C842 tools WGU QUESTIONS WITH COMPLETE SOLUTIONS

incident handling response steps correct answer: 1. Preparation 2. Incident Recording 3. Incident Triage 4. Notification 5. Containment 6. Evidence Gathering and Forensic Analysis 7. Eradication 8. Recovery 9. Post-Incident Activities- Incident Documentation- Incident Impact Assessment- Review and Revise Policies- Close the Investigation- Incident Disclosure Risk Assessment Management tools correct answer: PILAR - It helps incident handlers to assess risks against critical assets of the organization in several dimensions such as confidentiality, integrity, availability, authenticity, and accountability A1 Tracker Risk Management Studio Tools for Incident Analysis and Validation correct answer: buck-security - allows incident handlers to identify the security status of a system. It gives an overview of the security status of the system within a couple of minutes kiwi syslog server - It allows you to centrally manage syslog messages, generates real-time alerts based on syslog messages, and perform advanced message filtering and message buffering splunk light - It is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources ▪ Loggly () ▪ InsightOps () ▪ L () ▪ L () ▪ Graylog ( Tools for Detecting Missing Security Patches correct answer: Microsoft Baseline Security Analyzer - MBSA lets incident handlers scan local and remote systems for missing security updates as well as common security misconfigurations ▪ GFI LanGuard () ▪ Symantec Client Management Suite () ▪ MaaS360 Patch Analyzer () ▪ Solarwinds Patch Manager () ▪ Kaseya Security Patch Management () ▪ Software Vulnerability Manager () ▪ Ivanti Endpoint Security () ▪ Patch Connect Plus () ▪ Automox () ▪ Prism Suite ( report writing tools correct answer: MagicTree - stores data in a tree structure This is a natural way of representing the information that is gathered during a network test: a host has ports, which have services, applications, vulnerabilities, etc. KeepNote - is used to store class notes, TODO lists, research notes, journal entries, paper outlines, etc. in a simple notebook hierarchy with rich-text formatting, images, and more data imaging tools correct answer: FTK imager - It is a data preview and imaging tool that enables analysis of files and folders on local hard drives, CDs/DVDs, and network drives R-Drive image - buck-security allows incident handlers to identifying the security status of a system. It gives an overview of the security status of the system within a couple of minutes ▪ EnCase Forensic () ▪ Data Acquisition Toolbox () ▪ RAID Recovery for Windows () ▪ R-Tools R-Studio () ▪ F-Response Imager ( tools for calculating hash value correct answer: HashCalc MD5 Calculator HashMyFiles Collecting Volatile Information: System Information correct answer: Tools and commands to collect the information: S (Windows) PsInfo (Windows) Cat (Linux) Uname (Linux) Collecting Volatile Information: Current System Date and Time/Command History correct answer: The incident responder should use the doskey /history command, which shows the history of the commands typed into that prompt Collecting Volatile Information: Current System Uptime correct answer: Tools to collect uptime information include: PsUptime (Windows) Net Statistics (Windows) Uptime and W (Linux)