Domain 7 Security Operations Flashcards

1
Q

What is the 8-step lifecycle of Incident Management?

A
  1. Preparation
  2. Detection (Identification)
  3. Response (Containment)
  4. Mitigation (Eradication)
  5. Reporting
  6. Recovery
  7. Remediation
  8. Lessons Learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of IPS response prevents authorised traffic?

A

False Positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Our Intrusion Prevention Systems (IPS) has blocked permitted traffic. What is this an example of?

A

False Positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When our Intrusion Prevention Systems (IPS) allows permitted traffic pass, that is an example of what?

A

True Negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Our Intrusion Prevention Systems (IPS) has blocked malicious traffic. What is this an example of?

A

True positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of control is application whitelisting?

A

Preventative and (Detective)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of control is configuration management?

A

Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some asset management techniques?

A

Configuration Management
Patch Management
Change Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the generalised flow of Change Management?

A
  1. Identify the change
  2. Propose the change.
  3. Assess the change (i.e. risks, impacts, benefits)
  4. Provisional change approval
  5. Testing the change (roll back if fail)
  6. Schedule the change
  7. Change notification for impacted parties
  8. Implementing the change
  9. Post implementation reporting

Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is one of the most important way to ensure fault tolerance?

A

Backing up of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a copy backup?

A

Essentially a full backup but does not flip the archive bit back to 0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Does RAID 0 provide fault tolerance?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How many disk failures can RAID 5 take?

A

Only one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What common temperature should data centres be kept at?

A

66-77 F (20-25C)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the allowable temperature range for data centers?

A

59-90 F (15-32 C)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What should the humidity be kept in for data centers?

A

40-60%

17
Q

What is the RPO?

A

Recovery Point Objective - Acceptable amount of data that cannot be recovered. i.e. the maximum tolerable data loss for each system.

18
Q

What is the Maximum Tolerable Downtime (MTO)?

A

Total time a system can be inoperable before org is severely impacted
MTD > RTO + WRT

19
Q

What is RTO?

A

Recovery Time Objective - Time to restore the system (hardware)

20
Q

What is WRT?

A

Work Recovery Time - Time required to configure a recovered system.

21
Q

What is the MTBF?

A

Mean Time Between Failures - how long a new or repaired system or component will function on average before failing

22
Q

What is the MTTR?

A

How long it will take to recover a failed system.

23
Q

What is the MOR?

A

Minimum Operating Requirements - minimum environmental and connectivity requirements for our critical system to function.

24
Q

What is the COOP?

A

Continuity of Operations Plan
How we keep operating in a disaster, how do we get staff to alternate sites, what are all the operational things we need to ensure we function.

25
Q

What is the BRP?

A

Business Recovery Plan - Steps needed to take to restore normal business after recovering from a disruptive event.
This could be going from failover site to primary site.

26
Q

What is the rescue team in BCP?

A

Responsible for dealing with the disaster at it happens. Evacuates employees, notifies the appropriate personnel, pulls the network from the infected server, shuts down system and initial damage assessment.

27
Q

What is the recovery team in BCP?

A
  • Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. They get the most critical systems up first.
28
Q

What is the salvage team?

A
  • Responsible for returning full infrastructure, staff and operations to the primary site or new facility of old site is destroyed.
  • They get the least critical systems up first.
29
Q

What is the BCP Framework?

A

NIST 800-34 - Contingency Planning Guide for Federal Information Systems

30
Q

What is the difference between BIA and BCP?

A

A business continuity plan (BCP) describes what steps must be taken in case of an outage or disruption, whereas a BIA identifies the risk that could prompt the outage as well as the critical business functions that could be impacted by the outage and prioritizes these for recovery.

31
Q
A