9 - 3: Incident Investigation

Question 1

Syslog

Answer 1

An old, still-used format for creating various types of logs

Question 2

Syslog components

Answer 2

1) Header (timestamp, source) 2) Facility, a 24-bit message describing where in the system it originated 3) Severity (from 0 being emergency to 7 being a debug error) 4) Message itself

Question 3

syslog-ng

Answer 3

Added security and delivery enhancements in 1998

Question 4

Rsyslog

Answer 4

Added even more enhancements in 2004

Question 5

Log tagging

Answer 5

Associating keywords or other identifiers to make finding logs easier

Question 6

Two advantages of SIEMS

Answer 6

1) Centralized log repository 2) Apply AI to analyze and interpret logs for anomalous material

Question 7

SOAR platform

Answer 7

Security, Orchestration, Automation, Response

Question 8

Playbooks

Answer 8

Procedures tied to policy

Question 9

Runbooks

Answer 9

Automated SOAR activity when triggered by an event

Question 10

SOC reports

Answer 10

Service Organization Control: audits a service provider does of itself so their customers don’t have to audit them directly

Question 11

SOC 1 reports

Answer 11

Most basic report, provide customers with assurance during their own financial audits

Question 12

SOC 2 reports

Answer 12

Include more sensitive data related to confidentiality, integrity, and availability

Question 13

SOC 3 reports

Answer 13

Contain SOC 2 sensitive information, but also designed for publication

Question 14

SOC Type 1 reports

Answer 14

Describe controls and provide auditors’ opinion

Question 15

SOC Type 2 reports

Answer 15

Include controls, auditors’ opinion, as well as testing results

Question 16

SOC in the US

Answer 16

American Institute of CPAs publishes Statement on Standards for Attestation Engagements Number 18

Question 17

SOC internationally

Answer 17

International Accounting and Assurance Standards Board publishes