1
Q
Incident response plans and processes
A
2
Q
Communication with internal and external stakeholders
A
3
Q
Personnel role and responsibilities
A
4
Q
Incident reporting
A
5
Q
Allow list/block list
A
6
Q
IDS/IPS rules configuration
A
7
Q
Network segmentation
A
8
Q
Web content filtering
A
9
Q
Port blocking
A
10
Q
Firewall
A
11
Q
IDS/IPS
A
12
Q
Web proxy
A
13
Q
Anti-malware
A
14
Q
Endpoint security solutions
A
15
Q
DLP
A
16
Q
Windows tools to analyze incidents
A
17
Q
Registry
A
18
Q
Network
A
19
Q
File system
A
20
Q
Malware
A
21
Q
Processes
A
22
Q
Services
A
23
Q
Volatile memory
A
24
Q
Active Directory tools
A
25
Linux- based tools to analyze incidents
26
Network
27
File system
28
Malware
29
Processes
30
Volatile memory
31
Session management
32
Digital evidence collection
33
Physical evidence collection
34
Chain of custody
35
Static analysis
36
Dynamic analysis
37
FTK
38
EnCase
39
eDiscovery
40
Forensic Explorer
41
Kali Linux Forensic Mode
42
CAINE
43
SANS SIFT
44
Volatility
45
Binalyze AIR
46
Forensically sound duplicates
47
Document and communicate results
48
Logs
49
Data analysis
50
Intrusion prevention or detection systems (IDS/IPS)
51
Forensic Analysis
52
Correlation Analysis
53
Event correlation tools and techniques
54
Root cause analysis
55
Alerting systems
56
Incident reports
57
Document and communicate results
58
Chain of command
59
Policies
60
Procedures
61
Incident response plan
62
Security configuration controls
63
Baseline configurations
64
Hardening documentation
65
Document measures implemented
66
Threat actors
67
Patterns of activity
68
Methods
69
Tactics
70
Early stages of campaign
71
Key facts of the infrastructure
72
Artifacts and tools used
73
Techniques
74
Technological
75
Non-technological
76
Procedures
77
Communication policies and procedures
78
Internal communication methods
79
Secure channels
80
Out-of-band communications
81
Local law enforcement
82
Stockholders
83
Breach victims
84
Media
85
Other CERTS/CSIRTS
86
Vendors
CFR-410
flashcards
Decks in class (5)
# Cards
