Domain 4.0: Operations and Incident Response Flashcards
___ command line tool that tests network connectivity. good troubleshooting tool for determining whether a route is available to a host
ping: test reachability–determine round trip time, uses Internet control message protocol (ICMP), primary troubleshooting tools
___ network scanning tool that is often used in security auditing
nmap: network mapper–learn more about network devices, identify open ports/port scan, OS scan, service scan (version, name, details), additional scripts like Nmap scripting engine (NSE) that extends capabilities and does vulnerability scans
____ shows network statistics, including the protocol, local address, foreign address, and connection
netstat: network statistics: OS, show active connections, show binaries, do not resolve names
____ is a network utility for gathering information from transport layer network connections
netcat: read or write to the network: open a port and send/receive traffic, lisen on port number, transfer data, scan ports and send data to a port, become a backdoor by running shell from a remote device
__ and ____ are troubleshooting tools that query DNS servers
dig (domain information groper)– more advanced domain information, nslookup–lookup info from DNS servers: canonical names, IP addresses, cache timers, etc.
___, ___ and __ are common command line tools for file display and manipulation
head (view first few lines of file: head -n[# of lines to show] [name of file]), tail (view last few lines of file, same format as head for command line), cat (combine file/files into another file: cat [file1.txt] [file2.txt] or cat [file1.txt] [file2.txt] > [both.txt]
python is a ____-purpose programming
general
___ is a packet analyzer tool to capture TCP/IP packets
tcpdmp (capture packets from command line, write packets to a file)
_____ is a command line shell and scripting interface for Microsoft windows environments
powershell
label 5 forensics tools
dd (create a bit by bit copy of a drive, create a disk image or restore from a disk image), Memdump (copy info in system memory to the standard output stream, memory dump, copy to another host across the network), WinHex (universal hexadecimal editor for Windows, edit disks, files, RAM, disk cloning, secure wipe), FTK Imager (drive imagining tool, supports for many different file systems and full disk encryption methods) and autopsy (digital forensics on hard drives, smartphones, extract many different data types)
_____ ____ can be placed inline or in between the devices from which you want to capture traffic
protocol analyzers
most common firewall config _____ include permissions for traffic to run from any source to any destination, unnecessary services running, weak authentication and log file negligence
errors
a ____ web content filter can either prevent legitimate content or allow prohibited content
misconfigured
____ authorization should be required before conducting vulnerability or penetration tests
written
____ ____ ____ includes preparation, identification, containment, eradication, recovery, and post-incident events such as lessons learned
incident response process
