Domain 4.0: Operations and Incident Response Flashcards
ping
Command-line that tests network connectivity.
nmap
network scanning tool often used in security audit
netstat
Shows network statistics including protocol, source and destination addresses, and connection state.
netcat
Network utility for gathering information from transport layer network connections
dig and nslookup
Troubleshooting tool that query DNS servers
What are common command line tools for file display and manipluation?
Head, Tail and Cat
Python
General-purpose programming
TCP
Packet analyzer tool that captures TCP/IP packets
PowerShell
Command-line shell and scripting interface for MS Windows environments
What are examples of forensic tools?
dd, memdump, WinHex, FTK Imager and Autopsy
Where can protocol analyzers be placed in network?
- Placed incline
- In between the devices which you want to capture traffic.
What are some of most common firewall configuration errors?
Permission for traffic to run from any source to any destination
Unnecessary services running
Weak authentication
Log file negligence
What problems can misconfigured web content filter can cause?
- Prevent legitimate content
- Allow prohibited content
What should happen before conducting vulnerability or penetration tests?
Written authorization should be required
Incident Response plans should include details related to what?
- Incident categorization
- Preparation
- Role
- Responsibilities
- Reporting requirements
- Escalation procedures
- Details on cyber incident response and training exercises