Alllllll Flashcards

1
Q

Windows Registry

A

Information about files and services, locations of deleted files, evidence of applications being run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Autorun Keys

A

Programs set to run at startup (often associated with malware or compromise)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Master File Table (MFT)

A

Details of inactive/removed records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Event Logs

A

Logins, service start/stop, evidence of applications being run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

INDX files and change logs

A

Evidence of deleted files, MAC timestamps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Volume Shadow Copies

A

Point-in-time information from prior actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Recycle bin contents

A

Files that were intended to be deleted but forgotten

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hibernation files and memory dumps

A

Memory artifacts of commands run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Temporary Directories

A

Artifacts of software installation, user temporary file storage, or other limited lifespan data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Removable Drives

A

System logs may indicate drives were plugged in; data may be relevant to investigations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

POP3 Port

A

Port 110

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

NTP Port

A

Port 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SQL Server (2 Ports)

A

Port 1433 & 1443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Oracle Port

A

Port 1521

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RADIUS (2 Ports)

A

Port 1812 & 1813

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

MySQL Port

A

Port 3306

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

STIX Protocol

A

XML Language. Current version includes things like attack patterns, identities, malware, threat actors and tools. Conveys data so humans and security technologies can understand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

OpenIOC Protocol

A

Includes metadata like the author, the name of the IOC, and a description; references to the investigation or case and information about the maturity of the IOC

19
Q

TAXII Protocol

A

Is intended to allow cyberthreat information to be communicated at the application layer via HTTPS, specifically designed to support STIX data exchange

20
Q

3 Criteria for Intelligence

A

Timeliness, Relevancy and Accuracy

21
Q

Requirements Gathering

A

Assess what security breaches or compromises you have faced, Assess what information could have prevented or limited the impact of the breach, assess what controls and security measures were not in place that would have mitigated the breach

22
Q

Data Collection

A

Collect data from threat intelligence source to meet those requirements. Phase may repeat as additional requirements are added or as requirements are refined based on available data and data sources

23
Q

Threat Data Analysis

A

Allow for data to be consumed by the tools or processes that are used and then analyze the data itself. Output from this stage could be data fed into automated systems or other tools or written reports to distribute to leadership or others across your organization

24
Q

Intelligence Dissemination

A

Data is distributed to leadership and operational personnel who will use the data as part of their security operations role

25
Q

Feedback

A

Gathering feedback about the reports and data you have gathered. Continuous improvement is a critical element in the process and should be used to improve overall output of threat intelligence program

26
Q

Reconnaissance (Cyber Kill Chain)

A

Identifies the target

27
Q

Weaponization (CKC)

A

Building or acquiring a weaponizer that combines malware and an exploit into a payload that can be delivered to the target

28
Q

Delivery (CKC)

A

When the adversary either deploys their tool directly against targets or via release that relies on staff at the target interacting with it such as in an email payload, on a USB stick, or via websites that they visit

29
Q

Exploitation (CKC)

A

Uses a software, hardware, or human vulnerability to gain access.

30
Q

Installation (CKC)

A

Focuses on persistent backdoor access for attackers

31
Q

C2 (CKC)

A

Access allows two-way communication and continued control of the remote system

32
Q

Action on Objectives (CKC)

A

When mission’s goal is complete. Adversaries will collect credentials, escalate privileges, pivot and move laterally through the environment, and gather and exfiltrate information

33
Q

Common Configuration Enumeration (CCE)

A

Provides a standard nomenclature for discussing system configuration issues

34
Q

Common Platform Enumeration (CPE)

A

Provides a standard nomenclature for describing product names and versions

35
Q

Common Vulnerability Exposures (CVE)

A

Provides a standard nomenclature for describing security-related software flaws

36
Q

Common Vulnerability Scoring System (CVSS)

A

Provides a standardized approach for measuring and describing the severity of security-related software flaws

37
Q

Extensible Configuration Checklist Description Format (XCCDF)

A

A language for specifying checklists and reporting checklist results

38
Q

Open Vulnerability and Assessment Language (OVAL)

A

A language for specifying low-level testing procedures used by checklists

39
Q

Race Condition

A

Vulnerability is a defect in code that creates an unstable quality in the operation of a program arising from timing variances produced by programming logic. Time of Check (TOC)/Time of Use (TOU) Attacks vulnerability attacks occur

40
Q

Dereferencing

A

Common flaw that occurs when software attempts to access a value stored in memory that does not exist. This type of error almost always leads to a crash unless caught by an error handler

41
Q

Data Retention

A

Deliberate preservation and protection of digital data in order to satisfy business or legal requirements

42
Q

Data Minimization

A

Principle that you can acquire and retain only the minimum amount of data required to satisfy the specific pupose for which the owner has authorized use of that data

43
Q

Output Encoding

A

Translates special characters into an equivalent but safe version before a target application or interpreter reads it. Helps to prevent XSS attacks by preventing special characters from being inserted that cause the target application to perform an action

44
Q

Data Classification

A

That describes the classification structure used by the organization and the process used to properly assign classifications to data