#1
A device or node that connects to the LAN or WAN and accepts communications back and forth across the network.
Endpoint
A method for analyzing computer network performance that is marked by comparing current performance to a historical metric, or definition.
A suite of more than 70 freeware utilities that was initially developed by Mark Russinovich and Bryce Cogswell that are used to monitor, manage and troubleshoot the Windows Operating System, and which Microsoft now owns and hosts on its TechNet site.
Sysinternals
A Microsoft Windows utility that lets you view each of the tasks (processes) and the overall performance of the computer.
Task Manager
A Windows network monitoring utility that shows a graphical representation of all current network activity on the endpoints of a network.
TCPView
A tool used to monitor and log events on Windows, is commonly used by enterprises as part of their monitoring and logging solutions.
Sysmon
An operating system instrumentation, monitoring, and analytics framework that provides a table-like interface to clients' endpoints.
OSquery
Supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events.
Security Event and Incident Managment (SEIM)
A type of malicious software designed to block access to a computer system until a sum of money is paid.
Ransomware
Software, code, or commands that take advantage of the weak parts of a system and uses those for malicious purposes.
Exploit
An awareness of everything within and moving through the systems, devices, and telecommunication assets of an organization with the help of software utilities.
Network Visibility
Which of the following is used to record security-related information on a computer system?
Audit logs
Small blocks of data created by a web server while a user is browsing a website to help the website keep track of the current and historical states of the user's experience on that site.
Cookie
A software program that provides similar functionality of Windows Task Manager along with a rich set of features for collecting information about processes running on the user's system.
Process Explorer
A free and open source platform used for threat prevention, detection, and response capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.
Wazuh
The process of identifying significant relationships from multiple log sources such as application logs, endpoint logs, and network logs.
Event Correlation
A malicious technique where a user is tricked into selecting one object on a web page when they want to select another.
Clickjacking
The place in a software program or system where the execution of a new program or set of code.
Point of Entry (PoE)
The process used to identify potential hazards and analyze what could happen if a disaster or hazard occurs.
Risk Assessment
Assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities.
Identify
Outlines appropriate safeguards to ensure delivery of critical infrastructure services.
Protect
Defines the appropriate activities to identify the occurrence of a cybersecurity event.
Detect
Includes appropriate activities to take action regarding a detected cybersecurity incident.
Respond
Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Recover
The process of creating an inventory of information assets (hardware, software, and information) to evaluate the level of cybersecurity risk.