{"id":512,"date":"2019-03-13T10:30:01","date_gmt":"2019-03-13T15:30:01","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=512"},"modified":"2020-02-25T09:31:40","modified_gmt":"2020-02-25T15:31:40","slug":"ccna-cyberops-secfnd-objective-4-0","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/","title":{"rendered":"CCNA CyberOps SECFND Objective 4.0"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">4.1 Define these terms as they pertain to Microsoft Windows<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Processes:<\/strong> a program that the system is running<ul><li><strong>Job:<\/strong> a group of processes<\/li><\/ul><\/li><li><strong>Threads: <\/strong>basic units that an OS applies processing time to, spawned by a process which may have multiple threads<ul><li><strong>Thread Pool:<\/strong> a group of asynchronous threads that report back to the application<\/li><\/ul><\/li><li><strong>Memory Allocation:<\/strong>  memory is allocated by the OS to an application in various ways.<ul><li><strong>Static Memory Allocation:<\/strong> a program allocates the memory it needs when it is compiled.<\/li><li><strong>Dynamic Memory Allocation: <\/strong>memory is allocated at runtime<\/li><li><strong>Stack:<\/strong> memory set aside as space for a thread<\/li><li><strong>Heap:<\/strong> memory set aside for dynamic allocation<\/li><li><strong>Volatile memory:<\/strong> Loses contents when the device loses power.<\/li><li><strong>Nonvolatile memory: <\/strong>contents preserved when the device loses power<\/li><li><strong>Virtual Address Space: <\/strong>addresses physical RAM<\/li><\/ul><\/li><li><strong>Windows Registry: <\/strong>The windows registry is the hierarchical database that stores configuration data for users, applications and devices.<ul><li><strong>HKEY_CLASSES_ROOT (HKCR): <\/strong>Ensures that the correct program opens when executed in Windows Explorer, also contains details on <g class=\"gr_ gr_1146 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-del replaceWithoutSep\" id=\"1146\" data-gr-id=\"1146\">shortcuts,<\/g> and the user interface<\/li><li><strong>HKEY_CURRENT_USER (HKCU): <\/strong>contains configuration for any currently logged in user including folders, screen colors <g class=\"gr_ gr_1231 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep\" id=\"1231\" data-gr-id=\"1231\">and<\/g> control panel settings<\/li><li><strong>HKEY_CURRENT_CONFIG (HCU):<\/strong> System current configuration<\/li><li><strong>HKEY_LOCAL_MACHINE (HKLM): <\/strong>machine hardware information, drive mounts and generic configurations of hardware and applications<\/li><li><strong>HKEY_USERS(HKU):<\/strong> Configuration of all user profiles<\/li><li>Each of the above is referred to as a hive.<\/li><\/ul><\/li><li><strong>Windows Management Instrumentation (WMI):<\/strong>  Microsoft&#8217;s implementation of Web-Based Enterprise Management (WBEM) based on the Common Information Model (CIM) standard. The data must be pulled in with tools.<ul><li>Provides status information<\/li><li>Allows configuration of security settings<\/li><li>Allows modification of system properties<\/li><li>Change permissions for users and groups<\/li><li>Assign and change drive labels<\/li><li>Schedule processes<\/li><li>Enable or disable error logging<\/li><\/ul><\/li><li><strong>Handles:<\/strong> a reference to a resource such as a file<ul><li>Hide real memory addresses<\/li><li>Leaks occur if not released after use<\/li><\/ul><\/li><li><strong>Services: <\/strong>long-running  applications that operate in their own session<\/li><li><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">4.2 Define these terms as they pertain to Linux<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Processes<\/strong><ul><li>Child Process: process created by another process<\/li><li>init process: First process in the boot that does not have a parent process<\/li><li>orphan process: a child process allowed to continue after a parent is killed<\/li><li>zombie process: a process terminated that is still in the state table<\/li><li>daemon process: similar to services on Windows<\/li><\/ul><\/li><li><strong>Forks: <\/strong>when a parent creates a child process<\/li><li><strong>Permissions: <\/strong>Permissions in Linux are based on <g class=\"gr_ gr_707 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace\" id=\"707\" data-gr-id=\"707\">read<\/g>, write and <g class=\"gr_ gr_727 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del\" id=\"727\" data-gr-id=\"727\">eXecute<\/g> rights for the owner, group and everyone else. An example would be &#8211;<g class=\"gr_ gr_939 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling\" id=\"939\" data-gr-id=\"939\">rwxrw<\/g>-r&#8211;. This indicates a file that is readable, writeable and executable by the owner, only read\/write for the group and read-only for everyone else. The table below shows the numeric values used with the <g class=\"gr_ gr_1694 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling\" id=\"1694\" data-gr-id=\"1694\">chmod<\/g> command to change permissions on a file. For example, <g class=\"gr_ gr_1957 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling\" id=\"1957\" data-gr-id=\"1957\">chmod<\/g> 755 would make it <g class=\"gr_ gr_2105 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling\" id=\"2105\" data-gr-id=\"2105\">rwxr<\/g>-xr-x.<\/li><\/ul>\n\n\n\n<table class=\"wp-block-table\"><tbody><tr><td>Value<\/td><td>Permissions<\/td><td>Representation<\/td><\/tr><tr><td>0<\/td><td>None<\/td><td>&#8212;<\/td><\/tr><tr><td>1<\/td><td>Execution-only<\/td><td>&#8211;x<\/td><\/tr><tr><td>2<\/td><td>Write<\/td><td>-w-<\/td><\/tr><tr><td>3<\/td><td>Execution and write<\/td><td>-wx<\/td><\/tr><tr><td>4<\/td><td>Read-only<\/td><td>r&#8211;<\/td><\/tr><tr><td>5<\/td><td>Read and excution<\/td><td>r-x<\/td><\/tr><tr><td>6<\/td><td>Read and write<\/td><td>rw-<\/td><\/tr><tr><td>7<\/td><td>Read, write and execution<\/td><td>rwx<\/td><\/tr><\/tbody><\/table>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Symlinks: <\/strong>Short for <g class=\"gr_ gr_3 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep\" id=\"3\" data-gr-id=\"3\">symbolic<\/g> link, a symlink links to another file or directory. <\/li><li><strong>Daemon: <\/strong>programs that run in the background, usually created by init, equivalent to services in Windows<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">4.3 Describe the functionality of these endpoint technologies in regards to security monitoring<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Host-based intrusion detection (HIDS):<\/strong> software installed on a host to detect attempted attacks. <\/li><li><strong>Antimalware and Antivirus:<\/strong> software on a host to detect malware or viruses<\/li><li><strong>Host-based firewall:<\/strong> software firewall on a host to filter network connections to the host based on rules.<\/li><li><strong>Application-level whitelisting:<\/strong> Administrators make a list of approved software, only software on the list is allowed to run.<\/li><li><strong>Application-level blacklisting:<\/strong> Administrators make a list of software not allowed to run, everything else is allowed.<\/li><li><strong>Systems-based sandboxing (such as Chrome, Java, Adobe Reader): <\/strong>Software that creates a virtual environment to try to contain any attempted exploit.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">4.4 Interpret these operating system log data to identify an event<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Windows Security Event Logs<\/h3>\n\n\n\n<p>Windows event logs are viewed using the eventvwr.exe application. There are four primary types of logs:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Error: Significant problems such as data loss or functionality<\/li><li>Warning: Not significant, but may indicate future issues<\/li><li>Information: successful operations of an application or service<\/li><li>Success Audit: Security access attempts that were successful<\/li><li>Failure Audit: Security access attempts that were not successful<\/li><\/ul>\n\n\n\n<p>There are three general logs of Application, System and Security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">UNIX based logs (Linux, FreeBSD, OSX)<\/h3>\n\n\n\n<p>Syslog is the common format for UNIX logs. By default the logs are in \/var\/log\/. The facility of a log tells which application or process submitted the log entry. The priority is used to indicate the importance of the log entry.<\/p>\n\n\n\n<table class=\"wp-block-table\"><tbody><tr><td>Level<\/td><td>nemonic <\/td><td>Description<\/td><\/tr><tr><td>0<\/td><td>emerg<\/td><td>emergency condition such as a system crash<\/td><\/tr><tr><td>1<\/td><td>alert<\/td><td><g class=\"gr_ gr_3 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep\" id=\"3\" data-gr-id=\"3\">Condition<\/g> that should be dealt with immediately<\/td><\/tr><tr><td>2<\/td><td>crit<\/td><td>Critical conditions such as hardware failure<\/td><\/tr><tr><td>3<\/td><td>err<\/td><td>Standard error messages<\/td><\/tr><tr><td>4<\/td><td>warning<\/td><td>Stardard warnings<\/td><\/tr><tr><td>5<\/td><td>notice<\/td><td>No error condition, but attention needed<\/td><\/tr><tr><td>6<\/td><td>info<\/td><td>Information messages<\/td><\/tr><tr><td>7<\/td><td>debug<\/td><td>Debugging messages<\/td><\/tr><\/tbody><\/table>\n\n\n\n<h3 class=\"wp-block-heading\">Apache Access Logs<\/h3>\n\n\n\n<p>Apache is a common webserver. The logs are stored in the AccessLog (logs all requests) and ErrorLog (all errors produced by requests).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IIS Access Logs<\/h3>\n\n\n\n<p>IIS webservers log in plain text files. They can be in IIS, W3C or NCSA format.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>4.1 Define these terms as they pertain to Microsoft Windows Processes: a program that the system is running Job: a group of processes Threads: basic units that an OS applies processing time to, spawned by a process which may have multiple threads Thread Pool: a group of asynchronous threads that report back to the application [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":516,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CCNA CyberOps SECFND Objective 4.0 - Study Notes #ccnacyberops #ciscochampion","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,105,31,24],"tags":[107,90,106,149],"class_list":["post-512","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-ccna-cyberops","category-certification","category-cisco","tag-ccna-cyberops","tag-certification","tag-cisco","tag-cisco-certified-cyber-ops-associate"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CCNA CyberOps SECFND Objective 4.0 -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CCNA CyberOps SECFND Objective 4.0 -\" \/>\n<meta property=\"og:description\" content=\"4.1 Define these terms as they pertain to Microsoft Windows Processes: a program that the system is running Job: a group of processes Threads: basic units that an OS applies processing time to, spawned by a process which may have multiple threads Thread Pool: a group of asynchronous threads that report back to the application [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-13T15:30:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-25T15:31:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CCNA CyberOps SECFND Objective 4.0\",\"datePublished\":\"2019-03-13T15:30:01+00:00\",\"dateModified\":\"2020-02-25T15:31:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/\"},\"wordCount\":856,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1\",\"keywords\":[\"CCNA CyberOps\",\"certification\",\"cisco\",\"Cisco Certified Cyber Ops Associate\"],\"articleSection\":[\"Blog\",\"CCNA CyberOps\",\"Certification\",\"cisco\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/\",\"name\":\"CCNA CyberOps SECFND Objective 4.0 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1\",\"datePublished\":\"2019-03-13T15:30:01+00:00\",\"dateModified\":\"2020-02-25T15:31:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1\",\"width\":640,\"height\":960},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/03\\\/13\\\/ccna-cyberops-secfnd-objective-4-0\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CCNA CyberOps SECFND Objective 4.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CCNA CyberOps SECFND Objective 4.0 -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/","og_locale":"en_US","og_type":"article","og_title":"CCNA CyberOps SECFND Objective 4.0 -","og_description":"4.1 Define these terms as they pertain to Microsoft Windows Processes: a program that the system is running Job: a group of processes Threads: basic units that an OS applies processing time to, spawned by a process which may have multiple threads Thread Pool: a group of asynchronous threads that report back to the application [&hellip;]","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-03-13T15:30:01+00:00","article_modified_time":"2020-02-25T15:31:40+00:00","og_image":[{"width":640,"height":960,"url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1","type":"image\/jpeg"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CCNA CyberOps SECFND Objective 4.0","datePublished":"2019-03-13T15:30:01+00:00","dateModified":"2020-02-25T15:31:40+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/"},"wordCount":856,"commentCount":0,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1","keywords":["CCNA CyberOps","certification","cisco","Cisco Certified Cyber Ops Associate"],"articleSection":["Blog","CCNA CyberOps","Certification","cisco"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/","name":"CCNA CyberOps SECFND Objective 4.0 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1","datePublished":"2019-03-13T15:30:01+00:00","dateModified":"2020-02-25T15:31:40+00:00","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1","width":640,"height":960},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/13\/ccna-cyberops-secfnd-objective-4-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CCNA CyberOps SECFND Objective 4.0"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/pexels-photo-412842.jpeg?fit=640%2C960&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-8g","jetpack-related-posts":[{"id":545,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/22\/ccna-cyberops-secfnd-objective-6-5\/","url_meta":{"origin":512,"position":0},"title":"CCNA CyberOps SECFND Objective 6.5","author":"Ben Story","date":"March 22, 2019","format":false,"excerpt":"Describe these endpoint-based attacksImplementing Cisco Cybersecurity Operations (210-255) Buffer Overflows Buffer overflow attacks occur when an attacker sends more data that the application expects. If the input is unchecked, an attacker can force a program to execute code in memory sections it shouldn't have access to. Command and Control (C2)\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/angry-argue-argument-343.jpg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/angry-argue-argument-343.jpg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/angry-argue-argument-343.jpg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":748,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/03\/ccna-cyberops-secops-objective-1-5\/","url_meta":{"origin":512,"position":1},"title":"CCNA CyberOps SECOPS &#8211; Objective 1.5","author":"Ben Story","date":"August 3, 2019","format":false,"excerpt":"Define these terms as they pertain to the Linux file system: EXT4, Journaling, MBR, Swap File System, MACImplementing Cisco Cybersecurity Operations (210-255) EXT4: The modern version of the Linux EXT file system. It includes journaling capabilities.Journaling: The file system keeps a log of changes that have not yet been committed\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Penguin","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/07\/animal-antarctic-antarctica-52512.jpg?fit=640%2C427&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/07\/animal-antarctic-antarctica-52512.jpg?fit=640%2C427&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/07\/animal-antarctic-antarctica-52512.jpg?fit=640%2C427&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":843,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/14\/ccna-cyberops-secops-objective-3-3\/","url_meta":{"origin":512,"position":2},"title":"CCNA CyberOps SECOPS &#8211; Objective 3.3","author":"Ben Story","date":"August 14, 2019","format":false,"excerpt":"Map the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61 r2) Implementing Cisco Cybersecurity Operations (210-255) The best I could find for this topic were the stakeholders defined by the Cybersecurity Capability Maturity Model (C2M2) documentation as listed below. Decision makers (executives) who control the allocation of resources and\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by Lukas from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-652348.jpeg?fit=640%2C423&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-652348.jpeg?fit=640%2C423&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-652348.jpeg?fit=640%2C423&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":758,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/04\/ccna-cyberops-secops-objective-1-8\/","url_meta":{"origin":512,"position":3},"title":"CCNA CyberOps SECOPS &#8211; Objective 1.8","author":"Ben Story","date":"August 4, 2019","format":false,"excerpt":"Describe the role of attribution in an investigation Implementing Cisco Cybersecurity Operations (210-255) Assets: Any data, device or other aspects of the environment that supports information systems.Threat Actor: The person or group responsible for an attack on an asset.","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":809,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/09\/ccna-cyberops-secops-objective-2-6\/","url_meta":{"origin":512,"position":4},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.6","author":"Ben Story","date":"August 9, 2019","format":false,"excerpt":"Interpret common artifact elements from an event to identify an alert Implementing Cisco Cybersecurity Operations (210-255) IP Address (source\/destination) IP address artifacts are useful to help identify both the attacker and the victim in a cybersecurity incident. IP address information can also help with tracking an attacker when they pivot\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by Francis Seura from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-802412.jpeg?fit=640%2C425&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-802412.jpeg?fit=640%2C425&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-802412.jpeg?fit=640%2C425&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":745,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/03\/ccna-cyberops-secops-objective-1-4\/","url_meta":{"origin":512,"position":5},"title":"CCNA CyberOps SECOPS &#8211; Objective 1.4","author":"Ben Story","date":"August 3, 2019","format":false,"excerpt":"Define these items as they pertain to the Microsoft Windows file system: FAT32, NTFS, Alternative Data Streams, MACE, EFI, Freespace, Timestamps on a filesystem Implementing Cisco Cybersecurity Operations (210-255) FAT32: A file system that uses a file allocation table (FAT) to store pointers to the files in the file system.\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/07\/black-and-white-blur-chrome-209666.jpg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/07\/black-and-white-blur-chrome-209666.jpg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/07\/black-and-white-blur-chrome-209666.jpg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/512","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=512"}],"version-history":[{"count":1,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/512\/revisions"}],"predecessor-version":[{"id":1076,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/512\/revisions\/1076"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/516"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=512"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=512"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}