evidence collection

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Chain of custody

A

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Static analysis

A

Q

Dynamic analysis

A

Q

FTK

A

Q

EnCase

A

Q

eDiscovery

A

Q

Forensic Explorer

A

Q

Kali Linux Forensic Mode

A

Q

CAINE

A

Q

SANS SIFT

A

Q

Volatility

A

Q

Binalyze AIR

A

Q

Forensically sound duplicates

A

Q

Document and communicate results

A

Q

Logs

A

Q

Data analysis

A

Q

Intrusion prevention or detection systems (IDS/IPS)

A

Q

Forensic Analysis

A

Q

Correlation Analysis

A

Q

Event correlation tools and techniques

A

Q

Root cause analysis

A

Q

Alerting systems

A

Q

Incident reports

A

Q

Document and communicate results

A

Q

Chain of command

A

Q

Policies

A

Q

Procedures

A

Q

Incident response plan

A

Q

Security configuration controls

A

Q

Baseline configurations

A

Q

Hardening documentation

A

Q

Document measures implemented

A

Q

Threat actors

A

Q

Patterns of activity

A

Q

Methods

A

Q

Tactics

A

Q

Early stages of campaign

A

Q

Key facts of the infrastructure

A

Q

Artifacts and tools used

A

Q

Techniques

A

Q

Technological

A

Q

Non-technological

A

Q

Procedures

A

Q

Communication policies and procedures

A

Q

Internal communication methods

A

Q

Secure channels

A

Q

Out-of-band communications

A

Q

Local law enforcement

A

Q

Stockholders

A

Q

Breach victims

A

Q

Media

A

Q

Other CERTS/CSIRTS

A

Q

Vendors

A