DFIR - Digital Forensics Incident Training XM WITH COMPLETE SOLUTIONS.
2 keer bekeken 0 keer verkocht
Vak
DFIR
Instelling
DFIR
Hot site
A backup that is running continuously and ready for imediate switchover
warm site
Servers & other resources for backup but not as ready for switchover
Previous
Play
Next
Rewind 10 seconds
Move forward 10 seconds
Unmute
0:00
/
0:15
Full screen
Brainpower
Read Mo...
DFIR - Digital Forensics Incident Training
EXAM WITH COMPLETE SOLUTIONS
Hot site - ANSWER- A backup that is running continuously and ready for imediate
switchover
warm site - ANSWER- Servers & other resources for backup but not as ready for
switchover
cold site - ANSWER- Cheapest backup option does not always have the
necessary equipment to enable the resumption of normal operation
Connscan - ANSWER- Scans for identifiable TCP connections in older versions of
Windows
Sockets - ANSWER- Scans for all our sockets
NetScan - ANSWER- Can be used in more recent versions of Windows
Conscan should be used as a complimentary plugin with - ANSWER- Sockets
Static Binaries - ANSWER- use a minimal footprint on the system as they are not
dependent on libraries pre-install on the Linux OS. & Doesn't require other files to
run
Where can Linux logs be found? - ANSWER- /var/log
Where can you view Windows logs? - ANSWER- Event Viewer
What is that thing where Splunk finds related events? - ANSWER- Correlation
How are vulvectomies tracked? - ANSWER- By a CVE number
What should you focus on when threat hunting? - ANSWER- Anomalies
What is the purpose of intelligence? - ANSWER- To provide an advantage over
your adversary
Zeek is a tool for... - ANSWER- Analyzing network traffic
UBA, User behavior analytics knows what "normal " is for each user? - ANSWER-
True
Where does fileless malware get stored? - ANSWER- It doesn't
Which does NOT contain memory artifacts that can be analyzed? - ANSWER-
RAM disk
What contains memory artifacts that can be analyzed? - ANSWER- - Crash dump
file
- Page file
, - Hibernation file
When inspecting processes we look at all of the following: - ANSWER- - parent
process
- network connections
- DLLs used
What do we not look for when inspecting processes? - ANSWER- Process size
You can recover a computer's RAM only when it is turned .. - ANSWER- Off
Because Linux presents everything as a file, it makes it easier to: - ANSWER-
Analyze
What is in the swap file? - ANSWER- Stuff that wouldn't fit in RAM
When investigating a process in Linux we can get all of these Except for.. -
ANSWER- Where the process was downloaded from
What can we not get when the computer is turned off? - ANSWER- RAM
What tool is used to make a copy of a hard drive? - ANSWER- FTK Imager
What tool is used to analyze a hard drive after we copy it? - ANSWER- Autopsy
What is the first step in analyzing a drive? - ANSWER- Find the partitions
What file keeps a list of everything on a drive? - ANSWER- MFT - Master File
Table
What will prefetch help find the evidence of? - ANSWER- A process that had been
run
Where can a file be hidden in Windows? - ANSWER- In the Alternate Data Stream
What does a magic number do? - ANSWER- Identify the file type
What is the correct process used by APT groups? - ANSWER- OSINT>External
Takeover>Privilege Escalation >Lateral Movement and Internal Takeover>Hiding
Mechanism and Information Theft
To investigate a network attack in accordance with the network forensics
investigation flow process, what should be the first step? - ANSWER- Check for
malware signatures
To test company software and analyze its behavior in real-time, which of the
following should be used? - ANSWER- Dynamic analysis
Which of the following tools can check network connections? To investigate if
any network connections were established. - ANSWER- Netstat
A pop-up appears saying your computer files were infected, and offering to fix the
problem for free.. what of the following attacks did you encounter? - ANSWER-
Scareware
What is the difference between threat hunting and threat intelligence? - ANSWER-
Threat intelligence is a process within Threat Hunting and involves learning from
other sources
Why is it important to use logs? - ANSWER- They store records of potentially
important events.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper tuition. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €10,31. Je zit daarna nergens aan vast.
