Final Tuning

Question 1

What can cause nmap to not see hosts?

Answer 1

If it is not running services, or if it has a firewall that prevents responses

Question 2

BIA

Answer 2

Business Impact Assessment

Question 3

SLA

Answer 3

Service Level Agreement

Question 4

BPA

Answer 4

Business Partner Agreements

Question 5

MOU

Answer 5

Memorandum of Understanding

Question 6

After running Scalpel what should you do?

Answer 6

Review the contents of the scalpelout folder

Question 7

What scans should you use to understand what information is available to a potential external attacker about the system as well as what damage they may be able to cause on a web application server for public access?

Answer 7

Web application vulnerability scans, external network scans, port scans.

An internal network scan would provide an insider’s perspective so would not provide the data needed

Question 8

ITIL

Answer 8

Provides guidance on best practices for implementing IT service management

Question 9

ISO

Answer 9

Provides high level standards for a wide variety of business and manufacturing processes

Question 10

COBIT

Answer 10

Provides control objectives for IT governance

Question 11

PCI DSS

Answer 11

Provides security standards for handling credit card information

Question 12

strings command

Answer 12

Prints strings of printable characters in a file

Question 13

The sudoers file, output of groups command, and the stat command can all provide ___

Answer 13

Useful info about user or file permissions

Question 14

Heuristic detection rules on an IPS are a valid way to ____

Answer 14

Prevent port scans

Question 15

NIST functional impact- Medium

Answer 15

Loss of ability to provide a critical service to a subset of system users

Question 16

NIST functional impact- High

Answer 16

Entire network goes down

Question 17

NIST functional impact- Low

Answer 17

Single switch down or network slows down

Question 18

NIST Tier 3 Risk Management Program

Answer 18

Repeatable
There is an organization wide approach to managing cyber risk

Question 19

NIST Tier 4 risk management program

Answer 19

Adaptive
Organization wide approach to managing cyber risk that uses risk-informed policies, processes, and procedures to address potential cyber security events

Question 20

Method to wipe all of an SSD

Answer 20

ATA secure erase command

Question 21

Degaussing is used for ____

Answer 21

Magnetic media such as tapes, not effective on SSDs

Question 22

After identifying a compromised system, you determine that the system is beaconing to a group of fast flux DNS entries. What technique can you use to identify other infected hosts?

Answer 22

Log DNS queries to identify compromised systems

Question 23

/etc/shadow

Answer 23

Contains password hashes

Question 24

Where on a Windows system can you look for evidence that files were deleted?

Answer 24

Windows Registry
MFT
INDX files