Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ > Incident Response > Flashcards

Incident Response Flashcards

1
Q

What is incident response?

A

A set of procedures that an investigator follows when examining a computer security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an Incident Management Program?

A

Program consisting of the monitoring and detection of security events on a computer network and the execution of proper responses to those security events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 6 steps of incident response, in logical order?

A
  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons Learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a CSIRT team?

A

A computer security incident response team.

A computer security incident response team, or CSIRT, is a group of IT professionals that provides an organization with services and support surrounding the assessment, management and prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts.

The main goal of a CSIRT is to respond to computer security incidents quickly and efficiently, thus regaining control and minimizing damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a SOC?

A

A “Security Operations Centre”

A security operations center (SOC) is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is “Out-of-band communication”?

A

Communication between people or devices that are outside of the normal primary channels of communication.

Important to avoid threat actors intercepting and actioning on this communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is syslog / rsyslog / syslog-ng used for?

A

The logging of data from different types of systems to a central repository.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is journalctl?

A

journalctl is a Linux command line utility used for querying and displaying logs from the journald, the systemd logging service on Linux.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is nxlog?

A

Cross-platform, open source tool similar to syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is netflow?

A

Netflow is a network protocol system created by Cisco that collects active IP network traffic as it flows in or out of an interface, including its point of origin, destination, volume and paths on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is sflow?

A

sflow is short for sampled flow. It’s an open source version of netflow. It provides a means for exporting truncated packets, together win interface counters for the purpose of network monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is IPFix?

A

IPFix or the Internet Protocol Flow Information Export.

A universal standard of export for Internet Protocol flow information from routers, probes and other devices used by mediation systems. Used in accounting/billing for paid network services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In forensic procedures, what is identification?

A

Ensure the scene is safe, secure the scene to prevent contamination and identify the scope of evidence to be collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In forensic procedures, what is collection?

A

Ensure authorisation to collect evidence is obtained, and then document and prove the integrity of the evidence collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In forensic procedures, what is analysis?

A

Create a copy of evidence for analysis and use repeatable methods and tools during analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In forensic procedures, what is reporting?

A

Create a report of the methods and tools used in the investigation and present detailed findings and conclusions based on the analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a legal hold?

A

A process designed to preserve all relevant information when litigation is reasonably expected to occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the 3 ethical requirements of forensic analysts?

A
  • Analysis must be performed without bias
  • Analysis methods must be repeatable by third parties
  • Evidence must not be changed or manipulated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In forensic data acquisition, what’s the main legal challenge with BYOD?

A

BYOD can complicate data acquisition since you may not be able to legally search or seize the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is tracert/traceroute?

A

Tracert/Traceroute is a network diagnostics command for displaying possible routes and measuring transit delays of packets across an IP network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is nslookup/dig?

A

These are utilities to determine the IP address associated with a domain name, obtain mail server settings for a domain, and other DNS information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is ipconfig/ifconfig?

A

Utilities that display all the network configurations of the currently connected network devices and can modify the DHCP and DNS settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is nmap?

A

Nmap is an open-source network scanner that is used to discover hosts and services on a computer network by sending packets and analysing their responses.

24
Q

What is ping/pathping?

A

Utility used to determine if a host is reachable on an IP network.

25
Q

What is hping?

A

Hping is an open-source packet generator and analyser for the TCP/IP protocol that is used for security auditing of firewalls and networks.

26
Q

What is netstat?

A

Utility that displays network connections for TCP, routing tables and a number of network protocol statistics.

27
Q

What is netcat?

A

Utility for reading from and writing to network connections using TCP or UDP which is a dependable back-end that can be used directly or easily driven by other programs and scripts.

28
Q

What is arp (utility)?

A

Utility for viewing and modifying the local Address Resolution Protocol (ARP) cache on a given host or server.

29
Q

What is route (utility)?

A

Route is a utility used to view and manipulate the IP routing table on a host or server.

30
Q

What is curl (utility)?

A

A command line tool to transfer data to or from a server using various supported protocols.

31
Q

What is “the harvester” (utility)?

A

A python script that is used to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN database.

32
Q

What is sn1per (utility)?

A

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities across a network.

33
Q

What is scanless (utility)?

A

scanless is a utility that is used to create an exploitation website that can perform Open port scans in a more stealth-like manner.

34
Q

What is dnsenum (utility)?

A

Utility that is used for DNS enumeration to locate all DNS serves and DNS entries for a given organization.

35
Q

What is Nessus (utility)?

A

A proprietary vulnerability scanner that can remotely scan a computer or network for vulnerabilities.

36
Q

What is Cuckoo (utility)?

A

An open source software for automating analysis of suspicious files.

37
Q

What is head (utility)?

A

A command-line utility for outputting the first ten lines of a file.

38
Q

What is tail (utility)?

A

A command-line utility for outputting the last ten lines of a file.

39
Q

What is cat (utility)?

A

A command-line utility for outputting the contents of file to the screen.

40
Q

What is grep (utility)?

A

A command-line utility for searching plain-text data sets for lines that match a regular expression or pattern.

41
Q

What is chmod (utility)?

A

A command-line utility for changing the access permissions of file system objects.

42
Q

What is logger (utility)?

A

logger is a utility that provides an easy way to add messages to the /var/log/syslog file from the command line or from other files.

43
Q

What is SSH (utility)?

A

Utility that supports encrypted data transfer between two computers for secure logins, file transfers, or general purpose connections

44
Q

What is PowerShell (utility)?

A

A task automation and configuration management framework from Microsoft.

45
Q

What is OpenSSL (software library)?

A

A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.

46
Q

What is tcpdump (utility)?

A

A command line utility that allows you to capture and analyse network traffic going through your system.

47
Q

What is tcpreplay (utility)?

A

A suite of free open source utilities for editing and replaying previously captured network traffic.

48
Q

What is Wireshark (utility)?

A

A popular network analysis tool to capture network packets and display them at a granular level for real-time or offline analysis.

49
Q

What is dd (utility)?

A

A command line utility used to copy disk disk images using a bit by bit copying process.

50
Q

What is FTK Imager (utility)?

A

FTK imager is a data preview and imaging tool that lets you quickly assess electronic evidence to determine if you need to further analysis.

51
Q

What is Memdump (utility)?

A

A command line utility used to dump system memory to the standard output steam by skipping over holes in memory maps.

52
Q

What is WinHex (utility)?

A

A commercial disk editor and universal hex editor used for data recovery and digital forensics.

53
Q

What is Autopsy (utility)?

A

A digital forensics platform and graphical interface to the Sleuth Kit and other digital forensics tools.

54
Q

What is Metasploit (MSF)?

A

A computer security tool that offers information about software vulnerabilities, IDS signature development, and improves penetration testing.

55
Q

What is the Browser Exploitation Framework (BeEF) utility?

A

A tool that can hook one or more browsers and use them as a beachhead of launching various direct commands and further attacks against the system within the browser context.

56
Q

What is Cain and Abel (utility)?

A

A password recovery tool that can be used through sniffing the network, cracking encrypted passwords, brute-forcing, etc

57
Q

What is John the Ripper (utility)?

A

An open source cross-platform security auditing and password recovery tool.

CompTIA Security+ (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions