OBJECTIVES
This chapter covers the following TruSecure-specified objectives for the TICSA exam:
Identify and explain basic malicious code threats and common defensive mechanisms.
This exam objective ensures that you have an understanding of the specific malicious code threats that exist in modern computing environments. Knowledge of the offensive mechanisms used by malicious individuals is essential to the construction and maintenance of effective defense mechanisms.
Describe, recognize, or select good intrusion detection methodologies, applications and disaster recovery, and forensic practices.
The second objective covered in this chapter ensures that you're familiar with the appropriate procedures to follow after a security incident takes place. It's important to have a good understanding of the technical and legal implications of your actions to ensure that you do not destroy or taint potential sources of evidence.
OUTLINE
Attack Methods and Countermeasures 216
General Incident-Handling Principles 239
Handling Specific Incidents 241
Limitations of Evidence Collection 244
Maintaining the Chain of Evidence 245
STUDY STRATEGIES
The TICSA exam may contain detailed questions on some of the more common malicious code threats (such as worms, viruses, and Trojan horses). When you're studying these sections, pay particular attention to the definitions and review the Key Terms at the end of the chapter prior to taking the exam.
It's not likely that you'll see questions asking you to provide detailed explanations of specific vulnerabilities in the TCP/IP protocol (such as SYN flooding and Smurf attacks). However, you may find exam items that describe an exploit and ask you to provide an appropriate countermeasure. Therefore, when you're reviewing these sections, don't simply attempt to memorize the specific attacks presented in this book—take the time to understand the theory behind the attacks. This helps you develop threat-analysis skills that will assist you both on the TICSA exam and in real life.