Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA CySA+ CS0-003 > Detection and Analysis > Flashcards

Detection and Analysis Flashcards

2nd Phase of Incident Response Plan

1
Q

Network-Related Indicators

A

Bandwidth

Beaconing

Irregular P2P communication

Rogue devices

Common protocols over nonstandard ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Host-Related Indicators

A

Capacity consumption

Unauthorized software

Whitelisting - modifying this list

Malicious processes

Memory contents

Unauthorized changes

File system

Unauthorized privileges

Data exfiltration

Registry changes

Unauthorized scheduled tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Application-Related Indicators

A

Anomalous activity

New accounts

Unexpected output

Unexpected outbound communication

Service interruption

Memory overflows

Application logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Evidence acquisitions

A

Chain of custody

Validating data integrity

Preservation

Legal hold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data and log analysis

A

SPLUNK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA CySA+ CS0-003 (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions