Domain 7: (Security Operations) Flashcards

1
Q

What used to create a threat model using entity behavior and enables analysis to uncover more details around anomalous events?

A

User and Entity Behavior Analytics
UEBA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What IT security principles help prevents security incidents, limit the scope of incidents when they occur and is implemented in secure networks?

A

Need-to-Know
Principle of Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What helps prevents collusion within an org?

A

Separation of Duties
Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What stipulate performance expectations such as maximum downtimes and often include penalties if the vendor doesn’t meet expectations?

A

Service-Level Agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What includes ensuring that resources are deployed in a secure manner and maintained in a secure manner throughout their lifecycles?

A

Secure Provisioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the primary component that manages virtual assets, but also provide attackers with an additional target?

A

Hypervisors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What provides the least amount of maintenance and security in the IaaS model?

A

Cloud Service Provider
CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In a IaaS, what is the cloud service provider responsible for?

A

Networking
Storage
Servers
Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In a PaaS, what is the cloud service provider responsible for?

A

Networking
Storage
Servers
Virtualization
OS
Middleware
Runtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In an SaaS what is the cloud service provider responsible for?

A

Everything

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What uses a labeling or numbering system to track changes in updated versions of software?

A

Versioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What verifies the deployment of approved patches to systems?

A

System Audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the patch management process?

A

Evaluate Patches
Test Patches
Approve the Patches
Deploy the Patches
Verify the patches are deployed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the steps in incident response?

A

Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are common DoS attacks?

A

SYN flood attacks
Smurf attacks
Ping of Death attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What attack disrupts the TCP three-way handshake?

A

SYN flood attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What attack employs an amplification network to send numerous response packets to a victim?

A

Smurf attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What attack sends numerous oversized ping packets to the victim, causing the victim to freeze, crash, or reboot.

A

Ping of Death attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a collection of compromised computing devices often called bots or zombies.

A

Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What describes a criminal who uses a command-and-control server to remotely control the zombies, often use the botnet to launch attacks on other systems.

A

Bot Herder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the process of extracting elements from a large body of data to construct a meaningful representation of summary of the whole?

A

Sampling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What uses precise mathematical functions to extract meaningful information from a large volume of data?

A

Statistical Sampling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a form of nonstatistical sampling that records only events that exceed a threshold?

A

Clipping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are key elements in displaying due care?

A

Security Audits and effectiveness reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What ensures that the principle of least privilege is followed and often focused on privileged accounts?

A

User Entitlement Audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the process where orgs expecting lawsuit have a duty to preserve digital evidence?

A

eDiscovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the eDiscovery process?

A

Information identification and governance
Preservation and collection
Processing, review, analysis
Production and presentation

28
Q

What type of evidence is considered best evidence?

A

The original evidence

29
Q

What is considered secondary evidence?

A

A copy of the original evidence

30
Q

What is direct evidence?

A

Proves or disproves an act based on the five senses

31
Q

What is considered conclusive evidence?

A

Incontrovertible, overrides all other evidence types

32
Q

What is considered circumstantial evidence?

A

Inference from other information

33
Q

What is considered corroborative evidence?

A

Supporting evidence but cannot stand on its own

34
Q

What is opinionated evidence?

A

Expert and non-expert opinions

35
Q

What is hearsay evidence?

A

Not based on first-hand knowledge

36
Q

What types of evidence may be used in a criminal or civil trial?

A

Real
Documentary
Testimonial

37
Q

What are the requirements for evidence to be admissible in a court of law?

A

Evidence must be relevant
Evidence must be material to the case
Evidence must be competent or legally collected

38
Q

What are the three recovery site types?

A

Cold
Warm
Hot

39
Q

What type of recovery site is just a data center space, power, and network connectivity that’s ready and waiting for whenever you might need it.

A

Cold

40
Q

What type of recovery site has low cost but high effort?

A

Cold

41
Q

What type of recovery site allows you to pre-install your hardware and pre-configure your bandwidth needs?

A

Warm

42
Q

What type of recovery site has medium cost and medium effort?

A

Warm

43
Q

What type of recovery site allows you to keep servers and a live backup site up and running in the event of a disaster?

A

Hot

44
Q

What type of recovery site has high cost but low effort?

A

Hot

45
Q

What describes a company that leases computer time and owns large server farms and often fields or workstations, and may be onsite or remote?

A

Service Bureau

46
Q

What is a nonmainstream alternative to traditional recovery sites, and consists of self-contained trailers or other easily relocated units?

A

Mobile Site

47
Q

What describes the age of files that must be recovered from backup storage for normal ops to resume if sys or network goes down?

A

Recovery Point Objective
RPO

48
Q

What is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity?

A

Recovery Time Objective
RTO

49
Q

What provides an inexpensive alternative to disaster recovery sites but are difficult to enforce and raises confidentiality concerns?

A

Mutual Assistance Agreements
MAA

50
Q

What are the four main steps of business continuity planning?

A

Project scope and Planning
Business Impact Assessment
Continuity Planning
Approval and Implementation

51
Q

What plan describes how to move from the disaster recovery site back to your business environment or back to normal ops?

A

Business Resumption Plan
BRP

52
Q

What describes the time determination for how long a piece of IT infrastructure will continue to work before it fails?

A

Mean Time Between Failures
MTBF

53
Q

What describes a time determination for how long it will take to get a piece of hardware/software repaired and back on-line?

A

Mean Time to Repair
MTTR

54
Q

What describes the amount of time we can be without the asset that is unavailable BEFORE we must declare a disaster and initiate the DRP?

A

Max Tolerable Downtime
MTD

55
Q

What are the core goals of the disaster recovery plan?

A

Improving responsiveness by the employees in different situations
Easing confusion by providing written procedures and participation in drills
Helping make logical decisions during a crisis

56
Q

What are the five types of disaster recovery plan tests?

A

Read-Through
Structures Walk-Through
Simulation
Test
Parallel Test

57
Q

What DRP test is where you distribute copies of disaster recovery plans to the members of the disaster recovery team for review?

A

Read-Through Test

58
Q

What describes members of the DRP team gathering in a large conference room and role-playing a disaster scenario?

A

Table-top Exercise/Structured Walk-Through

59
Q

What involved relocating personnel to the alternate recovery site and implementing site activation procedures. The employees to the site perform their disaster recovery responsibilities just as they would for an actual disaster.

A

Parallel Test

60
Q

What is the name of the team who is used to return the primary site to normal processing conditions?

A

Salvage Team

61
Q

What is the name of the team used to get critical business functions running at the alternate site?

A

Recovery Team

62
Q

What are three different backup strategies?

A

Electronic Vaulting
Remote Journaling
Remote Mirroring

63
Q

What is used to transfer database backups to a remote site as part of a bulk transfer?

A

Electronic Vaulting

64
Q

What transmits only the journal or transaction logs to the off-site facility and not the actual files?

A

Remote Journaling

65
Q

What is a live database sever maintained at a backup site and is the most advanced database backup solution and also the most expensive?

A

Remote Mirroring