Incident response Flashcards

1
Q

Responsible for knowing how to handle security incidents
that occur within the organization and for correcting and
documenting the security issue

A

Computer incident Response Team (CIRT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Ensures all team members know their role when a security incident occurs.

A

CIRT Team Leader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

builds relationships with outside resources that may be called upon

A

CIRT Team Leader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Uses technical expertise to assess and ID scale of security incident and know how to correct issues.

A

CIRT Technical specialist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

knows how to document entire response process.

A

CIRT Documentation Specialist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Responsible for logging each incident, causes of problem and solution

A

CIRT Documentation specialist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Knows the laws and regulations that organization must follow when it comes to computer forensics and incident response

A

CIRT Legal Advisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Document created by every organization which
Define incident categories
defines team member roles and responsibilities
ID’s how/when users are supposed to report potential security incident.
plane exercises to practice for security incidents

A

Incident Response Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

First individual user to ID and react to an incident
Goal is to contain the incident
should be trained to know to to immediately respond to basic problems

A

first responder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Any observable occurrence in a system/network. sometimes provides indication that an incident is occurring

A

Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system.

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

the Phases of Incident handling process?

A

Detection and reporting of events
preliminary Analysis and ID
preliminary response
Incident Analysis
Response and recovery
Post incident analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intrusion detection systems or personnel reports
gather/report preliminary information
begin coordinating reporting/ response

A

Detection and reporting of events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

categorize the activity(if upon initial analysis you cannot determine the cause, use category 8: Investigating and update as required)
gather additional info as required
classify as required
send notification messages per SOPs

A

preliminary analysis and ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Contain incident/threat
preserve data to allow for further incident analysis
begin chain of custody docs

A

preliminary Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Analysis data to understand technical details, root causes and potential impact

A

Incident analysis

17
Q

prevent further damage
restore integrity of systems
implement follow up strategies

A

Response and recovery

18
Q

review lessons learned
root causes
problems executing COAs
missing policies/ procedures
inadequate infrastructures

A

post-incident analysis

19
Q

Series of analytical steps taken to find out what happened in an incident, to include to root cause
The cyber incident analysis process is outlined in AFI 17-203

A

Incident analysis/ root cause analysis

20
Q

Incident analysis Steps?

A

Gather Information
Validate the incident
determine the operational impact
coordinate
determine reporting requirement

21
Q

all involved personnel should identify and collect all relevant information about the incident. what Incident analysis step is this?

A

Gather Information

22
Q

Continuously review, corroborate, and update the reported incident to ensure the accuracy. what incident analysis step is this?

A

Validate the Incident

23
Q

Operational impact refers to detrimental impacts on an organizations ability to perform its mission. what incident analysis step is this?

A

determine the operational impact

24
Q

Coordinate with the victim systems owning support agencies. what incident analysis step is this?

A

Coordinate

25
Q

determine within one hour if the event or incident meets commanders critical information requirements (CCIR)
Reporting requirements. what incident analysis step is this?

A

determine reporting requirements

26
Q

Detailed analysis to include affected systems, probable attacker, attack vector used, and technical and operational impacts (if unknown)

A

Cyber Incident Report (CIR)

27
Q

Focuses on an incident, group of incidents, or network activity or on a foreign individual, group, or organization identified as a threat or potential threat to DOD networks.

A

Network Intelligence Report (NIR)