Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CYSA+ > Chapter 6 Analyzing Symptoms for Incident Response > Flashcards

Chapter 6 Analyzing Symptoms for Incident Response Flashcards

1
Q

Tool developed to monitor LANs and operates at layers 1- 4 of the network stack
Operates a client-server model and uses monitoring devices (probes) to gather data

A

RMON

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Gathers data about availability, routes, packets delay or loss, and bandwidth

A

Active monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A tool that measures the maximum bandwidth that an IP network can handle

A

iPerf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • Relies on capturing information about the network as traffic passes a location on a network link
  • ie network monitoring device connects to a span port on a switch meaning a copy of all traffic on the network is sent to this network monitoring device
A

Passive monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tool that combines four types of monitoring to provide a more accurate picture of bandwidth utilization

A

PRTG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What types of monitoring is utilized by PRTG ?

A
  1. Packet Sniffing
  2. Flows
  3. SNMP
  4. WMI
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Only monitors the headers of packets this is to determine what type of traffic is being sent
  • An encrypted session may not reveal much
A

Packet Sniffing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data that is sent with information about all connections or sample dataset

A

Flows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A protocol that allows network devices to send information about important events

A

SNMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Provides an interface that allows script and application access for automation of administrative tasks, as well as a means of assessing management data for the operating system, and can provide reports to tools like system center operations manager for window systems

A

WMI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An open source tool that uses SNMP polling to poll network devices for status information and provides graphical views of network and device status

A

Cacti

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • Activity sent to a control and command system as part of a botnet or malware remote control system and is typically sent as either HTTP or HTTPS
  • Can request commands, provide status, download additional malware, or perform other actions.
A

Beaconing activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Attacks that come from many systems or networks at the same time

A

Distributed denial-of-service (DDOS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Program doesn’t release memory after it no longer needs it
  • Over time the application will consume more and more memory until the application fails or the OS runs out of available memory
A

Memory leaks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Provides an easy visibility into the CPU, memory, disc, and network utilization for a system

A

Resource monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Provides much more detailed information, with counters ranging from energy usage to disk and network activity

A

Performance monitor

17
Q
  • Provides information about CPU and memory utilization, the time that the process was started, and how long it has run, as well as the command that started each process
  • Linux command
A

ps

18
Q
  • Provides CPU utilization under CPU stats and also shows memory usage as well as other details about processes
  • Linux command
A

top

19
Q
  • Displays a report of the system’s disk usage, with various flags providing additional details or formatting
  • Linux command
A

df

20
Q
  • Shows which accounts are logged in
  • May be useful when determining who may be running a process
  • Linux command
A

w

21
Q
  • Can validate the access that a specific user or group has to objects like files, registry keys, and services
  • Part of Sysinternals
A

AccessChk

22
Q

Command used to check services on a Linux system

A

Service command

23
Q
  • Activity that does not match the applications typical behavior, is often the first indicator of an attack or compromise
  • Log analysis, behavior baselines and file integrity checking can all help detect this behavior
A

Anomalous activity

24
Q

This particularly with administrative rights is often a sign of a compromise

A

New accounts

25
Q
  • Can take many forms, from improper output or garbled data to errors and other signs have an underlying application issue
  • Server-based applications that provide file or API output
A

Unexpected Behavior

26
Q

Examples include beaconing, and outbound file transfers

A

Unexpected outbound communication

27
Q

Can indicate a simple application problem that requires a service or server restart that can also indicate a security issue like a DDOS attack or a compromised application

A

Service interruption

28
Q
  • May result in operating system errors in crashes making a crash dump reporting important
  • Logging reboots and service restart can help but may not detect a properly executed attacks
A

Memory overflows

CYSA+ (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions