SG#4 - Operations and Incident Response

Question 1

NetFlow

Answer 1

Standardized way for collecting network information from switches, routers, and other network devices.

Usually, a single NetFlow Server examines all the data from all of your devices.

Question 2

CRL

Answer 2

Certificate Revocation List is used to verify that a digital certificate is sill valid.

It is usually implemented before connecting VPN tunnels.

Question 3

Isolation

Answer 3

Happens when you moved a device into an area with limited or not access to other resources.

This is often used when someone is trying to connect to the NETWORK and does not have the correct security posture on their device.

Question 4

Runbooks

Answer 4

Explicit instructions on how to do certain task.
Examples: how to reset a password, create a website certificate, data backups.

Question 5

Playbooks

Answer 5

Is a more detailed description of what to do if an specific event occurs. Often a combinations of Runbooks.

Examples: the steps to recover from a ransomware.

Question 6

OpenSSL

Answer 6

A library and a series of utilities that allow you to manage SLL and TLS certificates into the systems.

Question 7

Non-Repudiadtion

Answer 7

Can be provided in 2 ways

Message Authentication Code (MAC)
Digital Signature

Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the senders identity.

Question 8

SIEM

Answer 8

Security Information Event Management
It supports thread detection and security solution through the collection and analysis of security events.

Question 9

Four types of Vulnerability Assesment

Answer 9

Active
Passive
External
Internal

Question 10

WinHex

Answer 10

Third party editor tool that can provide the raw representation of the dump files.

Also cloning/coping capabilities.

Question 11

GRC

Answer 11

The Governance Risk and Compliance
Combined collection that allows organizations to operate ethically minimizing risk and still complying with state requirements.

Question 12

netcat

Answer 12

It reads and writes information to or from the network

Example: open a port and send or receive some traffic

Question 13

Nessus

Answer 13

Most popular vulnerability scanning tool because of its large database.
It has extensive reporting help to identify vulnerabilities.
It resolves vulnerabilities on the system.

Question 14

Tcpreplay

Answer 14

Allows to captured the packets to quickly look at the information, reply to this information back onto the networ.

Question 15

Tcpdump

Answer 15

it captures packets from the command line, displays the packets onto the screen, and writes then in files.

Does the same thing as WireShark

Question 16

Wireshark

Answer 16

Free open source packet analyzer.
It is commonly used for network trouble shooting, analysis, software and communications protocol development.

Question 17

Memdump

Answer 17

command to send all of the information and system memory to a specific location on your computer.

Question 18

Autopsy

Answer 18

performs digital forensics on data stored on storage devices or in picture files.

Question 19

Password Crackers

Answer 19

Is an online tracking tool that can perform multiple request to a device.