By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
1 . ping is a command-line tool that tests network connectivity. It is a good troubleshooting tool for determining whether a route is available to a host. 2 . nmap is a network scanning tool that is often used in security auditing. 3 . netstat shows network statistics, including the protocol, local address, foreign address, and connection state. 4 . netcat is a network utility for gathering information from transport layer network connections. 5 . dig and nslookup are troubleshooting tools that query DNS servers. 6 . head, tail and cat are common command line tools for file display and manipulation. 7 . Python is a general-purpose programming language. 8 . tcpdump is a packet analyzer tool to capture TCP/IP packets. 9 . PowerShell is a command-line shell and scripting interface for Microsoft Windows environments.10. dd, Memdump, WinHex, FTK Imager and Autopsy are forensics tools.11. Protocol analyzers can be placed inline or in between the devices from which you want to capture traffic.12. Some of the most common firewall configuration errors include permissions for traffic to run from any source to any destination, unnecessary services running, weak authentication, and log file negligence.13. A misconfigured web content filter can either prevent legitimate content or allow prohibited content.14. Written authorization should be required before conducting vulnerability or penetration tests.15. Incident response plans should include details related to incident categorization, preparation, roles, responsibilities, reporting requirements, escalation procedures, and details on cyber incident response teams and training exercises.16. The incident response process includes preparation, identification, containment, eradication, recovery, and post-incident events such as lessons learned.17. Order of volatility describes the order in which evidence should be collected, from the most volatile systems to the least volatile.18. Data in RAM and swap or paging files is considered the most volatile.19. Chain of custody ensures that evidence is properly handled.20. Data acquisition during and after an incident includes capturing system images, traffic logs, video, time offset, hashes, screenshots, and witness interviews.21. When computers are examined, their date and time settings are recorded and compared with the current time. This can be used to calculate the difference between the two. This difference is then used as an offset and applied to all the time evidence on the computer.22. MITRE ATT&CK is a framework similar to a kill chain and provides a reference for incident response.23. The Diamond Model of Intrusion Analysis places the basic components of malicious activity at one of four points: adversary, infrastructure, capability, and victim.24. Incident responses exercises can be discussion oriented or simulated.25. BCP and COOP ensure the restoration of organizational functions in the shortest possible time, even if services resume at a reduced level of effectiveness or availability
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.