Module-4 important cyber security tools
Database
organized collection of information or data
Antivirus software
program used to prevent, detect, and eliminate malware and viruses.
Python
programing language propose: perform a task that is repetitive and time-consuming and requires a high level of detail and accuracy.
secure ciphertext
result of encryption
Programing
-used to create a specific set of instructions for a computer to execute tasks -purpose: complete repetitive tasks and processes with high accuracy and efficiency. -reduction of human error
A business might log each time an employee signs into their computer. A log is a record of events that occur within an organization's systems.
1. Which of the following statements correctly describes logs? Select two answers. -Security professionals use logs to visualize data. -A business might log each time an employee signs into their computer. -A log is used as a formal guide to incident response. -A log is a record of events that occur within an organization's systems.
protocol analyzer (packet sniffer)
1. What tool is designed to capture and analyze data traffic within a network? playbook network protocol analyzer (packet sniffer) Structured Query Language (SQL) security information and event management (SIEM)
Structured Query Language (SQL)
1.What do security professionals use to interact with and request information from a database? Structured Query Language (SQL) Python Linux Confidentiality, integrity, availability (CIA) triad
collection
8.Fill in the blank: A database is a _____ of organized data stored in a computer system. frame collection model visualization
It simplifies repetitive tasks. It enables security professionals to be more accurate. It helps security professionals work with high levels of detail.
9. What are some key benefits of using Python to perform security tasks? Select all that apply. -It automatically eliminates sensitive information. -It simplifies repetitive tasks. -It enables security professionals to be more accurate. -It helps security professionals work with high levels of detail.
What are Splunk and Chronicle
Two commonly used SIEM tools
SIEM tools
________ collect real-time, or instant, information and allow security analysts to identify potential breaches as they happen.
Log
a record of events that occur within an organization's system Purpose: help identify vulnerabilities and potential security breaches.
Data pont
a specific piece of information -databases contain millions of data points.
Operating System
interface between computer hardware and the user Ex. Linux, MacOS, Windows
A playbook, operational action , incident response,
is a manual that provides details about any _______________ __________, including ___________ ____________, security or compliance reviews, access management, and many other organizational tasks that require a documented process from beginning to end.
Encryption
makes data unreadable and difficult to decode for unauthorized users Purpose: ensure confidentiality of private data -converts data from readable to cryptographically encoded format.
Dashboard
A tool used to visually communicate information or data
-Monitoring critical activities -Saving time by reducing the amount of data to be reviewed -Analyzing filtered events and patterns
2. Which of the following tasks can be performed using SIEM tools? Select three answers. Monitoring critical activities Saving time by reducing the amount of data to be reviewed Implementing security software programs Analyzing filtered events and patterns
Create a specific set of instructions for a computer to execute tasks Complete repetitive tasks and processes
2.What is programming typically used for? Select two answers. Record events that occur within an organization's systems Enable open-source operations Create a specific set of instructions for a computer to execute tasks Complete repetitive tasks and processes
SIEM
2.What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen? Python Linux network protocol analyzers (packet sniffers) SIEM
Proactively searching for threats. providing alerts for specific types of risk Performing incident analysis
2.Which of the following tasks can be performed using SIEM tools? Select three answers. Proactively searching for threats Notifying authorities of illegal activity Providing alerts for specific types of risks Performing incident analysis
operating system
3. Linux is an open-source _____ that can be used to examine logs. programming language database operating system algorithm
-Security information and event management (SIEM)
3. A cybersecurity analyst is tasked with proactively searching for threats and performing incident analysis. What type of tool should they use? -Linux operating system -Structured Query Language (SQL) -Chain of custody playbook -Security information and event management (SIEM)
Security information and event management (SIEM)
3.A cybersecurity analyst needs to collect data from multiple places to analyze filtered events and patterns. What type of tool should they use? -network protocol analyzer (packet sniffer) -Linux operating system -Security information and event management (SIEM) -playbook
To identify vulnerabilities and potential security breaches??
3.What can cybersecurity professionals use logs for? To select which security team members will respond to an incident To identify vulnerabilities and potential security breaches To analyze data traffic within a network To research and optimize processing capabilities within a network
False
4 A playbook is a manual that only provides details about how to respond to an incident. True False
playbook
4. A security team uses a _____ to help them document organizational processes from beginning to end. toolkit playbook legend graph
Playbook
4. Fill in the blank: A _____ is a manual that provides details about operational actions. directory checklist case history playbook
playbook
4.Fill in the blank: A security team uses a _____ to help them document organizational processes from beginning to end. legend toolkit graph playbook
Using a network protocol analyzer (packet sniffer)
5. As a security analyst, you are monitoring network traffic to ensure that SPII data is not being accessed by unauthorized users. What does this scenario describe? -Using a network protocol analyzer (packet sniffer) -Programming with code -Calculating with formulas -Gathering data in a spreadsheet
An intrusion detection system (IDS) A network protocol analyzer (packet sniffer)
5. as a security analyst, you are monitoring network traffic and detecting a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers. -A cryptographic encoder -An antivirus software -An intrusion detection system (IDS) -A network protocol analyzer (packet sniffer)
-They can be used to create a specific set of instructions for a computer to execute tasks. -They filter through data points faster than humans can working manually. -They execute repetitive processes accurately.
6. What are some key benefits term-of programming languages? Select all that apply. -They can be used to create a specific set of instructions for a computer to execute tasks. -They filter through data points faster than humans can working manually. -They install security hardware. -They execute repetitive processes accurately.
They can be used to create a specific set of instructions for a computer to execute tasks. They reduce the risk of human error. They complete tasks faster than if working manually. Correct
6.What are some key benefits of programming languages? Select all that apply. -They can be used to create a specific set of instructions for a computer to execute tasks. -They are used to design security policies. They reduce the risk of human error. -They complete tasks faster than if working manually.
command line
7. Fill in the blank: Linux relies on a(n) _____ as the primary user interface. dashboard ciphertext error log command line
-It allows for text-based commands by users. -It is open source.
7.A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task? Select two answers. -It is an efficient programming language. -It allows for text-based commands by users. -It is proprietary. -It is open source.
SQL
8. Fill in the blank: Security professionals can use _____ to interact with and request information from a database. network protocol analyzers (packet sniffers) SQL playbooks logs
-It simplifies repetitive tasks. -It is designed for high levels of accuracy. -It helps security professionals be more accurate.
9. What are some key benefits of using Python to perform security tasks? Select all that apply. -It makes static data more dynamic. -It simplifies repetitive tasks. -It is designed for high levels of accuracy. -It helps security professionals be more accurate.
Splunk
A data analysis platform that provides SIEM solutions. - a self-hosted tool used to retain, analyze, and search an organization's log data.
Playbooks
A manual that provides details about any operational action. purpose: To guide analysts through a series of steps to complete specific security-related tasks. Ex. How to respond to an incident
Network protocol analyzers (packet sniffer)
A tool designed to capture and analyze data traffic within a network. -Common network analyzers: Tcpdump & wireshark
Linux
An open-source operating system -relies on the command line as the primary user interface -Not programming language -allows for text-based commands within in the operating system. Ex. using commands to review an error log when investigating uncommonly high network traffic.
Cryptographic encoding
Converting plaintext into secure ciphertext.
Conversion algorithem
Difference between encoding and Encryption is that Encoding uses a public________ _________ to enable systems that use different data representations to share information.
Intrusion detection system
IDS and application that monitors system activity and alerts on possible intrusions. -scans and analyzes network packets -detect theft and unauthorized access.
Comand line
Interface is a text-based user interface that uses commands to interact with the computer.
chain of custody playbook.
Process of documenting evidence possession and control during an incident lifecycle. -document who, what, where, and why you have the collected evidence. -Evidence must be kept safe and tracked -Every time evidence is moved, it should be reported.
SQL
Programing language Structured query Language -purpose: create, interact with, and request information from a database. Ex. filter through the data points to retrieve specific information.
Chronicle
SIEM tool belonging to Google -a cloud-native SIEM (allows for fast delivery of new features) - stores security data for search and analysis. l
SIEM Tools
Security Information and Event Management tool -An application Purpose: collects and analyzes log data to monitor critical activities in an organization.
protecting and preserving evidence playbook.
The process of properly working with fragile and volatile digital evidence. -understand what is fragile and volatile digital evidence and why there is a procedure. -consult the order of volatility,
open source
code that is available to the public and allows people to make contributions to improve software.
Command
instruction telling the computer to do something
Penetration testing
the act of participating in a simulated attack that helps identify vulnerabilities in systems, networks,websites,application and processes. - a risk assessment that evaluates and identify external and internal threats as well as weaknesses.
Automation
the use of technology to reduce human and manual effort in performing common and repetitive tasks. -helps reduce risk of human error -Python can be used for automation.
Plaintext
unencrypted information
Web vulnerability
unique flaw in a web app that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.
order of volatility,
which is a sequence outlining the order of data that must be preserved from first to last. -prioritizes volatile data, which is data that may be lost if the device in question powers off, regardless of the reason.
