Domain 4 Flashcards

1
Q

What commands display the route a packet takes to a destination, recording the number of hops along the way
These are excellent tools to use to see where a packet may get hung up during transmission

A

tracert and trace-route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If you want to query a DNS server, you can use this command on Windows or this command on Linux .you can Query for individual DNS record

A

nslookup/dig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To obtain the network information about a host, you can use this command on Windows or the same command on Linux

A

ipconfig/ifconfig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an open-source security scanner You can use it to scan hosts for vulnerabilities, scan for open ports, or fingerprint remote hosts to find out which operating systems they run
This tool is very useful for analyzing an environment

A

Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This command is used to test connectivity between systems
This command is a multi-platform utility, originally written for UNIX, that uses ICMP to communicate with remote hosts

A

ping/pathping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

is a TCP/IP packet creation tool that allows a user to craft raw IP, TCP, UDP, and ICMP packets from scratchThis tool provides a means of performing a wide range of network operations; anything that you can do with those protocols can be crafted into a packet

A

Hping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The ____ command enables you to look at the current network communications on a host You can use it to look for listening Ports and established connections

A

Netsat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the network utility designed for Linux environments. What is a network tool that can be used to perform network troubleshooting, explore networks or scan for open ports

A

Netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What scan IP networks and can report on the status of IP addresses
There are a wide range of free and commercial scanning tools

A

IP scanners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The ___ command is used to display the ____ table on a host

It can also be used to delete ARB entries in a table

A

Arp

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What command works in Linux and Windows systems to provide information on current routing parameters and to manipulate these parametersIn addition to listing the current routing table, it has the ability to modify the table

A

Route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a tool designed to transfer data to or from a server, without user interaction
It works on both Linux and Windows systems

A

Curl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Python-based program designed to assist penetration testers in the gathering of information during the reconnaissance portion of a penetration test This is a useful tool for exploring what is publicly available about your organization on the Web

A

theHarvester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Linux-based tool used by penetration testers. What is the automated scanner designed to collect a large amount of information while scanning for vulnerabilities

A

Sn1per

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a command-line utility to interface with websites that can perform port scans as part of a penetration testWhen you use this tool, the source IP address for the scan is the website, not your testing machine

A

Scanless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Perl script designed to enumerate DNS information. This will enumerate DNS entries, including subdomains, MX records, and IP addresses
DNS enumeration can be used to collect information such as user names and IP addresses of targeted systems

A

Dnsenum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is one of the leading vulnerability scanners in the marketplaceIt comes in a free version, with limited IP address capability, and fully functional commercial versions. What is designed to perform a wide range of testing on a system

A

Nessus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a sandbox used for malware analysis. What is designed to allow a means of testing a suspicious file and determining what it does It is open source, free software that can run on Linux and Windows

A

Cuckoo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a utility designed to return the first lines of a file. A common option is the number of lines one wishes to return

A

Head

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a utility designed to return the last lines of a file
A common option is the number of lines one wishes to return

A

Tail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a Linux command, short for concatenate, that can be used to create and manipulate files

A

Cat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a Linux utility that can perform pattern-matching searches on file contents

A

Grep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the Linux command used to change access permissions of a file
The general form of the command ischmod<options> <permissions> <filename></filename></permissions></options>

A

Chmod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The Linux command loggeris how you can add log file information to /var/log/syslog
The ______ command works from the command line, from scripts, or from other files, thus providing a versatile means of making log entries

A

Logger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a cryptographically secured means of communicating and managing a network
This uses port 22 and is the secure replacement for Telnet

A

SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a Microsoft Windows-based task automation and configuration management framework, consisting of a command-line shell and scripting language. This is a powerful command-line scripting interface. These files use the .ps1 file extension

A

PowerShell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

This is a computer language commonly used for scripting and data analysis tasks facing system administrators and security personnel
This is a general-purpose computer programming language that uses the file extension

A

Python

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a general-purpose cryptography library that offers a wide range of cryptographic functions on Windows and Linux systems
Designed to be a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, it provides so much more for real-world daily challenges

A

OpenSLL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the name for both a tool and a suite of tools
As a suite, this is a group of free, open source utilities for editing and replaying previously captured network trafficAs a tool, it specifically replays a PCAP file on a network

A

Tcpreplay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

This utility is designed to analyze network packets either from a network connection or a recorded fileYou also can use this to create files of packet captures, called PCAP files, and perform filtering between input and output, making it a valuable tool to lessen data loads on other tools

A

Tcpdump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Whatis the gold standard for graphical analysis of network protocol
lsWith dissectors that allow the analysis of virtually any network protocol, this tool can allow you toexamine individual packets, monitor conversations, carve out files, and more

A

Wireshark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the use of specific methods to determine who did what on a system at a specific time, or some variant of this question Computers have a wide range of artifacts that can be analyzed to make these determinations

A

Forensics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is a Linux command-line utility used to convert and copy files
On Linux systems, virtually everything is represented in storage as a file, and this can read and/or write from/to these files, provided that function is implemented in the respective drivers

A

Data Dump dd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

This program dumps system memory to the standard output stream, skipping over any holes in memory maps
By default, the program dumps the contents of physical memory (/dev/mem). The output from this is in the form of a raw dump

A

Memedump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is a hexadecimal file editor
This tool is very useful in forensically investigating files, and can examine specific application files without invoking the application and changing the data

A

WinHex

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is the company AccessData’s answer to dd. This is a commercial program, free for use, and is designed to capture an image of a hard drive (or other device) in a forensic fashion

A

FTK imager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

This is the open source answer for digital forensic tool suites
It runs on Windows and offers a comprehensive set of tools that can enable network-basedcollaboration and automated, intuitive workflows

A

Autopsy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What are toolsets designed to assist hackers in the tasks associated with exploiting vulnerabilities in a system
These frameworks are important because the exploitation path typically involves multiple steps, all done in precise order on a system to gain meaningful effect

A

Exploitation frameworks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is a tool that tries to obtain access credentials without authorization. These work using dictionary lists and brute force

A

password cracker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

These tools are tools used to destroy, purge, or otherwise identify for destruction specific types of data on systems
Before a system can be retired and disposed of, you need to sanitize the data needs

A

Data sanitization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

This the describes the steps an organization performs in response to any situation determined to be abnormal in the operation of a computer system or network

A

Incident response plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the set of actions security personnel perform in response to a wide range of triggering events

1.Preparation2.Identification3.Containment4.Eradication5.Recovery6.Lessons learned

A

Incident response process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What the phase of incident response that occurs before a specific incident
This includes all the tasks needed to be organized and ready to respond to an incident

A

Preparation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the process where a team member suspects that a problem is bigger than an isolated incident and notifies the incident response team for further investigationA
n incident is defined as a situation that departs from normal, routine operations

A

Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is the set of actions taken to constrain the incident to a minimal number of machines
This preserves as much of production as possible and ultimately makes handling the incident easier

A

Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What involves removing the problem, and in today’s complex system environment, this may mean rebuilding a clean machine
A key part of operational eradication is the prevention of reinfection

A

Eradication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is the process of returning the asset into the business function and restoring normal business operationsThe recovery process includes the steps necessary to return the system and applications to operational status

A

Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What phase serves two distinct purposes
The first is to document what went wrong and allowed the incident to occur in the first place
The second is to examine the incident response process itself

A

Lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What exercise is one that is designed for the participants to walk through all the steps of a process, ensuring all elements are covered and that the plan does not forget a key dataset or personThis is typically a fairly high-levelreview, designed to uncover missing or poorly covered elements

A

tabletop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

How do you examine the actual steps that take place associated with a process, procedure, or event
What are in essence a second set of eyes, where one party either explains or demonstrates the steps to perform a task while a second person observes

A

Walkthroughs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

what is an approximation ofthe operation of a process or system that is designed to represent the actual system operations over a period of timeThe simulation can be used in place of systems or elements that are not practical to replicate during an exercise

A

Simulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What framework is a knowledgebase of various real-world observations and attack techniquesIt is often used by organizations for threat modeling

A

MITRE ATT&CK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is a cognitive model used by the threat intelligence community to describe a specific event
The Diamond Model enables intrusion analysis by placing malicious activity at four points of the diamond: adversary, infrastructure, capability, and victim

A

The Diamond Model of Intrusion Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Developed by Lockheed Martin, what is is a framework used to defend against the chain of events an attacker takes, from the beginning of an attack to the end of an attackThis model has a series of distinct steps that an attacker usesduring a cyberattack—from the early reconnaissance stages to the exfiltration of data

A

Cyber Kill Chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is Having a management process, including defined personnel roles and responsibilities, is essential for the management of the stakeholders and their relationships during incidents

A

Stakeholder management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

as part of the incident response effort that answers the preceding questions and defines responsibilities for communication is a key element to be developed during the preparation phase

A

communication plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is critical for effective disaster recovery efforts. This defines the data and resources necessary and the steps required to restore critical organizational processes

A

A disaster recovery plan

58
Q

What is a long-term strategy to ensure the business will continue to operate (critical business functions/services) before, during, and after a disaster is experienced
The focus of this is the continued operation of the essential elements of the business or organization

A

Business continuity planBCP

59
Q

What is designed in order to maintain operations during a disasterThe overall goal of this is to determine which subset of normal operations needs to be continued during periods of disruption

A

Continuity of operations planning (COOP)Continuity of Operations Plan (COOP)

60
Q

What is composed of the personnel who are designated to respond to an incident
The incident response plan should identify the membership and backup members, prior to an incident occurring

A

The cyber incident response team (CIRT)

61
Q

Which Data retention is the storage of data records
One of the first steps in understanding data retention in an organization is the determination of what records require storage and for how long

A

Retention policies

62
Q

A vulnerability report provides you information on what is visible on your network, authorized or not

A

Vulnerability scan output

63
Q

What allows you to identify, visualize, and monitor trends via alerts within a dashboard view

A

SIEM dashboards

(security information and event management)

64
Q

What are the devices that provide security data that is important for investigators
Sensor placement begins with defining collection objectives

A

Sensors

65
Q

What is the quality of being quick to detect or respond to slight changes, signals, or influencesAs the purpose of a SIEM system is to alert operators to changes that indicate significant events, sensitivity to those events is important

A

Sensitivity

66
Q

What are a series of data points that indicate a change over time. They can be increasing, decreasing, cyclical, or related to variability What is important is that this indicates some form of change

A

Trends

67
Q

What is the primary method of communication between the SIEM system and operators
When conditions meet the rule requirements, the SIEM system can send this

A

Alerts

68
Q

This is the process of establishing a relationship between two variables
SIEM event ________ logs are extremely useful because they can be used to identify malicious activity across a plethora of network devices and programs

A

Correlation

69
Q

What are a primary source of information during an investigation Software can record in this in a wide range of information as it is operating

A

Log files

70
Q

What are filled with equipment that can provide valuable log information
Firewalls, routers, load balancers, and switches can provide a wealth of information as to what is happening on the network

A

Network

71
Q

These logs can provide a very detailed history of what actions were performed on a system
Login records that indicate failed logins can be important, but so can entries that show login success

A

System

72
Q

What logs are generated by the applications themselves as they runSome applications provide extensive logging; others minimal or even no logging

A

Application

73
Q

What logs are logs kept by the OS for metadata associated with security operations
The driving force for what needs to be recorded is the system’s audit policy, a statement about what records need to be

A

Security

74
Q

What servers respond to specific, formatted requests for resources with responses, whether in the form of a web page or an error and all of this activity can be logged

A

Web

75
Q

What logs, when enabled, can contain a record for every query and responseThis can be a treasure trove of information for an investigator because it can reveal malware calling out to its command-and-control server, or data transfers to non-company locations

A

DNS

76
Q

What logs contain information about successful and failed authentication attempts
The most common source of authentication log information comes from the system’s security logs, but additional sources exist as well

A

Authentication

77
Q

What are copies of what was in memory at a point in time—typically a point when some failure occurred
Dump files can be created by the operating system (OS) when the OS crashes, and these files can be analyzed to determine the cause of the crash

A

Dump files

78
Q

What call manager applications enable a wide range of audio and video communication services over the Internet
These systems can log a variety of data, including call information such as the number called (to and from), time of the call, and duration of the call

A

VoIP and call managers

79
Q

What is a text-based protocol used for signaling voice, video, and messaging applications over IPSIP provides information for initiating, maintaining, and terminating real-time sessions

A

Session Initiation Protocol (SIP)

80
Q

What stands for System Logging Protocol and is a standard protocol used in Linux systems to send system log or event messages to a specific server, called a syslog server

A

Syslogs

81
Q

What is the command that is used to view logs created through through the systemd-journald serviceWhen systemd creates log files, it does so through the systemd- service

A

Journald

82
Q

How do both extend the original syslog standard by adding capabilities such as content filtering, log enrichment, and correlation of data elements into higher-level events

A

Rsyslog and syslog-ng

83
Q

What is a multiplatform log management tool designed to assist in the use of log data during investigations
This tool suite is capable of handling syslog-type data as well as other log formats

A

NXLog

84
Q

What are utilities designed to measure network bandwidth utilization over time
Bandwidth monitors can provide information as to how much bandwidth is being utilized, by service type, and how much remains

A

Bandwidth monitors

85
Q

What data about data
A file entry on a storage system has the file contents plus metadata, including the filename, creation, access, and update timestamps, size, and moreDigital contains metadata, and correlating metadata is a part of almost every investigation

A

Metadata

86
Q

How is metadata is in the header of the e-mail and includes routing information, the sender, receiver, timestamps, subject, and other information associated with the delivery of the message
E-mail header data can be important in investigations

A

Email

87
Q

What devices generate, store, and transmit metadataCommon fields include when a call or text was made, whether it was an incoming or outgoing transmission, the duration of the call or the text message’s length (in characters), and the phone numbers of the senders and recipients

A

Mobile

88
Q

What browsers store different metadata covering what pages were accessed and whenBrowser metadata is a commonly used source of forensic information, because entries of what and when a browser has accessed data can be important

A

Web

89
Q

What metadata comes in two flavors: system and applicationThe file system uses metadata to keep track of the filename as well as the timestamps associated with last access, creation, and last write

A

File

90
Q

What is a proprietary standard from CiscoFlow data is generated by the network devices themselves, including routers and switches

A

NetFlow

91
Q

Both NetFlow and sFlowcollect packets from routers and switches
This is used primarily for traffic management

A

sFlow

92
Q

What is a protocol that’s the answer to the proprietary Cisco NetFlow standard
what is based on NetFlow version 9 and is highly configurable using a series of templates

A

IPFIXInternet Protocol Flow Information Export (IPFIX)

93
Q

(also known as a packet sniffer, network analyzer, or network sniffer) is a piece of software or an integrated software/hardware system that can capture and decode network traffic

A

Protocol analyzer

94
Q

This application approved list consists of a list of allowed applications
If an application is not on the allowed list, it is blocked

A

Application approved

95
Q

What use of an application block or deny list is essentially noting which applications should not be allowed to run on the machine
This is basically a permanent “ignore” or “call block” type of capability

A

Application blocklist/deny list

96
Q

What is item is to render it disabled but not permanently removed from the system
There are a variety of mechanisms to do this, but the end result is the same: a quarantine option gives the user the opportunity to undo the disablement

A

Quarantine

97
Q

Protecting a system from configuration changes is essential to secure the system in the specific configuration that the implementation intended

A

Configuration changes

98
Q

What have directionality; there are inbound and outbound rules. Inbound rules protect a machine from incoming traffic Outbound rules can also protect against sending data (including requests) to unauthorized or dangerous places

A

Firewall rules

99
Q

What is a collective set of commonly employed protection elements associated with mobile devices

A

Mobile device management (MDM)

100
Q

What refers to technology employed to detect and prevent transfers of data across an enterprise
Employed at key locations, DLP technology can scan packets for specific data patterns

A

Data loss prevention (DLP)

101
Q

What are used to limit specific types of content across the Web to users
A common use is to block sites that are not work related, and to limit items such as Google searches and other methods of accessing content determined to be inappropriate

A

Content filter/URL filter

102
Q

What Certificates remain valid for a specific duration of time
When a certificate is about to expire, it should be renewed if needed

A

Update or revoke certificates

103
Q

What is the use of networking protocols and resultant connectivity to limit access to different parts of a networkThis limit can be partial or it can be complete, as offered by an air gap, and this method of separation is used to enforce different trust boundaries

A

Isolation

104
Q

What the act of performing specific actions that limit the damage potential of an incident, keeping the damage limited, and preventing further damage

A

Authentications

105
Q

What applies to networking security, is a broad term
VLANs, firewalls, and even storage segmentation and containerization can be used for segmentation purposes

A

Segmentation

106
Q

What systems are extremely valuable when it comes to incident mitigation of severe threats because they can automate data gathering and initiate threat response

A

SOAR

107
Q

What consists of a series of action-based conditional steps to perform specific actions associated with security automation
A runbook typically focuses on technical aspects of computer systems or network

A

Runbooks

108
Q

What is a set of approved steps and actions required to successfully respond to a specific incident or threat this is more comprehensive than a runbook and has more of a people/general business focus

A

Playbooks

109
Q

What legal hold is the process by which you properly preserve any and alldigital evidence related to a potential case
Once an organization receives this notice, it is required to maintain a complete set of unaltered data, including metadata, of any and allinformation related to the issue causing the legal hold

A

Legal hold

110
Q

What allow high-bandwidth data collection that can show what was connected to what, how things were laid out, desktops, and so forth

A

Video

111
Q

AdmissibilityFor evidence to be credible, especially if it will be used in court proceedings or in corporate disciplinary actions that could be challenged legally, it must meet three standards:

•________ evidence - The evidence must be convincing or measure up without question
•________ evidence - The evidence must be legally qualified and reliable
•________evidence The evidence must be material to the case or have a bearing on the matter at hand

A

Admissibility
1. Sufficient 2. Competent evidence. 3. Relevant evidence

112
Q

What shows who obtained the evidence, when and where it was obtained, where it was stored, and who had control or possession of the evidence for the entire time since the evidence was obtained

A

Chain of custody

113
Q

What events refers to the specifics, including the metadata to document it, demonstrating the sequence of events as recorded by the computer The sequence can be very important because it provides key clues as to what actually happened, even when there is not a direct artifact

A

Timelines of sequence

114
Q

What are metadata entries associated with artifacts in a computer systemWhile a log entry may have a this, some items can have multiple of this, stored in multiple locations

A

Time Stamps

115
Q

What is the difference in time between the system clock and the actual time
Computers keep their own internal time, but to minimize record time offset, most computers sync their time over the Internet with an official time source

A

Time offset

116
Q

What Physical serialized tags are attached to each evidence item, and the tag number is used to identify a specific itemFrequently the evidence items are then stored in anti-static bags to protect them from damage

A

Tags

117
Q

What are the official descriptions of the forensic data
Reports can have a variety of elements—from pure descriptive information, such as machine/device identifiers (make, model and serial number), to information on the data, including size and hash values

A

Report

118
Q

When you have an idea of what information you will want to be able to examine, you can make an active logging plan that ensures the information is logged when it occurs

A

Event logs

119
Q

What witness preparation can be critical in a case, even for technical experts

A

Interviews

120
Q

What refers to the collection of information that may be evidence in an investigation
Evidence consists of the documents, verbal statements, and material objects admissible in a court of law

A

Acquisition

121
Q

Following is the order of volatility of digital information in a system:
1.CPU, cache, and register contents (collect first)
2.Routing tables, ARP cache, process tables, kernel statistics
3.Live network connections and data flows
4.Memory (RAM)
5.Temporary file system/swap space
6.Data on hard disk
7.Remotely logged data
8.Data stored on archival media/backups (collect last

A

Order of volatility

122
Q

What physical hard disk drive (HDD) will persist data longer than a solid state drive (SSD)Some of the key elements are the use of write blockers when making forensic copies and protecting media from environmental change factors

A

Disk

123
Q

What is the working memory of the computer that handles the current data and programs being processed by the CPU
This memory, once limited to a single megabyte, now commonly consists of 4 GB or more

A

Random-access memory (RAM)

124
Q

The swapor pagefileis a structure on a system’s disk to provide temporary storage for memory needs that exceed a system’s RAM capacity
The operating system has provisions to manage the RAM and pagefile, keeping in RAM what is immediately needed and moving excess to the pagefile when RAM is full

A

Swap/pagefile

125
Q

What is the source of many forensic artifacts, most of which are created to enhance system responsiveness to user requests
The two major OSs, Microsoft Windows and Linux, perform basically the same tasks: they enable applications to perform on a system

A

OS

126
Q

One of the most common acquisitions is USB storage devices These are used to transport files between machines and are common in any case where the removal of information is suspected

A

Device

127
Q

What is a set of software that is associated with a physical device. It can be of interest in a forensics investigation when the malfunctioning of a device is an issue, as malware has targeted the firmware

A

Firmware

128
Q

This, as you can easily guess, is a picture of a particular moment in timeSnapshots are common in virtual machines, providing a point in time to which the machine can be recovered

A

Snapshot

129
Q

What are temporary storage locations for commonly used items and are designed to speed up processing. They exist all over in computer systems and are performance-enhancing items

A

Cache

130
Q

There can be a lot of useful information in the logs associated with network infrastructure
The level and breadth of this information is determined by the scope of the investigation

A

Network

131
Q

What the key element in modern digital forensics. Most of the items used to demonstrate a specific action as occurring fall into one of two categories: metadata or OS

A

Artifacts

132
Q

The issues associated with on with respect to forensics is one dominated by access

A

Premises Vs Cloud

133
Q

What clause is critical requirement of any service level agreement, and its specificity needs to match the operational and regulatory scope of the cloud engagemen

A

Right-to-audit clauses

134
Q

Whether on premises or in the cloud, there will be cases where regulatory or law enforcement actions raise jurisdictional issuesIt is important to consult with the company’s legal counsel to understand the ramifications of data location with respect to forensics and subsequent data use

A

Regulatory/jurisdiction

135
Q

Many forensic investigations are related to the theft of intellectual property, and many times that is also a breach of data protected under privacy laws

A

Data breach notification laws

136
Q

If a subsequent hash created on the same data stream results in a different hash value, it usually means that the data stream was changed

A

Hashing

137
Q

A value is a small piece of data derived from the data being protectedThe primary purpose of this is to validate the authenticity of data (for example, that it hasn’t changed)

A

Checksums

138
Q

What is a reference to the origin of data. In the case of digital forensics, it is not enough to present a specific data element as “proof ”; one must also show where it came from

A

Provenance

139
Q

What is the term used for the document and data production requirements as part of legal discovery in civil litigation

A

E-discovery

140
Q

What is a digital forensics sense is associated with determining the relevant information for the issue at hand—simply stated, recover the evidence associated with an act

A

Data Recovery

141
Q

What is a characteristic that refers to the inability to deny an action has taken place
This can be a very important issue in transactions via computers that involve money or things of value

A

Non-Repudiation

142
Q

What is gathering is the use of all resources to make determinationsThis can make a large difference in whether or not a firm is prepared for threats

A

Strategic intelligence/counterintelligence