1 \/
WGU C842 Cyber Defense and Counter Measures Tool1.incident handling response steps: 1. Preparation
2.Incident Recording
3.Incident Triage
4.Notification
5.Containment
6.Evidence Gathering and Forensic Analysis
7.Eradication
8.Recovery
9.Post-Incident ActivitiesIncident DocumentationIncident Impact
Assessment- Review and
Revise Policies- Close the
Investigation- Incident
Disclosure
2.Risk Assessment Management tools: PILAR – It helps incident handlers
to assess risks against critical assets of the organization in several
dimensions such as confidentiality, integrity, availability, authenticity,
and accountability<\/p>\n\n\n\n
2 \/
A1 Tracker
Risk Management Studio
3.Tools for Incident Analysis and Validation: buck-security – allows
incident handlers to identify the security status of a system. It gives
an overview of the security status of the system within a couple of
minutes
kiwi syslog server – It allows you to centrally manage syslog messages,
generates real-time alerts based on syslog messages, and perform
advanced message filtering and message buffering
splunk light – It is a tool for collecting, monitoring, and analyzing log filefrom servers, applications, or other sources
\u00aa Loggly (https:\/\/www.loggly.com) \u00aa InsightOps
(https:\/\/www.rapid7.com) \u00aa Logz.io (https:\/\/www.logz.io) \u00aa
Logmatic.io (https:\/\/www.logmatic.io) \u00aa Graylog
(https:\/\/www.graylog.org
4.Tools for Detecting Missing Security Patches: Microsoft Baseline
Security Analyzer – MBSA lets incident handlers scan local and remote
systems for missing security updates as well as common security
misconfigurations<\/p>\n\n\n\n
3 \/
\u00aa GFI LanGuard (https:\/\/www.gfi.com)
\u00aa Symantec Client Management Suite
(https:\/\/www.symantec.com) \u00aa MaaS360 Patch Analyzer
(https:\/\/www.ibm.com)
\u00aa Solarwinds Patch Manager (https:\/\/www.solarwinds.com)
\u00aa Kaseya Security Patch Management
(https:\/\/www.kaseya.com) \u00aa Software Vulnerability
Manager (https:\/\/www.flexera.com)
\u00aa Ivanti Endpoint Security (https:\/\/www.ivanti.com)
\u00aa Patch Connect Plus (https:\/\/www.manageengine.com) \u00aa Automox
(https:\/\/www.au- tomox.com)
\u00aa Prism Suite (https:\/\/www.newboundary.co
5.report writing tools: MagicTree – stores data in a tree structure
This is a natural way of representing the information that is gathered
during a network test: a host has ports, which have services,
applications, vulnerabilities, etc.
KeepNote – is used to store class notes, TODO lists, research notes,
journal entries, paper outlines, etc. in a simple notebook hierarchy with
rich-text formatting, images, and more
6.data imaging tools: FTK imager – It is a data preview and imaging tool
that enables analysis of files and folders on local hard drives,
CDs\/DVDs, and network drives
R-Drive image – buck-security allows incident handlers to identifying<\/p>\n\n\n\n
4 \/
the security status of a system. It gives an overview of the security
status of the system within a couple of minutes
\u00aa EnCase Forensic (https:\/\/www.guidancesoftware.com) \u00aa Data
Acquisition Tool- box (https:\/\/in.mathworks.com) \u00aa RAID Recovery for
Windows (https:\/\/www.run- time.org) \u00aa R-Tools R-Studio
(https:\/\/www.r-studio.com) \u00aa F-Response Imager (https:\/\/www.fresponse.com
7.tools for calculating hash value:
HashCalc MD5 Calculator
HashMyFiles
8.Collecting Volatile Information: System Information: Tools and
commands to collect the information: Systeminfo.exe (Windows)
PsInfo
(Windows) Cat
(Linux) Uname
(Linux)<\/p>\n\n\n\n
1 \/ 10
WGU C842 OBJECTIVE ASSESSMENT 2023
1.A security committee at an organization develops a security plan.
Numer- ous security control types are in place. The organization utilizes a
training program to provide best practices training to all employees. The
committee uses which category to define the program ANS Operational
2.Too often, employees use the datacenter for overflow storage of office
sup- plies. Management uses warning signs to prevent employees from
entering a datacenter. Management has implemented which control type to
tighten security ANS Physical
3.It is important to assess sources when adding information to a data
set. Considering threat intelligence, this data is likely to derive from
external sources. Which factor is key in disseminating updates ANS
Relevancy
4.Numerous energy companies experience cyber attacks in a short period
of time. Analysts that investigate the attacks categorize the threats as
coming from which actor type ANS Nation-state<\/p>\n\n\n\n
2 \/ 10
5.A company abruptly terminates an employee. The employee harbors a
known grievance as a result of the company’s actions. Considering
threat types, which two classify the ex-employee? Select all that apply
ANS Insider Outsider
6.Engineers analyze previous hacks and intrusions to produce definitions
of the tactics, techniques, and procedures (TTP) used to perform attacks.
When evaluating data, the engineers classify which attack based on the
behavior of increased network traffic ANS Data exfiltration
7.Threat intelligence reveals a new type of malware is infecting Windows
desktops in many companies. Security specialists at a company initiate
threat hunting activities to investigate a potential infection. Which areas
do the engineers investigate in implementing the hunt? Select all that
apply ANS – Network traffic
Process Lists
8.A systems engineer at an organization tightens security by enabling
sandboxing on a crucial system. This measure is in place to help prevent
ransomware. Which valid features does the engineer enable on the
system? Select all that apply ANS Monitor network sockets
Periodic snapshots<\/p>\n\n\n\n
3 \/ 10
9.In contrast to traditional packet sniffing, Zeek, a packet capture tool,
offers which benefits? Select all that apply ANS Log only data of potential
interests Reduce storage requirements<\/p>\n\n\n\n
1 \/ 25
WGU C842 \u2013 Cyber Defense and Counter Measures TEST<\/p>\n\n\n\n
2 \/ 25
on organizational assets.
Identify the security strategy John has implemented.
A covert channel
B defense-in-depth
C likelihood analysis
D three-way handshake ANS : B<\/p>\n\n\n\n
3 \/ 25
A CAT 4
B CAT 2
C CAT 1
D CAT 3 ANS : A<\/p>\n\n\n\n
4 \/ 25
A IH&R mission
B IH&R staffing
C IH&R team models
D IH&R vision ANS :
A<\/p>\n\n\n\n
1 \/
WGU C842 Cyber Defense and Counter Measures Tool1.incident handling response steps: 1. Preparation
2.Incident Recording
3.Incident Triage
4.Notification
5.Containment
6.Evidence Gathering and Forensic Analysis
7.Eradication
8.Recovery
9.Post-Incident ActivitiesIncident DocumentationIncident Impact
Assessment- Review and
Revise Policies- Close the
Investigation- Incident
Disclosure
2.Risk Assessment Management tools: PILAR – It helps incident handlers
to assess risks against critical assets of the organization in several
dimensions such as confidentiality, integrity, availability, authenticity,
and accountability<\/p>\n\n\n\n
2 \/
A1 Tracker
Risk Management Studio
3.Tools for Incident Analysis and Validation: buck-security – allows
incident handlers to identify the security status of a system. It gives
an overview of the security status of the system within a couple of
minutes
kiwi syslog server – It allows you to centrally manage syslog messages,
generates real-time alerts based on syslog messages, and perform
advanced message filtering and message buffering
splunk light – It is a tool for collecting, monitoring, and analyzing log filefrom servers, applications, or other sources
\u00aa Loggly (https:\/\/www.loggly.com) \u00aa InsightOps
(https:\/\/www.rapid7.com) \u00aa Logz.io (https:\/\/www.logz.io) \u00aa
Logmatic.io (https:\/\/www.logmatic.io) \u00aa Graylog
(https:\/\/www.graylog.org
4.Tools for Detecting Missing Security Patches: Microsoft Baseline
Security Analyzer – MBSA lets incident handlers scan local and remote
systems for missing security updates as well as common security
misconfigurations<\/p>\n\n\n\n
3 \/
\u00aa GFI LanGuard (https:\/\/www.gfi.com)
\u00aa Symantec Client Management Suite
(https:\/\/www.symantec.com) \u00aa MaaS360 Patch Analyzer
(https:\/\/www.ibm.com)
\u00aa Solarwinds Patch Manager (https:\/\/www.solarwinds.com)
\u00aa Kaseya Security Patch Management
(https:\/\/www.kaseya.com) \u00aa Software Vulnerability
Manager (https:\/\/www.flexera.com)
\u00aa Ivanti Endpoint Security (https:\/\/www.ivanti.com)
\u00aa Patch Connect Plus (https:\/\/www.manageengine.com) \u00aa Automox
(https:\/\/www.au- tomox.com)
\u00aa Prism Suite (https:\/\/www.newboundary.co
5.report writing tools: MagicTree – stores data in a tree structure
This is a natural way of representing the information that is gathered
during a network test: a host has ports, which have services,
applications, vulnerabilities, etc.
KeepNote – is used to store class notes, TODO lists, research notes,
journal entries, paper outlines, etc. in a simple notebook hierarchy with
rich-text formatting, images, and more
6.data imaging tools: FTK imager – It is a data preview and imaging tool
that enables analysis of files and folders on local hard drives,
CDs\/DVDs, and network drives
R-Drive image – buck-security allows incident handlers to identifying<\/p>\n\n\n\n
4 \/
the security status of a system. It gives an overview of the security
status of the system within a couple of minutes
\u00aa EnCase Forensic (https:\/\/www.guidancesoftware.com) \u00aa Data
Acquisition Tool- box (https:\/\/in.mathworks.com) \u00aa RAID Recovery for
Windows (https:\/\/www.run- time.org) \u00aa R-Tools R-Studio
(https:\/\/www.r-studio.com) \u00aa F-Response Imager (https:\/\/www.fresponse.com
7.tools for calculating hash value:
HashCalc MD5 Calculator
HashMyFiles
8.Collecting Volatile Information: System Information: Tools and
commands to collect the information: Systeminfo.exe (Windows)
PsInfo
(Windows) Cat
(Linux) Uname
(Linux)<\/p>\n\n\n\n
1 \/ 15
C842 Cyber Defense and Counter measures EC Council CertifiedIncident Handler CIH Tools and Commands
1.PILAR: Risk analysis and Management tool
2.Pilar: Assess risk against critical assets. Qualitative and quantitative.
Generate risk assessment reports
3.Group Policy Management console: Security policy Tools
4.Manageengine \u2026 plus: Ticketing system Tools
5.Alien vault: Ticketing system Tools
6.Busk-security: Incident analysis and validation Tools
7.Busk-security: Collection of security checks for Linux. Identify securitystatus.
8.kiwi syslog: Incident analysis and validation Tools
9.Splunk light: Incident analysis and validation Tools
10.kiwi syslog: message Management tool across servers and network<\/p>\n\n\n\n
2 \/ 15
devices. Syslog messages, SNMP traps, event log, real time
11.Splunk light: Collecting monitoring analyzing low from servers
applications and other sources.
12.Microsoft Baseline Security Analyzer (MBSA): Tools for detecting
missing security patches
13.Microsoft Baseline Security Analyzer (MBSA): Determine security
State. Scan for missing patches and misconfigs.
14.Magic tree: Report writing tools
15.Keepnote: Report writing tools
16.FTK\u2026: Data Imaging Tools
17.FTK Imager: data preview and imaging tool that enables analysis of
files and folders on local hard drives, CDs\/DVDs, network drives, and
examination of the content of forensic images or memory dumps
18.R-Drive\u2026: Data Imaging Tools
19.R-Drive\u2026: provides creation of disk image files for backup or
duplication purposes. restores the images on the original disks, on
any other partitions, or even on a hard drive’s free space. one can<\/p>\n\n\n\n
3 \/ 15
restore the system after heavy data loss caused by an operating
system crash, virus attack, or hardware failure
20.\u00b7 EnCase Forensic
Data Acquisition
Toolbox
\u00b7 RAID Recovery for Windows<\/p>\n\n\n\n
4 \/ 15
\u00b7 R-Tools R-Studio
F-Response Imager: Data Imaging Tools
21.HashCalc: Image Integrity Tools
22.HashCalc: compute multiple hashes, checksums, and HMACs for
files, text, and hex strings.
23.MD5 Calculator: Image Integrity Tools
24.MD5 Calculator: calculating the MD5 hash value of the selected file
25.HashMyFiles: Image Integrity Tools
26.HashMyFiles: small utility that allows to calculate the MD5 and
SHA1 hashes of one or more files in the system. It allows copying of
the MD5\/SHA1 hashes list into the clipboard or save them into
text\/html\/xml file
27.PsUptime (Windows): \u00b7 Shows system uptime
28.Net Statistics (Windows): \u00b7 Shows system uptime
29.Uptime and W (Linux): \u00b7 Shows system uptime
30.Netstat -ab (Windows): determine all the executable files for running
process- es<\/p>\n\n\n\n
1 \/
107
WGU C842 \u2013 Cyber Defense and Counter Measures
TEST BANK 2023
1.Which of the following information security elements ensures that the
information is accessible only to those who are authorized to have
access?
A authenticity
B confidentiality
C integrity
D availability: B
2.Identify the information security element that determines
trustworthiness of data or resources in terms of preventing improper and
unauthorized changes.
A integrity
B availability
C authenticity
D non-repudiation: A
3.John, a security professional working for Xdoc Corporation, is imple-<\/p>\n\n\n\n
2 \/
107
menting a security strategy that uses multilayered protection throughout
an information system to help minimize any adverse impact from attacks
on organizational assets.
Identify the security strategy John has implemented.
A covert channel
B defense-in-depth
C likelihood analysis
D three-way handshake: B
4.Identify the security policy that doesn’t keep any restrictions on the
usage of system resources.
A promiscuous policy
B prudent policy
C paranoid policy
D permissive policy: A
5.Carl is trying to violate the acceptable use of a network and computer
use policy. Under which category of the incident handling criteria does
this scenario fall?<\/p>\n\n\n\n
3 \/
107
A CAT 4
B CAT 2
C CAT 1
D CAT 3: A
6.In which of the following stages of incident handling does
classification and prioritization of incidents take place?
A incident recording and assignment
B incident containment
C post-incident activities
D incident triage: D
7.Which of the following terms reflects an organization’s mid-term
and long-term goals for incident management capabilities?
A IH&R team models
B IH&R mission
C IH&R staffing
D IH&R vision: D
8.Which of the following terms defines the purpose and scope of the
planned incident handling and response capabilities?<\/p>\n\n\n\n
4 \/
107
A IH&R mission
B IH&R staffing
C IH&R team models
D IH&R vision: A
9.Which of the following backup strategies provides daily status of the
backup situation, such as successful, unsuccessful, not run, out of
space, etc.?
A security
B guarantee
C data availability
D notifications: D
10.John is an incident response manager at XYZ Inc. As a part of IH&R
policy of his organization, he signed a contract between the organization
and a third-party insurer to protect organization individuals from different
threats<\/p>\n","protected":false},"excerpt":{"rendered":"
1 \/WGU C842 Cyber Defense and Counter Measures Tool1.incident handling response steps: 1. Preparation2.Incident Recording3.Incident Triage4.Notification5.Containment6.Evidence Gathering and Forensic Analysis7.Eradication8.Recovery9.Post-Incident ActivitiesIncident DocumentationIncident ImpactAssessment- Review andRevise Policies- Close theInvestigation- IncidentDisclosure2.Risk Assessment Management tools: PILAR – It helps incident handlersto assess risks against critical assets of the organization in severaldimensions such as confidentiality, integrity, availability, authenticity,and accountability […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[25],"tags":[],"class_list":["post-119500","post","type-post","status-publish","format-standard","hentry","category-exams-certification"],"_links":{"self":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/119500","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/comments?post=119500"}],"version-history":[{"count":0,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/119500\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/media?parent=119500"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/categories?post=119500"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/tags?post=119500"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}