Incident Response Flashcards

1
Q

Framework

A

a basic structure underlying a system, concept, or text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Procedures

A

provide detailed, tactical information to the CSIRT and represent the collective wisdom of team members and subject-matter experts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

eFUSE

A

an Intel-designed mechanism to allow a software instruction to blow a transistor in the hardware chip. One use of this is to prevent firmware downgrades

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SED

A

self-encrypting drive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TPM

A

trusted platform module. a specification for hardware-based storage of digital certificates, cryptographic keys, hashed passwords, and other user and platform identification information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HSM

A

hardware security module. an appliance for generating and storing cryptographic keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Carving

A

the process of extracting data from an image when that data has no associated file system metadata.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FileVault 2

A

a full-disk encryption system used on macOS devices. Uses AES 256-bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

lessons-learned report

A

a technical report designed for internal use to improve incident response processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

incident summary report

A

designed to distribute to stakeholders to reassure them that the incident has been properly handled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Pass the Hash (PtH)

A

harvesting an account’s cached credentials when the user logs in to a single sign-on (SSO) system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

golden ticket

A

Kerberos ticket that can grant other tickets in an Active Directory environment. Attackers who can create a golden ticket can use it to grant administrative access to other domain members, even to domain controllers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Lateral movement

A

umbrella term for a variety of attack types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Pivoting

A

When attackers pivot, they compromise one central host (the pivot) that allows them to spread out to other hosts that would otherwise be inaccessible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RAT

A

Remote Access Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

policy

A

statement of intent and is implemented as a procedure or protocol.

17
Q

Process Monitor

A

an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity.

18
Q

Autoruns

A

shows you what programs are configured to run during system bootup or login.

19
Q

ProcDump

A

a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike.

20
Q

DiskMon

A

an application that logs and displays all hard disk activity on a Windows system.

21
Q

SPI

A

Sensitive Personal Information. information about a subject’s opinions, beliefs, and nature afforded specially protected status by privacy legislation (GDPR)

22
Q

HFS+

A

Hierarchical File System Plus. The default macOS file system for the drive.