Developing Incident Response Capabilities Flashcards
A software developer wants to use a common framework for Java development. What could the software developer use?
Apache Struts
Apache Struts is a popular framework used to develop Java web applications. It was also associated with well-known vulnerabilities that targeted those types of applications.
An incident responder is setting up an incident response plan (IRP). What could best help the incident responder establish a policy?
NIST 800-61
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, “Computer Security Incident Handling Guide,” helps with incident response.
An incident handler needs to perform hashing during an incident. What tool could the handler use?
ssdeep
Commonly used by antivirus programs, ssdeep is designed to compare files to identify matches. This is useful to identify functionally identical files that may be able to morph or obfuscate themselves.
A forensic analyst is creating a copy of evidence. This is a part of which stage of the forensics process?
Analysis
During the analysis stage, the forensic analyst creates a copy of evidence for analysis, ensuring that the copy can be related directly to the primary evidence source. The system verifies the integrity of evidence copies by generating hashes on a recurring basis.
A forensics analyst is attempting to read file metadata during the course of an investigation. Which tool could they use?
Exiftool
Exiftool is a utility designed to read and write file metadata for many file formats.
A forensics analyst is conducting memory analysis for a police investigation. Which tool could the analyst use?
Volatility
Volatility can explore the contents of a memory dump and reveal information, such as running processes, open sockets, passwords, the contents of the clipboard, and other items contained within memory.
A web administrator is looking at attacks where malicious script is inserted directly into an at-risk/vulnerable web application. What type of attack is this?
Stored XSS
A stored cross-site scripting (XSS) attack occurs when malicious script is directly inserted into an at-risk web application.
A forensics expert is performing file carving during an investigation. Which tool could the forensics expert use?
Foremost
Foremost is a Linux-based forensic data recovery utility that uses file carving techniques to extract deleted or corrupted data from a disk partition.
Foremost is a Linux-based forensic data recovery utility that uses file carving techniques to extract deleted or corrupted data from a disk partition.
ASLR
Address space layout randomization (ASLR) makes it difficult for buffer overflow attacks to locate the area of memory needed to successfully perform an exploit.
A Flash developer has developed a web application that uses something similar to XML. What should the developer use to communicate the markup text type?
REST
JavaScript Object Notation (JSON) and Representational State Transfer (REST) is a text format used to store and transmit data. JSON is similar to XML, although simpler to understand in many aspects.
