Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 19.186 Indicators of compromise (IoC) > Flashcards

Section 19.186 Indicators of compromise (IoC) Flashcards

Objective 2.4 Given a scenario, you must be able to analyse indicators of malicious activity

1
Q

Indicators of Compromise (IoC)

A

Pieces of forensic data that identify potentially malicious activity on a network or system

■ Serves as digital evidence that a security breach has occurred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IoC includes…

Account Lockouts

A

Occurs when an account is locked due to multiple failed login attempts

■ Indicates a potential brute force attack to gain access

■ Balancing security with usability is crucial when implementing account
lockout

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IoC includes…

Concurrent Session Usage

A

Refers to multiple active sessions from a single user account

■ Indicates a possible account compromise when the legitimate user is also logged in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IoC includes…

Blocked Content

A

Involves attempts to access or download content blocked by security protocols

■ Suggests a user trying to access malicious content or an attacker attempting to steal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IoC includes…

Impossible Travel

A

Detects logins from geographically distant locations within an unreasonably short timeframe

■ Indicates a likely account compromise as physical travel between these
locations is impossible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IoC includes…

Resource Consumption

A

Unusual spikes in resource utilisation

● CPU
● Memory
● Network bandwidth

■ May indicate malware infections or Distributed Denial of Service (DDoS) attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IoC includes…

Resource Inaccessibility

A

Inability to access resources like files, databases, or network services

■ Suggests a ransomware attack, where files are encrypted, and a ransom is
demanded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IoC includes…

Out-of-Cycle Logging

A

Log entries occurring at unusual times

■ Indicates an attacker trying to hide their activities during off-peak hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IoC includes…

Missing Logs

A

Sign that logs have been deleted to hide attacker activities

■ May result in gaps in the log data, making it harder to trace the attacker’s
actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IoC includes…

Published Articles or Documents

A

Attackers publicly disclose their actions, boasting about their skills or causing reputational damage

■ Can occur on social media, hacker forums, newspaper articles, or the victim’s own website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (205 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions