Exam Review 2 Flashcards
(40 cards)
What is the main goal of digital forensics?
To collect and protect information relating to an intrusion.
What does RFC 3227 provide guidelines for?
Evidence Collection and Archiving in digital forensics.
What is a legal hold in digital forensics?
A technique to preserve relevant information in preparation for impending litigation.
What is the purpose of capturing video in digital forensics?
To record events and gather information external to the computer and network.
What is important in maintaining a chain of custody for digital evidence?
Controlling evidence to maintain integrity and documenting everyone who contacts the evidence.
What does the term ‘admissibility’ refer to in digital forensics?
The acceptability of data as evidence in a court of law.
How is time offset important in digital forensics?
It helps to accurately interpret the timestamps of data collected from different file systems.
Why are event logs significant in digital forensics?
They document important operating system and application events for future reference.
How are network infrastructure devices secured?
Through configurations like authentication settings, security updates, and access limitations.
What is the standard process for digital forensics?
Acquisition, analysis, and reporting of digital evidence.
Why is operating system hardening important?
To secure the OS through updates, user account management, and network security measures.
What is the purpose of application server hardening?
To secure programming languages and runtime libraries, disable unnecessary services, and apply security patches.
What does the ISO/IEC 27001 framework focus on?
Information Security Management Systems.
What is SSAE SOC 2 Type I/II in security standards?
An auditing standard for evaluating security controls like firewalls and intrusion detection.
What is PCI DSS in security standards?
Payment Card Industry Data Security Standard, a standard for protecting credit card information.
What role do deterrent controls play in security?
They discourage intrusion attempts without directly preventing access.
What are compensating controls in security?
Controls that restore security using alternate means, like re-imaging or backup restoration.
What are corrective controls in security?
Designed to mitigate damage, like IPS blocking attackers or backups for ransomware infection.
How do detective controls function in security?
They identify and record intrusion attempts, like motion detectors and IDS/IPS.
What is the purpose of preventive controls in security?
To physically control access, such as door locks and firewalls.
What are the categories of security controls?
Managerial, operational, and technical controls.
Symmetric Cryptographic Algorithms
Symmetric encryption uses a single shared key for both encryption and decryption. It’s faster than asymmetric encryption, with less overhead.
How to review Sudo Commands?
The specific command to review all sudo commands issued by Terri is not detailed in the study guide.
Power Distribution Units (PDUs)
PDUs provide multiple power outlets, usually in a rack, and often include monitoring and control to manage power capacity and enable/disable individual outlets.
