Domain 7 Security Operations Flashcards
What is the 8-step lifecycle of Incident Management?
- Preparation
- Detection (Identification)
- Response (Containment)
- Mitigation (Eradication)
- Reporting
- Recovery
- Remediation
- Lessons Learned
What type of IPS response prevents authorised traffic?
False Positive
Our Intrusion Prevention Systems (IPS) has blocked permitted traffic. What is this an example of?
False Positive
When our Intrusion Prevention Systems (IPS) allows permitted traffic pass, that is an example of what?
True Negative
Our Intrusion Prevention Systems (IPS) has blocked malicious traffic. What is this an example of?
True positive
What type of control is application whitelisting?
Preventative and (Detective)
What type of control is configuration management?
Preventive
What are some asset management techniques?
Configuration Management
Patch Management
Change Management
What is the generalised flow of Change Management?
- Identify the change
- Propose the change.
- Assess the change (i.e. risks, impacts, benefits)
- Provisional change approval
- Testing the change (roll back if fail)
- Schedule the change
- Change notification for impacted parties
- Implementing the change
- Post implementation reporting
Lessons Learned
What is one of the most important way to ensure fault tolerance?
Backing up of data.
What is a copy backup?
Essentially a full backup but does not flip the archive bit back to 0.
Does RAID 0 provide fault tolerance?
No
How many disk failures can RAID 5 take?
Only one.
What common temperature should data centres be kept at?
66-77 F (20-25C)
What is the allowable temperature range for data centers?
59-90 F (15-32 C)