4.4 Post-Incident Mitigation Flashcards

1
Q

Actions for endpoint mitigation post-incident

A

Application white/black lists, quarantine un-recognized apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Isolation relative to post-incident mitigation

A

Systems can be isolated from network during remediation of breach/compromise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define containment relative to mitigation strategy

A

Containment runs each application in its own sandbox to limit pivoting if the application is compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define segmentation as a mitigation strategy

A

Segmentation is creating protected network segments for sensitive devices so that if the internal network is breached, the sensitive devices are protected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Security Orchestration, Automation, and Response (SOAR)

A

A centralized tool allowing the automation of admin tasks, such as disabling a user account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define runbook

A

A script or description of the steps for a specific task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define playbook

A

The combination of runbooks into a larger task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly