BTL1 Flashcards
What is AAA control methods?
AAA stands for Authentication, Authorization and Accountability. Which is an important security principle.
What is ICMP and what is it used for?
Internet Control Message Protocol - is an internet layered protocol used by network devices to diagnose network communication issues.
OSI reference model acronym for top to bottom
All People Seem To Need Data Processing
OSI reference model acronym for bottom to top
Please Do Not Throw Sausage Pizza Away
What is Dig and NSlookup?
These are command line tools, used to query DNS servers for information about a specific domain.
What is Netstat?
This is a command-line tool that monitors the TCP and UDP connections on your host system.
What is Nmap?
Network Mapper used for performing Network Discovery. It’s capable of revealing ports, discovering devices on a network, revealing running services, identifying operating systems, and many other functions.
Ports - What are ‘well known ports’
These range from 0 to 1023 and are some of the most common ports
Ports - Registered ports
Range from 1024 to 49151
Ports - Private ports
Range from 49152 to 65535 - these are typically used for “ephemeral” ports.
What is a risk?
A negative impact on practically anything i.e., business, financial, security, there are many areas where risk may reside
What is a vulnerability?
A vulnerability is a weakness that can be exploited by a threat. Vulnerabilities can be managed whereas a threat cannot
What is SMTP stand for and what port does it use?
Simple Message Transfer Protocol uses port 25.
What is POP3 stand for
Post Office Protocol, which is an application layer protocol used by email clients.
What is CKC (Cyber Kill Chain)
This is a framework developed by Lockheed Martin in 2011 and it is an intelligence defence model for the identification and prevention of cyber attacks.
What is threat exposure checks?
A threat exposure check is when an analyst uses multiple tools such as SIEM and EDR to look for the presence of any indicators of compromise they have retrieved from intelligence vendors, information sharing partners, government alerts, or OSINT sources.
What is attribution?
The process of identifying the source of a cyberattack, including the perpetrator’s identity, motives, and affiliations
What is DFIR?
Digital Forensic Incident Response
What are the steps in DFIR?
Identification, Preservation, Collection, Analysis and Reporting
What if file carving?
File carving is a process of searching for files in a data stream and is used to carve deleted files from disk images.
What is meta data
This is data about data, for example when you right click on a word documents and look at the properties/details tab.
What is memory analysis?
Refers to the analysis of volatile data in a computer’s memory dump.
What is Pagefile.sys?
This is when MS Windows OS stores data from RAM when it becomes full.
What are hash values?
Unique fingerprints of a file or string.