3.0 Detect Flashcards

(102 cards)

1
Q

Analyze security system logs, security tools, and data

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IP networking/Ip resolving

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Dos attacks/DDos attacks

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security vulnerability databases

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Intrusion detection systems

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Network encryption

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SSL decryption

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SIEM

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Firewalls

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DLP

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IPS

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IDS

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Evaluate and interpret metada

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Malware

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network topology

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Anomalies

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

False positives

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Superhuman logins/geo-velocity

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

APT activity

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Botnets

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Unauthorized programs in the startup menu

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Presence of attack tools

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Registry entries

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Unusual network traffic

A

Bandwidth usage
Malicious network communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Off hour usage
26
New administrator/user accounts
27
Guest account usage
28
Unknown open ports
29
Unknown use of protocols
30
Service disruption
31
Website defacement
32
Unauthorized changes/modifications
Suspicious files Patches
33
Recipient of suspicious emails
34
Unauthorized sessions
35
Failed logins
36
Rogue hardware
37
Agent-based log collection
38
Agentless log collection
39
Syslog log collection
40
Source validation
41
Verification of log integrity
42
Evidence collection
43
Ip address and hostname resolution
44
Field name consistency
45
Time zones
46
Threat hunting
47
Long tail analysis
48
Intrusion detection
49
Behavioral monitoring
50
Log retention
51
Log aggregator and analytics tools
SIEM
52
Linux tools
grep cut diff
53
grep
54
cut
55
diff
56
Windows tools
find WMIC Event viewer
57
find
58
WMIC
59
Event Viewer
60
Bash
61
Powershell
62
Network-based
63
WAP logs
64
WIPS logs
65
Controller logs
66
Packet capture
67
Traffic log
68
Flow data
69
Device state data
70
SDN
71
Host-based
72
Linux syslog
73
Application logs
74
Cloud Audit logs
75
Threat feeds
76
Asset discovery methods and tools
77
Alerting systems
78
Intrusion prevention or detections systems (IDS/IPS)
79
Firewalls
80
Endpoint detection and response (EDR)
81
Common indicators of potential compromise, anomalies, and patterns
82
Analysis tools
83
Document and communicate results
84
Communication and documentation policies and processes
85
Security incident reports
Description Potential impact Sensitivity of information Logs
86
Escalation processes and procedures
Specific technical processes Techniques Checklists Forms
87
Incident response teams
88
Levels of authority
89
Personnel roles and responsibilities
90
Document and communicate results
91
Command and control
92
Data exfiltration
93
Pivoting
94
Lateral movement
95
Persistence/maintaining access
96
Keylogging
97
Anti-forensics
98
Covering tracks
99
Prioritization or severity ratings of incidents
100
Communication policies and procedures
101
Levels of authority
102
Communicate recommended courses of action and countermeasures