Domain 4: Operations and Incident Response (16%)

Question 1

*4.2 Attack frameworks

Cyber Kill Chain

Answer 1

Has a seven-step method that starts with reconnaissance and then moves into weaponization, delivery, exploitation,
installation, command and control,
and action on objectives.

Note: linear process

Question 2

4.2 Attack frameworks

MITRE ATT&CK Framework

Answer 2

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques and common knowledge or procedures.

Note: matrices model process

Question 3

4.2 Attack frameworks

Diamond Model of Intrusion Analysis

Answer 3

A framework for analyzing cybersecurity incidents and intrusion by exploring the relationships between four core features: adversary, capability, infrastructure, and victim.

Note: model is used to represent an intrusion event.

Question 4

4.2 Exercises

Exercise that uses an incident scenario against a framework of controls or
a red team

Answer 4

Tabletop Exercise

A tabletop exercise is a discussion of simulated emergency situations and
security incidents

Question 5

4.2 Network reconnaissance and discovery

Commercial vulnerability scanners

Answer 5

Nessus and Qualysguard

Question 6

4.4 SOAR

Runbooks

Answer 6

An automated version of a playbook that leaves clearly defined
interaction points for human analysis

Question 7

4.4 SOAR

Playbooks

Answer 7

A checklist of actions to perform to detect and respond to a specific type
of incident

Question 8

Has a seven-step method that starts with reconnaissance and then moves into weaponization, delivery, exploitation,
installation, command and control,
and action on objectives.

Note: linear process

Answer 8

*4.2 Attack frameworks

Cyber Kill Chain

Question 9

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques and common knowledge or procedures.

Note: matrices model process

Answer 9

4.2 Attack frameworks

MITRE ATT&CK Framework

Question 10

A framework for analyzing cybersecurity incidents and intrusion by exploring the relationships between four core features: adversary, capability, infrastructure, and victim.

Note: model is used to represent an intrusion event.

Answer 10

4.2 Attack frameworks

Diamond Model of Intrusion Analysis

Question 11

Tabletop Exercise

A tabletop exercise is a discussion of simulated emergency situations and
security incidents

Answer 11

4.2 Exercises

Exercise that uses an incident scenario against a framework of controls or
a red team

Question 12

Nessus and Qualysguard

Answer 12

4.2 Network reconnaissance and discovery

Commercial vulnerability scanners

Question 13

An automated version of a playbook that leaves clearly defined
interaction points for human analysis

Answer 13

4.4 SOAR

Runbooks

Question 14

A checklist of actions to perform to detect and respond to a specific type
of incident

Answer 14

4.4 SOAR

Playbooks

Question 15

Act of removing data in such a way that it cannot be reconstructed using
any known forensic techniques

Answer 15

4.1 Data Sanitization

Purging (Sanitizing)

Question 16

4.2 Incident Response Process steps

Answer 16

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lesson Learned