Computers
Name all the major components of a client.
Motherboard, CPU, PSU, GPU, RAM, ROM, Storage
What are the two types of Hypervisors?
Bare Metal and Hosted
What is the difference between Whaling and Spear Phishing?
Whaling - high value targets for higher pay off
Spear Phishing - Specific target using messages that appeal to them
List the four members of the Incident Response Team.
Team Leader, Technical Specialist, Documentation Specialist, Legal Advisor
What does AAA stand for?
Authentication, Authorization, Accounting
List the order of the Boot Process. What two things happen in the first part of the process?
1. BIOS 2. Boot Loader. 3. Kernel
Run POST, find bootable device
Name 2 different types of servers.
Mail, Proxy, Web, DNS, DHCP, etc.
What is a rootkit?
Hidden software that gives hacker privileged/root access to computer systems
Name 2 elements that should be in the Incident Response Plan.
Defined Incident Categories
Roles and Responsibilities
Reporting Requirements/Escalation
Computer/Cyber Incident Response Team
Exercise Planning and Scheduling
List 2 ways to practice good cyber hygiene.
Firewalls, update antivirus software, run scans, password complexity, update software, back up data.
Name the components of the Windows Operating System.
Command Prompt, PowerShell, File Explorer, Search, Action Center, Start Menu
What are the three types of Cloud Service Models?
Iaas, Paas, Saas
What are the two types of Network Access Control software?
Agent-based and Agentless
What is the difference between Events and Incidents?
Events are observable occurrences. Incidents are occurrences that could potentially jeopardize the VIA triad.
What is the STIG publication used for within DoD?
Standardizing Security Protocols
What are the two types of CPU modes?
User and Kernel
Name all the Active Directory Logical structure and identify which one encompasses everything.
Forest***, Tree, Domain, Organizational Unit, Objects
Name the three types of firewalls. Which one can read packet contents?
Packet filtering, Stateful, Application-Layer/Next Gen
Next Gen
List the 5 steps in the Incident Analysis step.
1. Gather Information
2. Validate The Incident
3. Determine The Operational Impact
4. Coordinate
5. Determine Reporting Requirements
What are the two types of Intrusion controls? Where can the be based?
IDS and IPS
Host-Based or Network-Based
What are the components of the Windows Operating System?
Interface, Drivers, Registry, Security, and File Management
Pick a part the sections that create www.facebook.com/profile and label them.
www - subdomain
facebook - domain name
.com - top-level domain
/profile - filepath
How can removable storage threats be prevented?
Install a Host Based Security System or physically disable ports
List the 6 steps in the Incident Handling Process.
1. detection and Reporting 2. Preliminary Analysis and ID 3. Preliminary Response Actions 4. Incident Analysis 5. Response and Recovery 6. Post-Incident Analysis
What do you place in the DMZ?