Domain 4: Operations and Incident Response Flashcards
What is incident response?
Incident response is the process of identifying, investigating, and responding to security incidents to minimize damage and restore normal operations.
What is a SIEM (Security Information and Event Management) system?
A SIEM system is a tool that collects, correlates, and analyzes security data from various sources to detect and respond to security incidents.
What is a forensics investigation?
A forensics investigation is the process of collecting, preserving, analyzing, and presenting digital evidence in a manner suitable for legal proceedings.
What is a playbook in cybersecurity?
A playbook is a predefined set of procedures and steps to be followed during specific types of security incidents or attacks.
What is a vulnerability scan?
A vulnerability scan is an automated process that identifies security weaknesses in systems, networks, and applications.