Chapter 17 Flashcards
What stages in the incident management steps include a root cause analysis to determine the cause and recommend solutions to prevent a reoccurrence.
Remediation
Lessons Learned
What are common basic preventative measures to prevent incidents from occurring?
Keeping systems up to date
Removing/disabling unneeded protocols and services
Using IDS and IPS
Using anti malware
Enabling firewalls
What provide a list of approved software and prevent the installation of any other software not on the list.
Whitelists
What provide a list of unapproved software and prevent the installation of any software on the list.
Blacklists
What provides an isolated environment and prevents code running in a sandbox from interacting with elements outside of a sandbox.
Sandboxing
What is a collection of compromised computing devices (often called bots or zombies) organized in a network controlled by a criminal known as a bot herder.
Botnet
What attack employ an amplification network to send numerous response packets to a victim.
Smurf Attack
What is a system that typically has pseudo flaws and fake data to lure intruders.
Honeypot
What is two or more honeypots in a network.
Honeynet
What are the ways to block malicious code?
Anti malware software w/ up to date definitions installed
Employee education
Enforcing least privilege
How should log files be protected ?
Centrally storing them and using permissions to restrict access
What is a form of auditing that focuses on active review of the log file data.
Monitoring
What is a passive form of detective security control, and audit trails are essential evidence in criminals’ prosecution.
Audit Trails
What are the records created by recording information about events and occurrences into one or more databases or log files.
Audit Trails
How do you maintain accountability ?
Auditing
