Incident Response Procedure Flashcards

1
Q

A set of procedure that an investigator follows when examining a
computer security incident

A

Incident Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Program consisting of the monitoring and detection of security events on
a computer network and the execution of proper response to those
security events
* Preparation
* Identification
* Containment
* Eradication
* Recovery
* Lesson Learned

A

Incident Management Program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Process of recognizing whether an event that occurs should be classified
as an incident

A

Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Focused on data restoration, system repair, and re-enabling any server or
networks taken offline during the incident response

A

Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Signal that are sent between two parties or two device that are sent via
a path or method different from that of the primary communication
between the two parties or devices

A

Out of Band Communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Executives and managers who are responsible for business operations
and functional areas

A

Senior Leadership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Governmental organizations that oversee the compliance with specific
regulations and law

A

Regulatory Bodies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The business or organizations legal council is responsible for mitigating
risk from civil lawsuits

A

Legal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Used to ensure no breaches of the employment law or employee
contract is made during an incident response

A

Human Resources (HR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Three variations of ____ which all permit the logging of data from
different types of systems in a central repository

A

syslog/rsyslog/syslog-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A Linux command line utility used for querying and displaying logs from
journald, the systemd logging service on Linux

A

jornalctl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A multi-platform log management tool that helps to easily identify
security risks, policy breaches or analyze operational problems in server
logs, operation system logs and application logs

A

nxlog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A network protocol system created by Cisco that collects active IP
network traffic as it flows in or out of an interface, including its point of
origin, destination, volume and paths on the network

A

netflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Short for “sampled flow”, it provides a means for exporting truncated
packets, together with interface counters for the purpose of network
monitoring

A

sflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A universal standard of export for Internet Protocol flow information
from routers, probes and other devices that are used by mediation
systems, accounting/billing systems and network management systems
to facilitate services such as measurement, accounting and billing by
defining how IP flow information is to be formatted and transferred from
an exporter to a collector

A

Internet PRotocol Flow Information Export (IPfix)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data that describes other data by providing an underlying definition or
description by summarizing basic information about data that makes
finding and working with particular instances of data easier

A

Metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Written procedures ensure that personnel handle forensics properly, effectively,
and in compliance with required regulations

A

Forensic Procedures

18
Q

Ensure the scene is safe, secure the scene to prevent evidence
contamination, and identify the scope of evidence to be collected

A

Identification

19
Q

Ensure authorization to collect evidence is obtained, and then document
and prove the integrity of evidence as it is collected

A

Collection

20
Q

Create a copy of evidence for analysis and use repeatable methods and
tools during analysis

A

Analysis

21
Q

Create a report of the methods and tools used in the investigation and
present detailed findings and conclusions based on the analysis

A

Reporting

22
Q

A process designed to preserve all relevant information when litigation is
reasonably expected to occur

A

Legal Hold

23
Q

A tool that shows the sequence of file system events within a source
image in a graphical format

A

Timeline

24
Q

The method and tools used to create a forensically sound copy of data
from a source device, such as system memory or a hard disk

A

Data Acquistion

25
Q

A network diagnostic command for displaying possible routes and
measuring transit delays of packets across an
Internet Protocol network

A

tracert/traceroute

26
Q

Utility used to determine the IP address associated with a domain name,
obtain the mail server settings for a domain, and other DNS information

A

nslookup/dig

27
Q

Utility that displays all the network configurations of the currently
connected network devices and can modify the DHCP and DNS settings

A

ipconfig/ifconfig

28
Q

An open-source network scanner that is used to discover hosts and
services on a computer network by sending packets and analyzing their
responses

A

nmap

29
Q

Utility used to determine if a host is reachable on an Internet Protocol
network

A

ping/pathping

30
Q

An open-source packet generator and analyzer for the TCP/IP protocol
that is used for security auditing and testing of firewalls and networks

A

hping

31
Q

Utility that displays network connections for Transmission Control
Protocol, routing tables, and a number of network interface and network
protocol statistics

A

netstat

32
Q

Utility for reading from and writing to network connections using TCP or
UDP which is a dependable back-end that can be used directly or easily
driven by other programs and scripts

A

netcat

33
Q

Utility for viewing and modifying the local Address Resolution Protocol
(ARP) cache on a given host or server

A

arp

34
Q

Utility that is used to view and manipulate the IP routing table on a host
or server

A

route

35
Q

A command line tool to transfer data to or from a server, using any of the
supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP,
TELNET, LDAP or FILE)

A

curl

36
Q

A python script that is used to gather emails, subdomains, hosts,
employee names, open ports and banners from different public sources
like search engines, PGP key servers and SHODAN database

A

the harvester

37
Q

An automated scanner that can be used during a penetration test to
enumerate and scan for vulnerabilities across a network

A

sn1per

38
Q

Utility that is used to create an exploitation website that can perform
Open port scans in a more stealth-like manner

A

scanless

39
Q

Utility that is used for DNS enumeration to locate all DNS servers and
DNS entries for a given organization

A

dnsenum

40
Q

A proprietary vulnerability scanner that can remotely scan a computer or
network for vulnerabilities

A

Nessus

41
Q

An open source software for automating analysis of suspicious files

A

Cuckoo