Fire Walls
What is the difference between a IDS and IPS?
IDS detects and IPS prevents
What is a major weakness for mobile devices?
They are always connected
what is the relevance of location in regards to an ioc?
"two people can't be in two places at the same time"
Define scripting?
Automation of tasks or a way of delivering instructions to a computer
What is Metadata?
Data that describes other data sources
Does an Operating System have a default security system?
No, OS are not installed with a default security system
In reference to the video name 3 of the indicator of compromise (ioc) symptoms?
unusual amount of network activity, change in file hash values, irregular international traffic, changes to DNS data, uncommon login patterns, and spikes of read requests
What would be two disadvantages to scripting?
complexity
cost
single point of failure
ongoing support
"technical debt" - may push problems further down the road
Name 2 details can be found in logs?
Blocked/allow traffic, Exploit attempts, Blocked URL categories, and DNS sinkhole traffic.
What is the difference between a service patch and pack?
A pack is multiple patches
Why would an attacker want to purposely lock out an account?
To attempt to use the helpdesk to reset the password
What is secure scaling? why is it different from normal scaling?
The inclusion of firewalls and other security devices along with components of normal scaling
Name 2 things that can be found in a firewall log?
Source/Destination IP, port numbers, and disposition
What is SCADA?
Supervisory control and data acquisition system
In reference to the video name a type of log to check, and what are you looking for?
Authentication logs - logons and logoffs
Firewall logs - show the outgoing transfer (IP's or timeframes)
What are two benefits to automation, what can it help with?
Enforce baselines, automatically install when identified
Standard infrastructure configurations, use a script to build a default configuration or add firewall rules
Employee retention, ease workload and automate mundane tasks
Reaction time and time of use, a script does not need time to start and can run 24/7
Name 4 things that can be found in Endpoint logs?
Logon events, policy changes, system events, processes, account management, and directory services
What are 3 ways you can protect cloud infrastructure?
Secure management workstation, use least privilege for management access, make backups, configure endpoint detection and response
What is an "out-of-cycle" log?
Occurring at an unexpected time
In regards to the video, why would scripting be relevant to an organizations email?
Email submissions can be scripted into a ticket