NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 4.0 Security Operations

Indicators of Compromise (IoC)

Observable artifacts that suggest a system has been compromised: unexpected files, unusual processes, outbound connections to known-bad IPs, modified configuration files.

How this shows up at NCAE

Every item in the backdoor-hunt is an IoC check: rogue UID-0 users, suspicious cron entries, unknown SSH keys, recently modified SUID binaries. The `--since` flag on journalctl helps scope searches to a time window.