WGU - C702 Forensics and Network Intrusion

WGU - C702 Forensics and Network Intrusion Aspects of Organizational Security Correct Answer: IT Security; Physical Security; Financial Security; Legal Security; IT Security Correct Answer: Consists of: Application security; Computing security: Data security: Information security; Network security; Application Security [IT Security] Correct Answer: Applications should be secured to overcome security weaknesses, vulnerabilities, and threats. Any loopholes in Web-based and other custom applications serve as opportunities for attackers. Computing Security [IT Security] Correct Answer: Computers should be secured from threats like viruses, Trojans, and intruders. organizations must have an effective security policy which involves security management, systems engineering, protection against insider threats, and general workplace policies, standards, guidelines, and procedures. Data Security [IT Security] Correct Answer: important information about the organization. It is important to secure data to avoid any manipulation of data, data loss, or threats to data secrecy. Any change in the identity of data or any loss of data causes a huge amount of damage, financial loss, and loss of goodwill for the organization. Information Security [IT Security] Correct Answer: Securing information protects information and information systems from illegal access, use, modification, or destruction. It ensures confidentiality, integrity, and availability of data. Network Security [IT Security] Correct Answer: Networks are used to send important and private data from one system to another. Networks should be secured for safe transfer of data. Damage to the network makes the data transfer vulnerable and may crash the system. Physical Security Correct Answer: Consists of: Facilities security: Human security: Border security; Biometric security; Facilities Security [Physical Security] Correct Answer: Facilities and an organization's equipment should be properly and highly secured. Damage to facilities can cause physical harm such as a system crash or power failure. Human Security [Physical Security] Correct Answer: The employees of an organization should be given security awareness training and be involved in the entire business security process in order to gain their trust and acceptance of the security policy. Ignoring human security concerns can cause employees to leave, leading to loss of business. Financial Security Correct Answer: Consists of: Security from frauds; Phishing attacks; Botnets; Threats from cyber criminals; Credit card fraud; Security from fraud [Financial Security] Correct Answer: To function properly and negate losses, an organization must be financially secure from both internal and external threats. Security breaches may be caused by data manipulations, system vulnerabilities and threats, or data theft. Legal Security Correct Answer: Consists of: National security; Public security; Defamation; Copyright information; Sexual harassment; National security [Legal Security] Correct Answer: National security is threatened if there are any governmental problems, improper management, economic slowdown, or other nationwide issues. Public Security [Legal Security] Correct Answer: Public security is threatened if there are any internal riots, strikes, or clashes among the people of the country. Forensic Readiness Correct Answer: involves an organization having specific incident response procedures in place, with designated trained personnel assigned to handle any investigation. It enables an organization to collect and preserve digital evidence in a quick and efficient manner with minimal investigation costs First Responder: Correct Answer: Is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene. The first responder must investigate the crime scene in a lawful matter so that any obtained evidence will be acceptable in a court of law Computer Forensics or Forensic Computing: Correct Answer: Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Computer Forensics [goals] Correct Answer: The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it Forensic Investigator: Correct Answer: an Investigator who helps organizations and law enforcement agencies in investigating and prosecuting cyber crimes. He is responsible for the acquisition, identification, preservation, documentation and the creation of an image back-up [bit by bit] of the evidence without affecting or changing same Forensic Science: Correct Answer: It's the application of physical sciences to law in search for truth in civil, criminal, and social behavioral matters for the purpose of ensuring injustice shall not be done to any member of society Network Forensics: Correct Answer: Network Forensics is the capturing, recording, and analysis of network events in order to discover the source, path and Intrusion techniques of security attacks Chain of Custody: Correct Answer: A method for documenting the history and possession of a sample from the time of collection, though analysis and data reporting, to its final disposition Bit Stream copy: Correct Answer: A bit by bit copy of the original storage medium and or evidence Ext3: Correct Answer: Ext3 or third extended file system, is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions Logical block addressing [LBA]: Correct Answer: used for specifying the location of blocks of data stored on computer storage devices such as hard disks. LBA is a particularly simple linear addressing scheme, blocks are located by an integer index, with the first block being LBA 0, the second LBA 1, and so on in a sequential matter Cluster: Correct Answer: Is the smallest logical unit on a hard drive Lost Cluster: Correct Answer: The operating system assigns a unique number to each cluster and then keeps track of files according to which clusters they use. Occasionally, the operating system marks a cluster as being used even though it is not assigned to any file. This is called a lost cluster Bad Cluster: Correct Answer: Is a sector on a computer's disk drive or flash memory that is either inacessible or unwriteable due to permanent damage, such as physical damage to the disk surface or failed flash memory transistors Event Logs: Correct Answer: Windows event log is a record of a computer's alerts and notifications. Microsoft defines an event as "any significant occurrence in the OS or in a program that requires users to be notified or an entry added to a log." Tracking user logon activity via Audit Event ID's: Correct Answer: 512 Start-up 513 Shutdown 528 Logon 531 Disabled Account 538 Logoff Audit Policy Event ID's: Correct Answer: Event ID 4904: An attempt was made to register a security event source.