Final

Question 1

Incident response handling consists of:

Answer 1

 Incident reporting
 Incident analysis
 Incident response

Question 2

Incident life cycle phases

Answer 2

 Preparation
 Detection, collection, and analysis
 Containment, eradication, and recovery
 Post-incident activity: documenting, reporting, reviewing the incident

Question 3

Collecting Digital Evidence

Answer 3

 Preserve incident-related data ASAP
 Collect volatile data first then non-volatile
 Clearly defined chain of custody: to prevent allegations of tampering of evidence; keep detailed log of each step with photos

Question 4

Risk

Answer 4

function of the probability of occurrence of a loss and the cost of a loss

Question 5

Threat

Answer 5

Potential cause of an incident

Question 6

Vulnerability

Answer 6

Weakness of asset(s) that can be exploited by a threat

Question 7

Six Processes in Risk assessment

Answer 7

 Context establishment 
 Risk assessment 
 Risk treatment 
 Risk acceptance 
 Risk communication and consultation 
 Risk monitoring and review

Question 8

Context Establishment

Answer 8

Prerequisite: understand organization (business purpose, mission, values, ect), determine purpose of process, set basic criteria, scope, boundaries, establish organization operating the process

Question 9

3 Subprocesses

Answer 9

1. Risk Identification
2. Risk Analysis
3. Risk Evaluation

Question 10

Risk Identification

Answer 10

identify what/how/where/why could happen

Question 11

Risk analysis

Answer 11

 Quantitative: use numerical values to describe magnitude of potential consequences and their likelihood
 Qualitative: use high-med-low scale

Question 12

Risk evaluation

Answer 12

 Compare risk level with risk acceptance criteria

 Output: prioritized list of risks

Question 13

Risk Treatment

Answer 13

• select security measures(reduce, retain, avoid/transfer risk)
• reduce risk by reducing: threat’s potential, impact of successful attack
• security measure evaluation: cost, efficiency/effectiveness, timeframe

Question 14

Risk communication & consultation

Answer 14

 Residual risks: Risk level that remains after security measures have been applied
 Goal of risk communication: Establish a common understanding of risk among the organization’s stakeholders
 Plan for communication under both normal and emergency conditions

Question 15

Risk monitoring & review

Answer 15

 Risk management is a never-ending process
 Regularly review threats and security measures : Performance may degrade over time
 Conduct regular internal, independent audits
 Keep documentation up to date

Question 16

Type of occurrences to consider

Answer 16

 Loss of Internet access
 Loss of bidirectional communication
 Loss of life
 Loss of data

Question 17

Physical Security Threat categories

Answer 17

 Environmental threats
 Technical threats
 Human-caused threats

Question 18

Environmental Threats

Answer 18

 Inappropriate temperature and humidity
 Fire and smoke
 Chemical, radiological, and biological hazards
 Water damage
 Dust
 Infestation

Question 19

Technical Threats

Answer 19

 Electrical power: undervoltage, dips in voltage supply, brownouts, power outages
 Electromagnetic interference

Question 20

Human-Caused Physical Threats

Answer 20

Unauthorized access, Theft, Vandalism/misuse

Question 21

Reconnaissance tools

Answer 21

Ping, traceroute, port scan, os discovery, vulnerability scanner

Question 22

Compromise Tools

Answer 22

pass attacks, exploit attack code, buffer overflow, SQL injection, automated custom attack toolkits, social engineering

Question 23

Cover-up Methods

Answer 23

change logs, rootkits, tunneling, encryption, fragment IP packets