WGU C842 Cyber Defense and Counter Measures Tools

• /

WGU C842 Cyber Defense and Counter Measures Tools

1.incident handling response steps: 1. Preparation

2.Incident Recording 3.Incident Triage 4.Notification 5.Containment 6.Evidence Gathering and Forensic Analysis 7.Eradication 8.Recovery 9.Post-Incident Activities- Incident Documentation- Incident Impact Assessment- Review and Revise Policies- Close the Investigation- Incident Disclosure

2.Risk Assessment Management tools: PILAR - It helps incident handlers

to assess risks against critical assets of the organization in several dimensions such as confidentiality, integrity, availability, authenticity, and accountability 1 / 4

• /

A1 Tracker Risk Management Studio

3.Tools for Incident Analysis and Validation: buck-security - allows

incident handlers to identify the security status of a system. It gives an overview of the security status of the system within a couple of minutes kiwi syslog server - It allows you to centrally manage syslog messages, generates real-time alerts based on syslog messages, and perform advanced message filtering and message buffering splunk light - It is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources

ª Loggly (https://www.loggly.com) ª InsightOps

(https://www.rapid7.com) ª Logz.io (https://www.logz.io) ª

Logmatic.io (https://www.logmatic.io) ª Graylog

(https://www.graylog.org

4.Tools for Detecting Missing Security Patches: Microsoft Baseline

Security Analyzer - MBSA lets incident handlers scan local and remote systems for missing security updates as well as common security misconfigurations 2 / 4

• /

ª GFI LanGuard (https://www.gfi.com)

ª Symantec Client Management Suite

(https://www.symantec.com) ª MaaS360 Patch Analyzer

(https://www.ibm.com)

ª Solarwinds Patch Manager (https://www.solarwinds.com)

ª Kaseya Security Patch Management

(https://www.kaseya.com) ª Software Vulnerability

Manager (https://www.flexera.com)

ª Ivanti Endpoint Security (https://www.ivanti.com)

ª Patch Connect Plus (https://www.manageengine.com) ª Automox

(https://www.au- tomox.com)

ª Prism Suite (https://www.newboundary.co

5.report writing tools: MagicTree - stores data in a tree structure

This is a natural way of representing the information that is gathered

during a network test: a host has ports, which have services,

applications, vulnerabilities, etc.KeepNote - is used to store class notes, TODO lists, research notes, journal entries, paper outlines, etc. in a simple notebook hierarchy with rich-text formatting, images, and more

6.data imaging tools: FTK imager - It is a data preview and imaging tool

that enables analysis of files and folders on local hard drives, CDs/DVDs, and network drives R-Drive image - buck-security allows incident handlers to identifying 3 / 4

• /

the security status of a system. It gives an overview of the security status of the system within a couple of minutes

ª EnCase Forensic (https://www.guidancesoftware.com) ª Data

Acquisition Tool- box (https://in.mathworks.com) ª RAID Recovery for

Windows (https://www.run- time.org) ª R-Tools R-Studio

(https://www.r-studio.com) ª F-Response Imager (https://www.f- response.com

7.tools for calculating hash value:

HashCalc MD5 Calculator HashMyFiles 8.Collecting Volatile Information: System Information: Tools and

commands to collect the information: Systeminfo.exe (Windows)

PsInfo (Windows) Cat (Linux) Uname (Linux)

• / 4