Domain 7: (Security Operations) Flashcards
What used to create a threat model using entity behavior and enables analysis to uncover more details around anomalous events?
User and Entity Behavior Analytics
UEBA
What IT security principles help prevents security incidents, limit the scope of incidents when they occur and is implemented in secure networks?
Need-to-Know
Principle of Least Privilege
What helps prevents collusion within an org?
Separation of Duties
Job Rotation
What stipulate performance expectations such as maximum downtimes and often include penalties if the vendor doesn’t meet expectations?
Service-Level Agreements
What includes ensuring that resources are deployed in a secure manner and maintained in a secure manner throughout their lifecycles?
Secure Provisioning
What are the primary component that manages virtual assets, but also provide attackers with an additional target?
Hypervisors
What provides the least amount of maintenance and security in the IaaS model?
Cloud Service Provider
CSP
In a IaaS, what is the cloud service provider responsible for?
Networking
Storage
Servers
Virtualization
In a PaaS, what is the cloud service provider responsible for?
Networking
Storage
Servers
Virtualization
OS
Middleware
Runtime
In an SaaS what is the cloud service provider responsible for?
Everything
What uses a labeling or numbering system to track changes in updated versions of software?
Versioning
What verifies the deployment of approved patches to systems?
System Audits
What is the patch management process?
Evaluate Patches
Test Patches
Approve the Patches
Deploy the Patches
Verify the patches are deployed
What are the steps in incident response?
Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned
What are common DoS attacks?
SYN flood attacks
Smurf attacks
Ping of Death attacks
What attack disrupts the TCP three-way handshake?
SYN flood attack
What attack employs an amplification network to send numerous response packets to a victim?
Smurf attack
What attack sends numerous oversized ping packets to the victim, causing the victim to freeze, crash, or reboot.
Ping of Death attack
What is a collection of compromised computing devices often called bots or zombies.
Botnet
What describes a criminal who uses a command-and-control server to remotely control the zombies, often use the botnet to launch attacks on other systems.
Bot Herder
What is the process of extracting elements from a large body of data to construct a meaningful representation of summary of the whole?
Sampling
What uses precise mathematical functions to extract meaningful information from a large volume of data?
Statistical Sampling
What is a form of nonstatistical sampling that records only events that exceed a threshold?
Clipping
What are key elements in displaying due care?
Security Audits and effectiveness reviews
What ensures that the principle of least privilege is followed and often focused on privileged accounts?
User Entitlement Audit
What is the process where orgs expecting lawsuit have a duty to preserve digital evidence?
eDiscovery