3.0 Detect Flashcards
(102 cards)
1
Q
Analyze security system logs, security tools, and data
A
2
Q
IP networking/Ip resolving
A
3
Q
Dos attacks/DDos attacks
A
4
Q
Security vulnerability databases
A
5
Q
Intrusion detection systems
A
6
Q
Network encryption
A
7
Q
SSL decryption
A
8
Q
SIEM
A
9
Q
Firewalls
A
10
Q
DLP
A
11
Q
IPS
A
12
Q
IDS
A
13
Q
Evaluate and interpret metada
A
14
Q
Malware
A
15
Q
Network topology
A
16
Q
Anomalies
A
17
Q
False positives
A
18
Q
Superhuman logins/geo-velocity
A
19
Q
APT activity
A
20
Q
Botnets
A
21
Q
Unauthorized programs in the startup menu
A
22
Q
Presence of attack tools
A
23
Q
Registry entries
A
24
Q
Unusual network traffic
A
Bandwidth usage
Malicious network communication
25
Off hour usage
26
New administrator/user accounts
27
Guest account usage
28
Unknown open ports
29
Unknown use of protocols
30
Service disruption
31
Website defacement
32
Unauthorized changes/modifications
Suspicious files
Patches
33
Recipient of suspicious emails
34
Unauthorized sessions
35
Failed logins
36
Rogue hardware
37
Agent-based log collection
38
Agentless log collection
39
Syslog log collection
40
Source validation
41
Verification of log integrity
42
Evidence collection
43
Ip address and hostname resolution
44
Field name consistency
45
Time zones
46
Threat hunting
47
Long tail analysis
48
Intrusion detection
49
Behavioral monitoring
50
Log retention
51
Log aggregator and analytics tools
SIEM
52
Linux tools
grep
cut
diff
53
grep
54
cut
55
diff
56
Windows tools
find
WMIC
Event viewer
57
find
58
WMIC
59
Event Viewer
60
Bash
61
Powershell
62
Network-based
63
WAP logs
64
WIPS logs
65
Controller logs
66
Packet capture
67
Traffic log
68
Flow data
69
Device state data
70
SDN
71
Host-based
72
Linux syslog
73
Application logs
74
Cloud Audit logs
75
Threat feeds
76
Asset discovery methods and tools
77
Alerting systems
78
Intrusion prevention or detections systems (IDS/IPS)
79
Firewalls
80
Endpoint detection and response (EDR)
81
Common indicators of potential compromise, anomalies, and patterns
82
Analysis tools
83
Document and communicate results
84
Communication and documentation policies and processes
85
Security incident reports
Description
Potential impact
Sensitivity of information
Logs
86
Escalation processes and procedures
Specific technical processes
Techniques
Checklists
Forms
87
Incident response teams
88
Levels of authority
89
Personnel roles and responsibilities
90
Document and communicate results
91
Command and control
92
Data exfiltration
93
Pivoting
94
Lateral movement
95
Persistence/maintaining access
96
Keylogging
97
Anti-forensics
98
Covering tracks
99
Prioritization or severity ratings of incidents
100
Communication policies and procedures
101
Levels of authority
102
Communicate recommended courses of action and countermeasures