Search
Browse
Create
Log in
Sign up
Log in
Sign up
Combo with "Quiz 12" and 3 others
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (101)
FTK
Does extensive preprocessing of the evidence items and organizes the various items into a tabbed display.
Cartwheeing
A technique in which a term is extended via links to subsidiary terms.
Carving
Recovering files, images, and so forth from fragments in free space.
Jump Bag
Has a set of all the portable equipment and tools needed for an investigation.
Write blocker
Device that allow you to acquire the information on a drive without accidentally damaging the drives contents.
Desiccants
Drying agents to absorb any moisture.
EnCase Forensic
Presents an extensible forensic platform that makes it easy for trained investigators to carry out their tasks.
Discoverable
Must be disclosed.
Faraday Cage
An enclosure that ensures what electromagnetic waves are blocked so that a device cannot transmit or receive radio waves while in custody.
FBI
The _____ handles computer crimes that are categorized as felonies.
Scribe
Who is responsible for maintaining control of the field evidence log and locker.
forensic examiners
In large organizations, _____ are skilled in the operations of particular tools used to gather the analysis information.
Costly
A disadvantage to hardware imaging platforms is that they are ____.
True
If an organization routinely searches every employee's computer or if it conducts truly random searches and uncovers potential evidentiary material, then the findings are admissible in any legal proceeding.
IR
An organization's _____ policy must spell out the procedures for initiating the investigative process, including management approvals.
True
In a live acquisition, the investigator concludes that the volatile information is important enough to sacrifice the durable information that might be obtained by powering down the system.
Hash
One way to authenticate a particular digital item ( which is represented as a collection of bits ) is by means of a cryptographic ____.
fighting cyber crime
According to Gordon snow, the assistant director of the FBI's Cyber Division, 1) countering efforts by foreign countries to steal our nation's secrets (2) evaluating the capabilities of terrorists in a digital age, and 3) ________ _____ ____ are the FBI's highest priorities.
Bit-stream
Forensic investigators use ____ (also know as sector-by-sector) copying when making a forensic image of a device.
False
Since analysis reports must clearly communicate highly technical matters to varying audience, critical details can be sacrificed.
Incident
A ____ is a clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
CP Management Team (CPMT)
The team responsible for conducting the business impact analysis (BIA)
Differential
A _______ backup is the storage of all files that have changed or have been added since the last full backup.
Active / Active
____ clustering is a more complex model in which all members of a cluster simultaneously provide application services.
Time required to store and retrieve information
What is the drawback of tape backups?
DR/BC
In some organizations, which two plans are considered to be one plan, known as the business resumption plan?
attack profile
An _____ is a detailed description of the activities that occur during an attack, including the preliminary indications of the attack as well as the actions taken and the outcome.
Trigger
The identification of an incident begins with the ______ - that is, the circumstances that cause the IR team to be activated and the IR plan to be initiated.
Computer Security Incident Response Team (CSIRT)
The _____, which is also known as the Security Incident Response Team (SIRT), is the group of individuals who would be expected to respond to a detected incident.
Remote journaling
_______ is the transfer of live transactions to an off-site facility.
Stakeholders
____ are the representative collection of individuals with a stake in the successful and uninterrupted operation of the organization's information infrastructure.
Classification
Incident ______ is the process of evaluating organizational events, determining which events are possible incidents, also called incident candidates, and then determining whether or not the incident candidate is an actual incident or a nonevent, also called a false positive incident candidate.
Dormant accounts
According to D. L. Pipkin, the use of ___ ____ is a definite indicator of an actual incident.
Shadowing
_______ techniques are generally used by organizations needing immediate data recovery after an incident or disaster.
after-action
The _____ review entails a detailed examination of the events that occurred from the first detection to final recovery.
Business continuity
______ planning ensures that critical business functions can continue if a disaster occurs.
Community clouds
Which cloud type acts as a collaboration between a few entities for the sole benefit of those entities.
True
Incident response focuses on immediate response to small-scale events.
FALSE
NAS works well with real-time applications because of the latency of the communication methods.
True
The final step of the IR planning according to NIST is plan maintenance.
Revision date
The date associated with a particular version or build.
Configuration item
A hardware or software item that is to be modified and revised throughout its life cycle.
Major release
A significant revision from its previous state.
Configuration
A collection of components that make up a configuration item.
Minor release
A minor revision of the version from its previous state.
Software library
A collection of configuration items that is usually controlled and that developers use to construct revisions and to issue new configurations items.
Built list
A list of the versions of components that make up a build.
Version
The recorded state of a particular revision of a software or hardware configuration item.
Build
A snapshot of a particular version of a software assembled (or linked) from its various component modules.
Event viewer
On most current versions of Microsoft windows-based systems, logging is managed by the ______, which is accessible from the system control panel.
Acquire and implement
Which COBIT domain focuses on ongoing maintenance and change requirements to extend the usability of the system?
Accreditation
In security management, _________ is what authorizes an IT system to process, store, or transmit information.
DLL
In the Windows OS, services are usually initiated (loaded or started) at boot-up as ______which consist of software code, data and/or other resources necessary to provide the service.
SIEM
______ technology provides a layer of correlation that groups similar events from various technologies, locations, and environments.
True
What is logged in the system log is predetermined by Windows
ISO/IEC 27001
The primary purpose of ________ is to enable organization to obtain certification; it serves more as an assessment tool than an implementation framework.
almost anything
For logon events, audit systems will usually makes a log entry when a user does ____ ___.
process
A _____ is an instance of a computer program or application that is being executed.
baseline
A ____ is a measurement of activity that represents the normal state or routine condition.
COBIT
______ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technicals issues, and business ricks.
packet sniffer
A _____ (sometimes called a network protocol analyzer) is a network tool that collects copies of packets from the network and analyzes them or stores the packets for later analysis.
passive
A ____ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.
fingerprinting
The _____ stage of the attack methodology is a systematic survey of the target organization's internet addresses, conducted to identify the network services offered by the hosts in that range.
recon
One of the preparatory parts of the attack methodology is the collection of publicly available information about a potential target, a process known as _____.
audits
____ verify that an organization's security policies are prudent (cover the right issues) and are being implemented correctly.
directory traversal attack
If web software can access parts of the underlying operation system's file system through normal URL mappings, a ______ ___ _____ may occur.
salt
Requirements for a complex password system include using a _____ value, implementing strong encryption, requiring periodic password changes, and generally implementing a system where guessing a password or its hash is very difficult.
footprinting
The process of exploring the internet presence of a target is sometimes called _______.
black
The most realistic type of penetration test is a _____ box test. (374)
active
An __________ vulnerability scanner initiates traffic on the network in order to identify security holes.
trusted network name resolution
Implementing applications that can verify the true communication destination during execution help prevent vulnerabilities associated with ______.
true
Passive scanners are advantageous in that they are unlikely being detected by IDPS.
VLAN
802.11 wireless network exists as a separate _____ on nearly all large networks.
nmap
Probably the most popular network scanner is ______ which runs on both UNIX and Windows systems.
False
Most web browsers will not allow users to the see the HTML code of the Web page.
Port
A ___ is a transport layer address that serves as a communication endpoint through which a specific application/process exchange data.
penetration test
A ____ uses techniques and tools available to an attacker to evaluate the organization's defense mechanisms and processes.
Fuzzing
_____ is a testing technique that looks for vulnerabilities in a program or protocol by feeding random input into the program or the network running the protocol.
False
Organization's are safe from sniffer attacks when their computing environment is primarily a packet-switched network.
Command / SQL Injection
_______ vulnerability can occur if a programmer does not properly validate user input and allows an attacker to include unintended SQL inputs that can be passed to a database?
Exploitation
Refers to the tools and techniques for breaking into more systems, gaining further network access, or gaining access to more resources.
US-CERT
Is a centralized collection and reporting facility that focuses on the tracking and dissemination of information about current computer security threats.
Change Managment
Seeks to prevent changes that could detrimentally affect the security of a system.
Application Log
This records events generated by specific applications or programs. A spreadsheet program might record an error for access to a file in the application log.
(IR) Incident Response Plan
The actions an organization should take while an incident is in progress are defined in a document referred to as a ___ ___ ___.
Electronic Vaulting
The bulk transfer of data in batches to an off-site facility is called.
RAID 0
Creates one larger logical volume across several available physical hard disk drives and stores the data in segments, called stripes, across all the desk drives in the array. This is often called disk striping without parity and is frequently used to combine smaller drive volumes into fewer, larger volumes to gain the advantages that larger volumes offer as well as increased I/O throughput.
RAID 1
Commonly called disk mirroring, RAID 1 uses two drives in which data is written to both drives simultaneously, providing a backup if the primary device fails.
RAID 5
Most commonly used in organizations that balance safety and redundancy against costs of acquiring and operating the systems. Segments of data are interleaved with parity data and are written across all the drives in the set.
RAID 10
Also referred to as RAID 1+0, this combines the benefits of RAID 0 and RAID 1. The data is striped like RAID 0, but the striped set is mirrored, as in RAID 1. This hybrid system is really a mirror of a striped set.
NOT
RAID IS NOT A REPLACEMENT FOR A BACKUP AND RECOVERY.
Contingency Planning (CP)
Is the process by which the information technology and information security teams position their organizations for, detect, react to, and recover from man-made or natural events that threaten the security of information resources and assets.
Dead Acquisition
An investigator seeks to obtain a forensic image of the disk or device.
Live Acquisition
Collecting evidence from a currently running system.
Sterile Media
Media that is used to collect digital evidence must be forensically sterile, meaning that it contains no residue from previous use.
wget
UNIX or linux systems support a tool called "wget" that allows a remote individual to "mirror" entire websites.
metasploit
The metasploit framework is a collection of exploits coupled with an interface that allows you to customize exploitation of vulnerable systems.
wireshark
A free, client-based network protocol analyzer that happens to be free. Allows the administrator to examine data from both live network traffic and captured traffic.
Firewalk
Tool that can be used to analyze firewalls. Written by noted author and network security expert Mike Schiffman and David Goldsmith, firewalk uses incrementing TTL packets to determine path into a network as well as the default firewall policy.
Netcat
Once the remote system has been subverted, many attackers use FTP, TFTP, and similar types of file transfer utilities to store the necessary attack tools in a data cache. Netcat is a full client server environment that allows the transfer of data between netcat installations. (Pg371)
XProbe2
Uses ICMP to determine the remote OS. XProbe2 sends a lot of different ICMP queries against the target host. (363)
YOU MIGHT ALSO LIKE...
Introduction to Business | Gaspar, Bierman, Kolari, Hise, Smith, Arreola-Risa
AcademicMediaPremium
$12.99
STUDY GUIDE
Chapter 12
25 Terms
Stephanie_Clement
Managing and Troubleshooting Networks Chapter 18 (4th Edition)
51 Terms
littlejon100
Info Security Test 1
73 Terms
kbeard12
OTHER SETS BY THIS CREATOR
AWS Well Architected Framework PDF
12 Terms
dpAdam
AWS Products
67 Terms
dpAdam
CISSP LL Domain 8: Software Development Security
73 Terms
dpAdam
CISSP LL Domain 7: Security Operations
201 Terms
dpAdam
;