SY0-401 pt8

suttonjs2's version from 2016-05-03 14:57

Malware Types

Question Answer
Multipart virusCan infect both executable files and boot sectors of hard disk drives. The multipart virus resides in the memory and then infects boot sectors and executable files of the computer system.

Attack Types

Question Answer
Side Channel
Hyperlink Spoofing
ICMP packet spoofing
Network address hijacking
Land attack
SYN Flood
Scooby Doo

Risk Related Concepts

Question Answer
VulnerabilityA flaw, loophole, or weakness in the system, software, or hardware. Can be exploited by a threat agent and can lead to a potential risk of loss.
RiskThe likelihood of occurrence of threat and the corresponding loss potential. The probability of a threat agent to exploit vulnerability.
Threat agentThe component that exploits vulnerability (such as a virus).
Exposure factorRefers to the percentage or portion of an asset that is lost or destroyed when exposed to a threat.
Threat vectorA path or a tool that a threat agent uses to attack the target.
Vulnerability analysisInvolves identifying and quantifying the possible threats and vulnerabilities in the system that can be exploited by a threat agent, which is an objective of risk analysis and is part of risk management. Provides either a qualitative or quantitative analysis of the vulnerabilities and threats.

Steps for Designing an Audit Policy

1. Develop the company's security policy.
2. Plan the audit strategy.
3. Conduct the audit.
4. Evaluate the audit results.
5. Report the audit results to management.
6. Conduct follow-up.

Steps in Incident Response

1. Prepare - Ensure that the organization is ready for an incident by documenting and adopting formal incident response procedures.
2. Detect - Analyze events to identify an incident or data breach. If the first responder is not the person responsible for detecting the incident, the person who detects the incident should notify the first responder.
3. Contain - Stop the incident as it occurs and preserve all evidence. Notify personnel of the incident. Escalate the incident if necessary. Containing the incident involves isolating the system or device by either quarantine or device removal. This step also involves ensuring that data loss is minimized by using the appropriate data and loss control procedures.
4. Remediate - Fix the system or device that is affected by the incident. Formal recovery/reconstitution procedures should be documented and followed during this step of incident response.
5. Resolve - Ensure that the system or device is repaired. Return the system or device to production.
6. Review and close - Perform a root cause analysis, and document any lessons learned. Report the incident resolution to the appropriate personnel.


Question Answer
FTP Data (active)TCP 20 (Layer 7)
FTP Control (passive)TCP 21 (Layer 7)
SSHTCP 22 (Layer 7)
SCP (uses SSH)TCP 22 (Layer 7)
SFTP (uses SSH)TCP 22 (Layer 7)
TelnetTCP 23 (Layer 7)
SMTPTCP 25 (Layer 7)
TACACS+TCP 49 (Layer 5)
DNS Name QueriesUDP 53 (Layer 7)
DNS Zone TransfersTCP 53 (Layer 7)
DHCPUDP 67/68 (Layer 7)
TFTPUDP 69 (Layer 7)
HTTPTCP 80 (Layer 7)
KerberosTCP/UDP 88 (Layer 5)
POP3TCP 110 (Layer 7)
NetBIOSUDP 138/TCP 139 (Layer 5)
IMAP4TCP 143 (Layer 7)
SNMPUDP 161 (Layer 7)
SNMP TrapUDP 162 (Layer 7)
LDAPTCP 389 (Layer 7)
HTTPSTCP 443 (Layer 7)
SMBTCP 445 (Layer 7)
SMTP SSL/TLSTCP 465 (Layer 7)
IPsec (for VPN with IKE)UDP 500 (Layer 3)
LDAP SSL/TLSTCP 636 (Layer 7)
FTPS SSL/TLSTCP 989/990 (Layer 7)
IMAP SSL/TLSTCP 993 (Layer 7)
POP SSL/TLSTCP 995 (Layer 7)
MS SQL ServerTCP 1433 (Layer 5)
L2TPUDP 1701 (Layer 2)
PPTPTCP 1723 (Layer 5)
RADIUSUDP 1812/1813 (Layer 7)
RDPTCP/UDP 3389 (Layer 7)


SY0-401 pt1
SY0-401 pt2
SY0-401 pt3
SY0-401 pt4
SY0-401 pt5
SY0-401 pt6
SY0-401 pt7
SY0-401 pt8

Recent badges