Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CWO > Incident Handling > Flashcards

Incident Handling Flashcards

1
Q

What is a comprehensive incident report completed on all CAT I, II, IV and VIIs

A

AFCIR (AF Cyber Incident Report)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Category 1

A

Root Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Explained Anomaly

A

Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

User Level

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Investigating

A

Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the Mission Assurance Categories (MACs)

A

MAC I, II, III

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the phases contained in the standard AF incident response process

A

Preparation, Detection, Isolation & Containment, Secure, Recover, Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What incident response phase sees 90% accomplished when the system is removed from the network

A

Isolation and Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What MAC says the system is IMPORTANT to the support of deployed forces

A

MAC level II

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What incident response phase sees Operational & technical impact assessed

A

Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Category 4

A

Denial Of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Category 6

A

Reconnaisance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Category 8

A

Investigating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What incident response phase sees advanced forensic analysis, malware submitted to AV vendors, software vendors notified of exploited vulnerabilities

A

Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What incident response phase sees Signatures Developed

A

Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who produces/disseminates the AFCIR

A

33rd NWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What incident response phase sees the SysPOC completed

A

Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What incident response phase sees New TTP potentially incorporated into authorized procedures

A

Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Of the 9 CAT events, which one is User Level Intrusion

A

CAT II: (Incident)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Of the 9 CAT events, which one is Unsuccessful Activity Attempt

A

CAT III: (Event)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What MAC says the system is VITAL to operational readiness or mission effectiveness of deployed forces

A

MAC level I

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Of the 9 CAT events, which one is NON-COMPLIANCE Activity/Poor Security Practice

A

CAT V: (Event)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Reconnaisance

A

Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hi there What does this mean?

Of the 9 CAT events, which one is Root Level Intrusion

A

CAT I: (Incident)

16
Category 3
Unsuccessful Login Attempt
17
If needed in Detection phase, who will be called for forensics?
33 NWS FAT (Forensic Analysis Team)
19
Which CAT Events constitutes incidents
CAT I, II, IV, & VII
20
What is the main purpose of FRED/FLUFFE
Find True Source IP
21
What incident response phase sees Compromised system restored to pristine state
Recover
23
Root Level
Incident
24
Of the 9 CAT events, which one is Explained Anomaly
CAT IX: (Event)
25
What incident response phase sees compromised credentials reset
Isolation and containment
26
Example of: Root
Unrestricted Access to an Information system
27
Example of: Reconnaissance
Nmapping Subnet
29
Of the 9 CAT events, which one is Under Investigation
CAT VIII: (Event)
32
What incident response phase sees Cyber Operational Risk Assessment provided if data extracted
Secure
33
Of the 9 CAT events, which one is Malicious Logic
CAT VII: (Incident)
34
What 4 units are involved with the Preparation phase of Incident Response
33rd NWS, AFOSI, INOSC, NCC Personnel
35
What incident response phase see suspicious activity, base is tasked to investigate and run First Responder's Evidence Disk (FRED)?
Detection
36
What is designed to acquire data from a live system
FRED/FLUFFE
37
Category 5
Non-Compliance
38
Unsuccessful Login Attempt
Event
39
What incident response phase sees the system removed if not mission critical and an upgrade determination is made?
Detection
40
What incident response phase sees blocks accomplished (IP/MAC, Ports/DNS Blackhole)
Isolation and Containment
41
What is a remote investigation solution to collect, process, search, analyze, and report
Encase
42
Category 7
Malicious Logic
43
What MAC says the INFORMATION is necessary for the conduct of day to day business
MAC level III
44
Category 9
Explained Anomaly
45
What incident response phase sees Mission Assurance Category ID'd
Secure
46
Denial Of Service
Incident
47
What is very important in finding the system during Detection
True Source IP (TSIP)
48
How much time does the 33rd have to produce an AFCIR
21 days
49
Of the 9 CAT events, which one is Denial of Service
CAT IV: (Incident)
50
Of the 9 CAT events, which one is Reconnaissance
CAT VI: (Event)
51
Malicious Logic
Incident
52
Non-Compliance
Event
53
What incident response phase sees AF Cyber Incident Report generated (33rd NWS)
Lessons Learned
54
Category 2
User Level
55
What document governs guidelines for the Preparation phase of Incident Response
CJCSM 6510 change 3 gives us all guidelines

CWO (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions