Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SEC504-Book 1 > Live Examination - Lab included > Flashcards

Live Examination - Lab included Flashcards

1
Q

Examine a process

A

tasklist
tasklist /v
tasklist /m /fi “pid eq pid”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

netcat -na

A

looks for listening processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

the pid from netstat when cross referenced with output from task manager, the tasklist command or wmic process output is useful.

A

true.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

netstat with -naob argument will show the EXE and DLLs associated with each listening port

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

the netstat -b flag requires administrator privledges

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is the most common way to look at running processes?

A

taskmgr.exe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

By default task manager does not show the process ID numbers

A

true.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

wmic output is good to see the command line used and the parent process ID

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

how to check services that are defined and started on the box?

A

services.msc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

how to obtain windows services info?

A

services.msc or sc command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

sc command allows more detail about windows services

A

true.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

tasklist /svc

A

shows the services mapped to their processes they are running out of.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to start live Examination?

A

start with what you know. If investigation was due to an IDS alert, start by examining network traffic.

or start with one aspect of the environment such as running processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Examining processes?

A

Task Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Examine processes at the command line?

A

tasklist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Run tasklist verbosely for more detailed output?

A

tasklist /v

17
Q

get command line options and loaded DLLS for a process ID

A

tasklist /m /fi “pid eq pid”

18
Q

Start | Run taskmgr.exe

A

starts the GUI

19
Q

Besides taskmanger to examine processes what other more in depth tool can get you a look into examining processes?

A

wmic

20
Q

Get brief information about running processes

A

wmic process list brief

21
Q

Get lots of info about running processes

A

wmic process list full

22
Q

get specific fields

A

wmic process where process name,processid,parentproccessid

23
Q

Pay attention to running processes with base64 encoded command line options

A

true

24
Q

What is powershells command option to specificy content of a script to run at the command line?

A

-EncodedCommand

SEC504-Book 1 (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions