Flashcards in RFI Deck (36)
Quantifying risk by threat
Integrity protection encompasses...
more than just data. Also OS, apps, HW
DREAD + STRIDE
Threat modeling techniques
Categories of security investigations (3)
Public, Private, Individual
Linux file system that supports journaling
Journaling file system consequence
Burns out hard drive easier
Each process starts with...
Single threat that can create more threads
A Windows job is...
A group of processes
Is a Signature ID an artifact of IPS/IDS events?
Netflow templates provide
backward compatibility on netflow supporting systems
IPFIX uses which protocol
SILK, ELK, Graylog
Can be used for Netflow analysis
Netflow cache types (3)
Normal, Immediate, permanent
IPFIX based on which version of netflow
Incident Prioritization part of which phase of IR process
Detection + Analysis
You know and obtain facts about an incident
Activity attack graph useful for...
Highlighting attackers preferences and alternative attack paths
First step in a forensic exercise
Collect and secure evidence
VERIS stands for
Vocabulary for Event Recording and Information Sharing
How many people should know about a cyber crime investigation?
As few people as possible
Data for very small files stored in the MFT.
Cisco Adaptive Security Device Manager (ASDM)
Rule based firewall management
DNScapy and DNSCAT2
DNS tunneling tools
Goal of security awareness program
Provide understanding of risk and exposure
What systems must be scanned for PCI DSS compliance?
All systems on isolated PCI network.