Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Guide to IT Disaster Recovery (2022) > Writing Assignment: Module 06 Real-World > Flashcards

Writing Assignment: Module 06 Real-World Flashcards

1
Q

Do a Web search for “cyber kill chain in breach responses.” Look for an article that points out weaknesses in using the cyber kill chain. What are the one or two deficiencies of the cyber kill chain that are pointed out in the article?

A

https://thecyphere.com/blog/cyber-kill-chain/
1.Initial access
2.Initial access
3.Persistence
4.Privilege escalation
5.Defence evasion
6.Credential access
7.Discovery
8.Lateral movement
9.Collection
10.Exfiltration
11.Impact

the cyber kill chain
Phase 1: Reconnaissance
Phase 2: Weaponization
Phase 3: Delivery
Phase 4: Exploitation
Phase 5: Installation
Phase 6: Command and Control
Phase 7: Actions on Objective

the large difrents is that thecyphere has 11 steps insted of the normal 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Do a Web search on “honeypots” and “honeynets.” Search for “honeypot versus honeynet.” How are they different? List three reasons why making your own honeypot or honeynet might be a bad idea.

A

you may be liable if hackers use your system to break into others. It’s called downstream liability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Using Table 6-2, do a Web search on a few of the port numbers known to be used by hacker programs, such as Sub-7, Midnight Commander, and WinCrash. What significant information did you find in your search? Why should the information security manager be concerned about these hacker programs? What can he or she do to protect against them?

A

Sub-7 is a remote administration tool used by hackers to gain unauthorized access to a victim’s computer. It uses port 27374
Midnight Commander is a file manager used by hackers to browse through the files on a victim’s computer. It uses port 999
WinCrash is a denial-of-service (DoS) tool used by hackers to crash a victim’s computer or network. It uses port 16894
in your firewall you can watch and prevent access to these port or block them if needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Using the list of possible, probable, and definite indicators of an incident, draft a recommendation to assist a typical end user in identifying these indicators. Alternatively, using a graphics package such as PowerPoint, create a poster to make the user aware of the key indicators.

A

To identify possible, probable, and definite indicators of an incident, end users should be vigilant and observant of any unusual behavior, events, or changes in their systems or network. Here are some indicators to look out for:

Possible Indicators:

Slow computer or network performance
Unauthorized or unknown software or services running on the system
Unexpected system crashes or errors
Unusual login or network activity
Unfamiliar or suspicious emails, attachments, or links

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Guide to IT Disaster Recovery (2022) (48 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions