BTL1

Question 1

What is AAA control methods?

Answer 1

AAA stands for Authentication, Authorization and Accountability. Which is an important security principle.

Question 2

What is ICMP and what is it used for?

Answer 2

Internet Control Message Protocol - is an internet layered protocol used by network devices to diagnose network communication issues.

Question 3

OSI reference model acronym for top to bottom

Answer 3

All People Seem To Need Data Processing

Question 4

OSI reference model acronym for bottom to top

Answer 4

Please Do Not Throw Sausage Pizza Away

Question 5

What is Dig and NSlookup?

Answer 5

These are command line tools, used to query DNS servers for information about a specific domain.

Question 6

What is Netstat?

Answer 6

This is a command-line tool that monitors the TCP and UDP connections on your host system.

Question 7

What is Nmap?

Answer 7

Network Mapper used for performing Network Discovery. It’s capable of revealing ports, discovering devices on a network, revealing running services, identifying operating systems, and many other functions.

Question 8

Ports - What are ‘well known ports’

Answer 8

These range from 0 to 1023 and are some of the most common ports

Question 9

Ports - Registered ports

Answer 9

Range from 1024 to 49151

Question 10

Ports - Private ports

Answer 10

Range from 49152 to 65535 - these are typically used for “ephemeral” ports.

Question 11

What is a risk?

Answer 11

A negative impact on practically anything i.e., business, financial, security, there are many areas where risk may reside

Question 12

What is a vulnerability?

Answer 12

A vulnerability is a weakness that can be exploited by a threat. Vulnerabilities can be managed whereas a threat cannot

Question 13

What is SMTP stand for and what port does it use?

Answer 13

Simple Message Transfer Protocol uses port 25.

Question 14

What is POP3 stand for

Answer 14

Post Office Protocol, which is an application layer protocol used by email clients.

Question 15

What is CKC (Cyber Kill Chain)

Answer 15

This is a framework developed by Lockheed Martin in 2011 and it is an intelligence defence model for the identification and prevention of cyber attacks.

Question 16

What is threat exposure checks?

Answer 16

A threat exposure check is when an analyst uses multiple tools such as SIEM and EDR to look for the presence of any indicators of compromise they have retrieved from intelligence vendors, information sharing partners, government alerts, or OSINT sources.

Question 17

What is attribution?

Answer 17

The process of identifying the source of a cyberattack, including the perpetrator’s identity, motives, and affiliations

Question 18

What is DFIR?

Answer 18

Digital Forensic Incident Response

Question 19

What are the steps in DFIR?

Answer 19

Identification, Preservation, Collection, Analysis and Reporting

Question 20

What if file carving?

Answer 20

File carving is a process of searching for files in a data stream and is used to carve deleted files from disk images.

Question 21

What is meta data

Answer 21

This is data about data, for example when you right click on a word documents and look at the properties/details tab.

Question 22

What is memory analysis?

Answer 22

Refers to the analysis of volatile data in a computer’s memory dump.

Question 23

What is Pagefile.sys?

Answer 23

This is when MS Windows OS stores data from RAM when it becomes full.

Question 24

What are hash values?

Answer 24

Unique fingerprints of a file or string.