Domain 7 Security Operations

Question 1

What is the 8-step lifecycle of Incident Management?

Answer 1

1. Preparation
2. Detection (Identification)
3. Response (Containment)
4. Mitigation (Eradication)
5. Reporting
6. Recovery
7. Remediation
8. Lessons Learned

Question 2

What type of IPS response prevents authorised traffic?

Answer 2

False Positive

Question 3

Our Intrusion Prevention Systems (IPS) has blocked permitted traffic. What is this an example of?

Answer 3

False Positive

Question 4

When our Intrusion Prevention Systems (IPS) allows permitted traffic pass, that is an example of what?

Answer 4

True Negative

Question 5

Our Intrusion Prevention Systems (IPS) has blocked malicious traffic. What is this an example of?

Answer 5

True positive

Question 6

What type of control is application whitelisting?

Answer 6

Preventative and (Detective)

Question 7

What type of control is configuration management?

Answer 7

Preventive

Question 8

What are some asset management techniques?

Answer 8

Configuration Management
Patch Management
Change Management

Question 9

What is the generalised flow of Change Management?

Answer 9

1. Identify the change
2. Propose the change.
3. Assess the change (i.e. risks, impacts, benefits)
4. Provisional change approval
5. Testing the change (roll back if fail)
6. Schedule the change
7. Change notification for impacted parties
8. Implementing the change
9. Post implementation reporting

Lessons Learned

Question 10

What is one of the most important way to ensure fault tolerance?

Answer 10

Backing up of data.

Question 11

What is a copy backup?

Answer 11

Essentially a full backup but does not flip the archive bit back to 0.

Question 12

Does RAID 0 provide fault tolerance?

Answer 12

No

Question 13

How many disk failures can RAID 5 take?

Answer 13

Only one.

Question 14

What common temperature should data centres be kept at?

Answer 14

66-77 F (20-25C)

Question 15

What is the allowable temperature range for data centers?

Answer 15

59-90 F (15-32 C)

Question 16

What should the humidity be kept in for data centers?

Answer 16

40-60%

Question 17

What is the RPO?

Answer 17

Recovery Point Objective - Acceptable amount of data that cannot be recovered. i.e. the maximum tolerable data loss for each system.

Question 18

What is the Maximum Tolerable Downtime (MTO)?

Answer 18

Total time a system can be inoperable before org is severely impacted
MTD > RTO + WRT

Question 19

What is RTO?

Answer 19

Recovery Time Objective - Time to restore the system (hardware)

Question 20

What is WRT?

Answer 20

Work Recovery Time - Time required to configure a recovered system.

Question 21

What is the MTBF?

Answer 21

Mean Time Between Failures - how long a new or repaired system or component will function on average before failing

Question 22

What is the MTTR?

Answer 22

How long it will take to recover a failed system.

Question 23

What is the MOR?

Answer 23

Minimum Operating Requirements - minimum environmental and connectivity requirements for our critical system to function.

Question 24

What is the COOP?

Answer 24

Continuity of Operations Plan
How we keep operating in a disaster, how do we get staff to alternate sites, what are all the operational things we need to ensure we function.

Question 25

What is the BRP?

Answer 25

Business Recovery Plan - Steps needed to take to restore normal business after recovering from a disruptive event.
This could be going from failover site to primary site.

Question 26

What is the rescue team in BCP?

Answer 26

Responsible for dealing with the disaster at it happens. Evacuates employees, notifies the appropriate personnel, pulls the network from the infected server, shuts down system and initial damage assessment.

Question 27

What is the recovery team in BCP?

Answer 27

• Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. They get the most critical systems up first.

Question 28

What is the salvage team?

Answer 28

• Responsible for returning full infrastructure, staff and operations to the primary site or new facility of old site is destroyed.
• They get the least critical systems up first.

Question 29

What is the BCP Framework?

Answer 29

NIST 800-34 - Contingency Planning Guide for Federal Information Systems

Question 30

What is the difference between BIA and BCP?

Answer 30

A business continuity plan (BCP) describes what steps must be taken in case of an outage or disruption, whereas a BIA identifies the risk that could prompt the outage as well as the critical business functions that could be impacted by the outage and prioritizes these for recovery.