Evaluation of output may include:
- Network tools
- Protocol analyzer
- Network scanners
- Wireless scanners/crackers
- Web application firewall
- Host tools
- Configuration compliance scanner
- Backup utilities
- Honeypot
- Banner grabbing
- Password cracker
- Vulnerability scanner
- Exploitation frameworks
- HIDS/HIPS
- Host-based firewall
- Antivirus
- File integrity check
- Application whitelisting
- Advanced malware
- Patch management
- Removable media control
- Data tools
- Data sanitization tools
- DLP
- Data execution prevention violations
Process/Skill Questions:
- What tools would be used to investigate issues on a user workstation?
- Which tool's logs will show out-of-date patching?
- What tool would show blocked sites?