Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

March 2017 E-6 IT1 Exam > CJCSM 6510.01B, Encl. D > Flashcards

CJCSM 6510.01B, Encl. D Flashcards

1
Q

What seeks to identify the root cause(s) of an incident and is required to fully understand the scope,
potential implications, and extent of damage resulting from the incident?

A

Incident Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is defined as the process of acquiring, preserving, and analyzing IS artifacts that help characterize
the incident and develop COA?

A

System Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is defined as the process of identifying, analyzing, and characterizing reported software artifacts
suspected of being adversarial tradecraft to help defense in depth mitigation actions and strategies, CI
activities, and LE activities?

A

Malware Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is considered the application of science to the identification, collection, examination, and analysis
of data while preserving the integrity of the information and maintaining a strict chain of custody?

A

Computer forensiscs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which publication can guidance be found on integrating forensic techniques into incident response?

A

NIST SP 800-86

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How many basic phases are in the forensics process?

A

4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of data is stored in IS memory that will be lost when the IS loses power or is shut down?

A

Volatile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which type of data is stored in the IS’s hard drives and removable storage media that will not be changed
when the IS is powered off?

A

Persistent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is defined as software designed and/or deployed by adversaries without the consent or knowledge
of the user in support of adversarial missions?

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of analysis involves quick checks to characterize the malware sample within the context of
the analysis mission?

A

Surface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which type of analysis is the controlled execution of the malware sample in an isolated environment to
monitor, observe, and record run-time behavior without impacting mission-critical systems and
infrastructure?

A

Run-time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which type of analysis focuses on examining and interpreting the contents of the malware sample in the
context of an analysis mission?

A

Static

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the most in-depth form of malware analysis?

A

Reverse engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What must any malware that is uncovered throughout the incident response process be cataloged to?

A

JMC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network analysis comprises data sources, data collection, along with what else?

A

Data analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which type of data can provide complete insight into network transactions that occurred between hosts?

A

Full Packer Capture

17
Q

What is used to avoid allegations of mishandling or tampering with evidence and increases the
probability of the evidence being entered into a court proceeding?

A

Chain of custody

March 2017 E-6 IT1 Exam (83 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions