Incident Response Procedure

Question 1

A set of procedure that an investigator follows when examining a
computer security incident

Answer 1

Incident Response

Question 2

Program consisting of the monitoring and detection of security events on
a computer network and the execution of proper response to those
security events
* Preparation
* Identification
* Containment
* Eradication
* Recovery
* Lesson Learned

Answer 2

Incident Management Program

Question 3

Process of recognizing whether an event that occurs should be classified
as an incident

Answer 3

Identification

Question 4

Focused on data restoration, system repair, and re-enabling any server or
networks taken offline during the incident response

Answer 4

Recovery

Question 5

Signal that are sent between two parties or two device that are sent via
a path or method different from that of the primary communication
between the two parties or devices

Answer 5

Out of Band Communication

Question 6

Executives and managers who are responsible for business operations
and functional areas

Answer 6

Senior Leadership

Question 7

Governmental organizations that oversee the compliance with specific
regulations and law

Answer 7

Regulatory Bodies

Question 8

The business or organizations legal council is responsible for mitigating
risk from civil lawsuits

Answer 8

Legal

Question 9

Used to ensure no breaches of the employment law or employee
contract is made during an incident response

Answer 9

Human Resources (HR)

Question 10

Three variations of ____ which all permit the logging of data from
different types of systems in a central repository

Answer 10

syslog/rsyslog/syslog-ng

Question 11

A Linux command line utility used for querying and displaying logs from
journald, the systemd logging service on Linux

Answer 11

jornalctl

Question 12

A multi-platform log management tool that helps to easily identify
security risks, policy breaches or analyze operational problems in server
logs, operation system logs and application logs

Answer 12

nxlog

Question 13

A network protocol system created by Cisco that collects active IP
network traffic as it flows in or out of an interface, including its point of
origin, destination, volume and paths on the network

Answer 13

netflow

Question 14

Short for “sampled flow”, it provides a means for exporting truncated
packets, together with interface counters for the purpose of network
monitoring

Answer 14

sflow

Question 15

A universal standard of export for Internet Protocol flow information
from routers, probes and other devices that are used by mediation
systems, accounting/billing systems and network management systems
to facilitate services such as measurement, accounting and billing by
defining how IP flow information is to be formatted and transferred from
an exporter to a collector

Answer 15

Internet PRotocol Flow Information Export (IPfix)

Question 16

Data that describes other data by providing an underlying definition or
description by summarizing basic information about data that makes
finding and working with particular instances of data easier

Answer 16

Metadata

Question 17

Written procedures ensure that personnel handle forensics properly, effectively,
and in compliance with required regulations

Answer 17

Forensic Procedures

Question 18

Ensure the scene is safe, secure the scene to prevent evidence
contamination, and identify the scope of evidence to be collected

Answer 18

Identification

Question 19

Ensure authorization to collect evidence is obtained, and then document
and prove the integrity of evidence as it is collected

Answer 19

Collection

Question 20

Create a copy of evidence for analysis and use repeatable methods and
tools during analysis

Answer 20

Analysis

Question 21

Create a report of the methods and tools used in the investigation and
present detailed findings and conclusions based on the analysis

Answer 21

Reporting

Question 22

A process designed to preserve all relevant information when litigation is
reasonably expected to occur

Answer 22

Legal Hold

Question 23

A tool that shows the sequence of file system events within a source
image in a graphical format

Answer 23

Timeline

Question 24

The method and tools used to create a forensically sound copy of data
from a source device, such as system memory or a hard disk

Answer 24

Data Acquistion

Question 25

A network diagnostic command for displaying possible routes and
measuring transit delays of packets across an
Internet Protocol network

Answer 25

tracert/traceroute

Question 26

Utility used to determine the IP address associated with a domain name,
obtain the mail server settings for a domain, and other DNS information

Answer 26

nslookup/dig

Question 27

Utility that displays all the network configurations of the currently
connected network devices and can modify the DHCP and DNS settings

Answer 27

ipconfig/ifconfig

Question 28

An open-source network scanner that is used to discover hosts and
services on a computer network by sending packets and analyzing their
responses

Answer 28

nmap

Question 29

Utility used to determine if a host is reachable on an Internet Protocol
network

Answer 29

ping/pathping

Question 30

An open-source packet generator and analyzer for the TCP/IP protocol
that is used for security auditing and testing of firewalls and networks

Answer 30

hping

Question 31

Utility that displays network connections for Transmission Control
Protocol, routing tables, and a number of network interface and network
protocol statistics

Answer 31

netstat

Question 32

Utility for reading from and writing to network connections using TCP or
UDP which is a dependable back-end that can be used directly or easily
driven by other programs and scripts

Answer 32

netcat

Question 33

Utility for viewing and modifying the local Address Resolution Protocol
(ARP) cache on a given host or server

Answer 33

arp

Question 34

Utility that is used to view and manipulate the IP routing table on a host
or server

Answer 34

route

Question 35

A command line tool to transfer data to or from a server, using any of the
supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP,
TELNET, LDAP or FILE)

Answer 35

curl

Question 36

A python script that is used to gather emails, subdomains, hosts,
employee names, open ports and banners from different public sources
like search engines, PGP key servers and SHODAN database

Answer 36

the harvester

Question 37

An automated scanner that can be used during a penetration test to
enumerate and scan for vulnerabilities across a network

Answer 37

sn1per

Question 38

Utility that is used to create an exploitation website that can perform
Open port scans in a more stealth-like manner

Answer 38

scanless

Question 39

Utility that is used for DNS enumeration to locate all DNS servers and
DNS entries for a given organization

Answer 39

dnsenum

Question 40

A proprietary vulnerability scanner that can remotely scan a computer or
network for vulnerabilities

Answer 40

Nessus

Question 41

An open source software for automating analysis of suspicious files

Answer 41

Cuckoo