Chapter 9

Question 1

What is it called when an occurrence happens, security wise?

Answer 1

Security event

Question 2

A server crash that has a negative effect on the company is called a what?

Answer 2

Adverse event

Question 3

When a skl is lost, what is this an example of? A loss of sensitive information

Answer 3

A security incident

Question 4

As a warrant officer, I am responsible for submitting a report that follows the sop. I am apart of what kind of team?

Answer 4

Computer security incident response teams (csirt)

Question 5

What is the name of the process a csirt member must go through?

Answer 5

PDCP (preparation, detection, containment, post-incident)

Question 6

Name a few things that must be apart of the incident response kit

Answer 6

USB bootable media, backup devices, workstations, laptop for other forensic activities

Question 7

Which standard for security events?

Answer 7

NIST 800 - 61

Question 8

According to NIST ) now can you improve incident analysis?

Answer 8

Declutter to capture traffic
Have a continuity book
Capture bad traffic -

Question 9

What is root cause analysis

Answer 9

A process to correct all that caused the problem in the first place of the problems

Question 10

For now long does the federal government retain records?

Answer 10

3 years

Question 11

Csirt members should follow this in the event a security incident just occurred

Answer 11

Procedure

Question 12

This book describes the procedures you must follow when facing a security incident helps guide the CSIRT’s response

Answer 12

Playbook

Question 13

What type of threat uses brute-force to expose or compromise data?

Answer 13

Attrition

Question 14

Which type of attackers goes after the big dawgs such as nation state actors and uses zero day vulnerabilities to their advantage?

Answer 14

Apt advanced persistent threat

Question 15

What are two things to look at when a security incident happens?

Answer 15

The scope of the incident and the severity of it

Question 16

Which type of economic impact category does 10,000 fall under?

Answer 16

Low economic impact

Question 17

Which type of economic impact does $10,000 - 500,000 fall under?

Answer 17

Medium economic impact

Question 18

Name the economic impact category that is $500,000 or more fall under

Answer 18

High economic impact

Question 19

What is the sole purpose of cyber security frameworks

Answer 19

To help you walk through on what to expect from attacke-ee

Question 20

List 5 keywords that describe the mitre attack framework

Answer 20

Tactics
techniques.
Freely database
Matrices
Threat life cycle

Question 21

. Which framework speaks on the relationship in the event of an attack
The order of attacks are listed in this framework

Answer 21

The Diamond model of intrusion analysis

Question 22

What are the 7 stages of the cyber kill chain?

Answer 22

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on objectives

Question 23

Which 2 resources do analysts read on now to test systems for future attacks?

Answer 23

OSMM
OWASP