Study 6

Question 1

SP800-61

Answer 1

Incident Handling

Question 2

NTP Network Time Protocol

Answer 2

Port 123

Question 3

Inculpatory

Answer 3

to prove they did it

Question 4

Exculpatory

Answer 4

to prove they did NOT DO it

Question 5

Best Evidence

Answer 5

Original files

Question 6

Direct Evidence

Answer 6

from a witness sense ( needs backup)

Question 7

Real Evidence

Answer 7

something you can touch= , Fingerprint, gun

Question 8

Demonstrative Evidence

Answer 8

reenactment

Question 9

Corroborative Evidence

Answer 9

any supported Evidence

Question 10

Conclusive Evidence

Answer 10

stands on it own, (Video)

Question 11

Circumstantial Evidence

Answer 11

like a blood trial of blood

Question 12

Documentary Evidence

Answer 12

(hearsay Rule) paper documents

Question 13

Documentary Evidence

Answer 13

(hearsay Rule) paper documents

Question 14

the five key principle that forms the core of the COBIT5 framework?

Answer 14

1) Meeting Stakeholders needs,
2) Covering the enterprise end to end,
3) Apply a single integrated framework,
4) Enabling a holistic approach,
5) Separating governance from management.

Question 15

the five key principle that forms the core of the COBIT5 framework?

Answer 15

1) Meeting Stakeholders needs,
2) Covering the enterprise end to end,
3) Apply a single integrated framework,
4) Enabling a holistic approach,
5) Separating governance from management.

Question 16

many security products begin the process of generating a pseudorandom key by having the user tap random keys on a keyboard or randomly moving the mouse. Such activity is known as ?

Answer 16

entropy.

Question 17

pseudorandom

Answer 17

randomness

Question 18

is the marriage of object-oriented and relational technologies combining the attributes of both?

Answer 18

object-relational database

Question 19

is common in all major software vendors and is important to maintaining a trusted computing platform.

Answer 19

Code Signing

Question 20

Looks for sequences of bit called signature that are typical malware programs.

Answer 20

Scanners

Question 21

Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. it continuously check a file for changes and report changes as possible malware behavior.

Answer 21

Immunizers

Question 22

Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. It can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept.

Answer 22

Behavior Blocker

Question 23

interpret DoS and read-only memory (ROM) BIOS calls, looking for malware like actions.

Answer 23

Active monitor

Question 24

are simulated environments to which IDSs seamlessly transfer detected attackers and are designed to convince an attacker that the attack is going according to the plan.

Answer 24

Padded cells

Question 25

In this Block Cipher method of encryption, a single bit change in the plain text results in multiple changes permutated throughout the rest of the encryption cycles so in the end, the ciphertext has completely changed.

Answer 25

Diffusion