Domain 7 (Security Operations) Flashcards
Definition of an Event?
An observable change in state
Definition of Alerts?
Flagged events that may require further investigation to determine if an incident has taken place
Definition of Incident?
Adverse impact to the system or network
What are the four steps of Incident Response?
Preparation (training, hiring);
Detection and Analysis;
Containment, eradication and recovery;
Post-Incident review
Definition of a Problem?
An incident with an unknown cause
What are the five rules of Digital Evidence?
Must be: Authentic Accurate Complete Convincing Admissible
What are the seven steps of Forensic Investigation?
Identification Preservation Collection Examination Analysis Presentation Decision
What is Locard’s principle of exchange?
When a crime is committed, the attackers takes something and leaves something behind
What history must be recorded for the Chain of Custody?
How the evidence was: Collected Analyzed Transported Perserved
What are the eight types of Evidence?
Direct evidence Real evidence Best evidence Secondary evidence Corroborative evidence Circumstantial evidence Hearsay evidence Demonstrative evidence
What is Direct Evidence?
Can prove a fact by itself and does not need backup information
What is Real Evidence?
Smoking gun. Object used in a crime.
What is Best Evidence?
Most reliable - signed contract
What is Secondary Evidence?
Not strong enough to stand alone but can support another. IE Expert opinion
What is Corroborative Evidence?
Support evidence. Backs up other information presented.
