CCSP Domain 5: Incident Management Flashcards

1
Q

What is a popular security incident management methodology?

A

NIST SP 800-61 rev2 Computer Security Incident Handling Guide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the Preparation phase of the NIST SP 800-61 rev2 incident response lifecycle

A

organization’s preparation necessary to ensure they can respond to a security incident, including tools, processes competencies and readiness; should be documented in a security incident response plan that is regularly reviewed and updated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many times should be the Preparation phase reviewed and how?

A

multiple times a year in a walkthrough (tabletop excersise)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the Detection and Analysis phase of the NIST SP 800-61 rev2 incident response lifecycle

A

activity to detect a security incident in a production environment and to analyze all events to confirm the authenticity of the security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the Containment, eradication, recovery phase of the NIST SP 800-61 rev2 incident response lifecycle

A

required and appropriate actions taken to contain the security incident based on the analysis done in the previous phase (Detection & Analysis); limits the scope of the incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When should we proceed to recovery in the NIST SP 800-61 rev2 incident response lifecycle?

A

after the adversary has been evicted from the environment and known vulnerabilities have been remidiated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What happens after recovery in NIST SP 800-61 rev2 incident response lifecycle?

A

post-mortem analysis is performed; actions taken during the process are reviewed to determine if any changes are needed in hte preparation or detection and analysis phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are are the phases in the NIST SP 800-61 rev2 incident response lifecycle?

A

Preparation > Detection and Analysis > Containment, Eradication and Recovery > Post-incident Activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly