1.0 Security Operations Flashcards
(122 cards)
1
Q
Windows Registry
A
2
Q
System hardening
A
3
Q
File structure
A
4
Q
Configuration file locations
A
5
Q
System process
A
6
Q
Hardware architecture
A
7
Q
Serverless
A
8
Q
Virtualization
A
9
Q
Containerization
A
10
Q
On-premises
A
11
Q
Cloud
A
12
Q
Hybrid
A
13
Q
Network segmentation
A
14
Q
Zero trust
A
15
Q
Secure access secure edge (SASE)
A
16
Q
Software-defined networking (SDN)
A
17
Q
Multifactor authentication (MFA)
A
18
Q
Single sign-on (SSO)
A
19
Q
Federation
A
20
Q
Privileged access management (PAM)
A
21
Q
Passwordless
A
22
Q
Cloud access security broker (CASB)
A
23
Q
Public key Infrastructure (PKI)
A
24
Q
Secure sockets layer (SSL) inspection
A
25
Data loss prevention (DLP)
26
Personally Identifiable Information (PII)
27
Cardholder data (CHD)
28
Bandwidth consumption
29
Beaconing
30
Irregular peer-to-peer communication
31
Rogue devices on the network
32
Scans/sweeps
33
Unusual traffic spikes
34
Activity on unexpected ports
35
Processor consumption
36
Memory consumption
37
Drive capacity consumption
38
Unauthorized software
39
Malicious processes
40
Unauthorized changes
41
Unauthorized privileges
42
Data exfiltration
43
Abnormal OS process behavior
44
File system changes or anomalies
45
Registry changes or anomalies
46
Unauthorized scheduled tasks
47
Anomalous activity
48
Introduction of new accounts
49
Unexpected output
50
Unexpected outbound communication
51
Service interruption
52
Application logs
53
Social engineering attacks
54
Obfuscated links
55
Wireshark
56
tcpdump
57
Security information and event management (SIEM)
58
Security orchestration, automation, and response (SOAR)
59
Endpoint detection and response (EDR)
60
Domain name service (DNS) and Internet Protocol (IP) reputation
61
WHOIS
62
AbuselPDB
63
Strings
64
VirusTotal
65
Joe Sandbox
66
Cuckoo Sandbox
67
Command and control
68
Interpreting suspicious commands
69
Header
70
Impersonation
71
DomainKeys Identified Mail (DKIM)
72
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
73
Sender Policy Framework (SPF)
74
Embedded links
75
Hashing
76
Abnormal account activity
77
Impossible travel
78
JavaScript Object Notation (JSON)
79
Extensible Markup Language (XML)
80
Python
81
PowerShell
82
Shell script
83
Regular expressions
84
Advanced persistent threat (APT)
85
Hactivists
86
Organized crime
87
Nation-state
88
Script kiddie
89
Insider threat-intentional
90
Insider threat-unintentional
91
Supply chain
92
Timeliness
93
Relevancy
94
Accuracy
95
Social media
96
Blogs/forums
97
Government bulletins
98
Computer emergency response team (CERT)
99
Cybersecurity incident response team (CSIRT)
100
Deep/dark web
101
Paid feeds
102
Information sharing organizations
103
Internal sources
104
Incident response
105
Vulnerability management
106
Risk management
107
Security engineering
108
Detection and monitoring
109
Indicators of Compromise (IoC)
110
Configurations/misconfigurations
111
Isolated networks
112
Business-critical assets and processes
113
Active defense
114
Honeypot
115
Repeatable/do not require human interaction
116
Data enrichment
117
Threat feed combination
118
Minimize human engagement
119
Application programming interface (API)
120
Webhooks
121
Plugins
122
Single pane of glass
