1. Preparation and Planning 2. Detection and Analysis 3. Containment Eradication and Recovery 4. Post-Incident Activity

1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned

Exam Review Flashcards by Jose N FESTIN

What is the process for APT groups.

OSNT, External Takeover, Privilege Escalation, Lateral Movement+Internal Takeover, Hiding+info Theft

How well did you know this?

Not at all

Perfectly

1st Step for Network Forensic investigation

Check for malware signatures

How well did you know this?

Not at all

Perfectly

What method to test in Real Time

Dynamic Analysis

How well did you know this?

Not at all

Perfectly

Tool for Checking Network connections

Netstat

How well did you know this?

Not at all

Perfectly

Popup website to offer malware fix

Scareware

How well did you know this?

Not at all

Perfectly

Threat Hunting

Proactively looking for undetected Cyber threats hiding in a network.

How well did you know this?

Not at all

Perfectly

Threat Intelligence

Gathering threat info

How well did you know this?

Not at all

Perfectly

Logs

Store records of potentially important events

How well did you know this?

Not at all

Perfectly

Check site history

DNS Cache, ipconfig /displaydns

How well did you know this?

Not at all

Perfectly

Proof of data origin

Non-Repudiation

How well did you know this?

Not at all

Perfectly

monitor user during incidents

Accountability

How well did you know this?

Not at all

Perfectly

NIST IR

Preparation and Planning
Detection and Analysis
Containment Eradication and Recovery
Post-Incident Activity

How well did you know this?

Not at all

Perfectly

SANS IR = PICERL

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

Exam Review Flashcards

Brainscape's Knowledge Genome^TM