2 Flashcards
(29 cards)
You are conducting a forensic investigation. The attack has been stopped. What do you do FIRST
Document what’s on screen
Which of the following tools would you use to validate the bandwidth on your network and ID when the bandwidth is significantly below what it should be
Throughput tester
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use?
Explicit allow, Implicit Deny
You discover info on a computer HDD that might indicate evidence of illegal activity. You want to perform FORENSICS on thie disk to see WHAT INFO IT CONTAINS. What do FIRST
Make a bit level copy of the disk
Security Layer: Fences, Door Locks, Mantraps, Turnstiles, Device Locks, Server Cages
Physical
Security Layer: Individual Workstation, Laptop, Mobile Device
Host
Security Layer: Authentication Authorization, User MGMT, Group Policies
Application
Sec Layer: Cameras, Motion Detectors, Environmental Controls
Physical
Sec Layer: VLAN, Penetration Testing, Virtualization
Network
Found rogue wireless access point on network. Which should you do FIRST to PROTECT NETWORK while PRESERVING EVIDENCE
Disconnect the access point from the network
Best defense against script kiddies
Keep systems up to date and use standard security practices
Attack Strat: Stealing Info
Exploitation
Attack Strat: Prep a computer to perform additional attacks in the attack
Staging
Attack Strat: Crashing systems
Exploitation
Attack Strat: Gathering hardware info
Recon
Attack Strat: Penetrating sys defenses to gain unauth access
Breaching
Attack Strat: Config additional rights to do more than breach the system
Escalate Privileges
Which algorithm combines a random value with plain text to produce cipher text
one time pad
What is Steganography
cryptography method that uses digital pictures, video clips, or audio clips to hide a message
Which type of cipher changes the position of the characters in a plain text message
transposition
ur running a packet sniffer to ID the types of traffic on network. you expect to see all traffic on net, but pack sniffer only seems to capture frames that are addressed to the network interface on your workstation. what do you config to see all
Configure the network interface to use PROMISCUOUS MODE
After an intrusion has occurred and the intruder has been removed from the system which of the following is the best next step or action to take
back up all logs and audits regarding the incident
what is a protocol analyzer used for
a passive device that is used to copy frames and allow you to view frame contents
does not allow you to capture modify and retransmit frames
define hacker
general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization
