Chapter 21: Security Operations

Question 1

Tier 1 security analysts

Answer 1

monitor security tools and platforms for suspicious activity

Question 2

Tier 2 security analysts

Answer 2

investigate alerts, declare security incidents, coordinate with incident responders and intelligence analysts to investigate, contain, and eradicate threats

Question 3

Threat Intelligence

Answer 3

evidence-based knowledge of an existing or emerging menace or hazard to assets used to inform decisions regarding responses to it

Question 4

Three types of threat intel sources

Answer 4

threat data feeds, open-source intelligence (OSINT), and internal systems

Question 5

cyberthreat hunting

Answer 5

practice of proactively looking for threat actors in your network

Question 6

firewalls support and enforce org’s network security policy by …

Answer 6

restricting access to one network from another network

Question 7

packet-filtering firewalls

Answer 7

make access decisions based on network-level protocol header values using access control lists (ACLs)

Question 8

stateful firewalls

Answer 8

add to the capabilities of packet filtering firewalls by keeping track of the state of a connection between two endpoints

Question 9

proxy firewalls

Answer 9

intercept and inspect messages before delivering them to the intended recipients

Question 10

NGFW

Answer 10

next-generation firewall

Question 11

next-generation firewall

Answer 11

combines the attributes of others firewalls, but adds a signature-based and/or behavioral analysis IPS engine and cloud-based threat data sharing

Question 12

IDS/IPS

Answer 12

intrusion detection and prevention systems

Question 13

intrusion detection and prevention systems

Answer 13

categorized as either host-based or network based and rule-based or anomaly-based

Question 14

HIDS

Answer 14

host-based

Question 15

NIDS

Answer 15

network-based