7.1 Sec Ops Tech

Question 1

change management

Answer 1

request
review
approve/reject
schedule and implement
document

Question 2

patch management

Answer 2

evaluate
test
approve
deploy approved
verify

Question 3

transitive/ non-transitive trust

Answer 3

transitive: trust relation between two domains and all of their subdomains

non-transitive: trust between domains, subdomains excluded

Question 4

incident response

de re mi re re re le

Answer 4

• detection
• response (CIRT, investigation, evidence) -EINDÄMMUNG
• mitigation (contain, limit the effect) EINDÄMMUNG
• reporting (upper management, gov)
• recovery (rebuild)
• remediation (root cause analysis) SANIERUNG
  lessons learned

Question 5

darknet

Answer 5

unused IPs monitored by IDS

few false positives because any traffic is illegitimate

Question 6

sampling

clipping

Answer 6

statistical

non-stat

Question 7

service burau

Answer 7

leases computer time in case of a disaster

Question 8

MAA

Answer 8

mutual assistance agreement, reciprocal agreement

Question 9

drp testing

Answer 9

• read though: paperwork only
• structured walk-trough: role play
• simulation: role play with live testing
• parallel
• full interruption

Question 10

types of incident

Answer 10

scanning (indicates that illegal activity may follow)
compromise
malicious code
dos

Question 11

drp process

Answer 11

response
actoivate team
assess
reconstitution

Question 12

developing drp

Answer 12

initiation
project scope
BIA
identify preventive controls
develop recovery strategies
develop contingency plan
implement, training, test
maintenance

Question 13

RPO

Recovery point objective

Answer 13

maximum tolerable loss of data/work/availability an organization can withstand

Question 14

RTO

recovery time objective

Answer 14

system recovery time, until it is running

Question 15

MTD

Answer 15

RTO+WRT

Question 16

WRT

work recovery time

Answer 16

time needed to configure a recovered system

Question 17

MTBF

Answer 17

generated by vendor, hardware

Question 18

MOR

Answer 18

minimal operating requirements

Question 19

BCP

Answer 19

business/IT- focused

sustaining essential business processes while recovering

Question 20

DRP

Answer 20

IT-focused

recovery of capabilities at an alternate site

Question 21

COOP

Answer 21

not IT-focused

30 day uptime for STRATEGIC functions at alternate site

Question 22

OEP

Occupant Emergency Plan

Answer 22

minimizing loss of life, injury and damage

Question 23

forensic ediscovery

Answer 23

legal counsel gaining access to electronic information during civil legal proceedings. gather evidence

lots of electronic data is stored by organizations, so logistically and financially relevant

DATA RETENTION POLICY should claim to purge data when no longer needed to minimize impact of ediscovery

Question 24

RAID

Answer 24

3 byte level striping with dedicated parity
4 block level striping with dedicated parity
5 block level striping with distributed parity
6 block level striping with double distributed parity