4.4 - 4.5

Question 1

End point security

Answer 1

Our devices are our endpoints ,

Allows/denied app list through approved list

Block list

Question 2

Configuration changes

Answer 2

Firewall rules

Mobile device manager

Data loss prevention

Url filter to block sites

Certificates

Question 3

Isolation

Answer 3

Process isolation, network isolation administrative isolation

Question 4

Containment

Answer 4

Putting malware in sandbox

Question 5

Segmentation

Answer 5

Prevent unauthorized movement

Question 6

Soar

Answer 6

Security orchestration automation response,

Using mutilpe third party tools and running them together with run books playbook is more advanced with combined run books inside

Question 7

Digital forensics

Answer 7

Rfc-3237 evidence id collection and archiving

Acquisition analysis and archiving

Legal hold what type of data is needed for us and requires admissibility and chains of custody with documentation of different timezones of device event logs and interviews

Question 8

Forensic data acquisition

Answer 8

Order of volatility from most to least,
cpu registers, cpu cache;
router table, arp cache, orocess table, kernel stats, memory;
Temp internet files;
Disk;
Remote logging and monitoring data;
Physical config, network topology;
Archival media

Question 9

On premises vs cloud

Answer 9

For forensics in cloud , right to audit clause for the provider to disseminate data

Look up regulatory and jurisdiction of that data

Data breach notification laws id its consumer data

Question 10

Manageing evidence

Answer 10

Integrity checks with hashing, provenance and checksums

Preservation while handling evidence by copying everything sometimes via live collection

E-discovery gathering the data, not analyzing just gathering details of electronic discovery

Data recovery for deleted or inaccessible data

Non repudiation of knowing who sent the data with mac or digital sig

Strategic intel