Pen Testing, Incident Response & Forensics

Skills Gained

What you can do upon completion of this course:

• Describe industry-leading tools used for penetration testing
• Define pen testing and explain its importance
• Summarize common approaches to pen testing
• Describe each component of the planning phase of pen testing
• List directives that pen testers and clients should document in the planning phase of pen testing
• Contrast open box, closed box, and gray box approaches to pen testing
• Define vulnerability analysis and explain its role in pen testing
• Describe methods for the discovery phase of pen testing
• Summarize what happens in each step of the attack phase of pen testing
• Describe commonly exploited vulnerabilities
• Discuss the components of a penetration test report- s executive summary and technical review
• Distinguish events from incidents in the context of cybersecurity
• Explain what incident response is and why it- s important
• Contrast the three models for incident response teams
• Discuss the departments within an organization with which the incident response team should establish a working relationship
• List common attack vectors for cybersecurity incidents
• Recall essential components of an incident response policy
• Describe the three types of resources needed for effective incident response
• Summarize recommended practices for securing networks, systems, and applications
• Distinguish between precursors and indicators and list their common sources
• Describe the types of monitoring systems used for incident detection
• Discuss standard topics and impact categories to include in incident analysis documentation
• List parties that may require notification of a detected incident
• Summarize considerations for selecting an incident containment strategy
• Explain why forensics is an essential part of incident containment
• Describe the goals of the eradication and recovery phases of incident response
• Recall questions from the Sysadmin, Audit, Network, and Security (SANS) Institute- s checklist for incident response
• Describe - lessons learned- meetings and other activities that may be appropriate for post-incident analysis
• List common cybersecurity threats
• Describe three modern cybersecurity tools: QRadar, McAfee ePolicy Orchestrator (ePO), and next-generation firewalls
• Summarize how to manage a QRadar SIEM incident response queue
• Investigate QRadar offenses using QRadar SIEM
• Generate a QRadar report
• Modify QRadar network hierarchy settings
• Define digital forensics
• List standard data sources for digital forensics
• Summarize the objectives of digital forensics
• Discuss the challenges that various data collection methods present
• Describe the National Institute for Standards and Technology (NIST) three steps for data collection
• Explain the role that chain of custody plays in data collection
• Summarize the obstacles inherent in forensic examination
• Describe the analysis step in digital forensics
• Summarize the components of a forensic report and the best practices for writing them
• Describe essential methods, tools, and considerations for collecting, preserving, and analyzing data files
• Contrast volatile and non-volatile data and explain best practices for collecting each data type
• Summarize recommended forensic methods for collecting log information from Windows, macOS, and Linux systems
• Explain how different application components and types provide meaningful forensic data
• Describe the four layers of the TCP/IP model and their relevance for digital forensics
• Summarize the various sources of network data and the value of data obtainable from each
• Discuss methods for using network data to identify a cyberattacker
• Summarize the history of scripting languages and their common uses today
• Explain basic scripting concepts including script, variable, argument, parameter, if statement, and loop
• Describe the purpose and features of the JavaScript, Bash, Perl, PowerShell, binary, and hexadecimal scripting languages
• Summarize the benefits of using Python
• Recall Python rules for syntax, data types, and strings
• Describe Python data structures
• Explain the basic syntax of conditions in Python branching
• Discuss what Python functions and methods are
• Explain what a Python library is and describe examples