Advanced Cloud and Network/Live Forensics Test 2[Back] This page defines what you need to know for the test. SIEM. Marks: Approx: ~40%This part of the test will cover some analysis of logs using Splunk. Some background material is here
Take a sample test for this subject: here. Note that this test is indicative of the areas that might be covered. Where is the Splunk server? Ans: here DLP. Marks: Approx: ~40%This part of the test will cover some an understanding of Tunnelling. Some background material is here (Tunnelling), here (Disk Encryption) and here (Disk Encryption)
Malware/Code Analysis. ~20%This part of the test will cover an overview of how the registers are changed within a machine code program.
Take a sample test for this subject: here. Note that this test is indicative of the areas that might be covered. Test formatThe test will be similar in scope to Test 1 and will have fixed/short answers for the SIEM parts and longer descriptive answers for other questions. |