Incident Response Preparation Flashcards

1
Q

Preparation
Detection and Analysis
Containment
Eradication and Recovery
Post-incident Activity

A

Incident Response Phases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The act of violating an explicit or implied security policy

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Procedures and guidelines covering appropriate priorities, actions, and
responsibilities in the event of security incidents, divided into preparation,
detection/analysis, containment, eradication/recovery, and post-incident stages

A

Incident Response Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Preparing for an incident response involves documenting your procedures,
putting resources and procedures in place, and conducting training
Make the system resilient to attack by hardening systems, writing policies and
procedures, and setting up confidential lines of communication

A

Preparation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Determine if an incident has place, triage it, and notify relevant stakeholders

A

Detection and Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers

A

Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers

A

Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Analyze the incident and responses to identify whether procedures or systems
could be improved

A

Post-incident Activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data breaches involved private or confidential data usually take priority over other
incidents

A

Data Criticality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data that can be used to identify, contact, or impersonate an individual

A

Personally Identifiable Information (PII)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Information about a subject’s opinions, beliefs, and nature that is afforded
specially protected status by privacy legislation

A

Sensitive Personal Information (SPI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Information that identifies someone as the subject of medical records, insurance
records, hospital results, or laboratory test result

A

Personal Health Information (PHI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data stored about bank accounts, investment accounts, payroll, tax returns, credit
card data, and other data about commercial transactions
Payment Card Industry Data Security Standard (PCI DSS) defines the safe handling
and storage of payment card data

A

Financial Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Information created by an organization, usually about the products or services
that it makes or provides

A

Intellectual Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Confidential data owned by a company like product, sales, marketing, legal, and
contract information

A

Corporate Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An information system that processes data critical to a mission essential function

A

High Value Assets

17
Q

The team must have a secure method of communication for managing incidents

A

Communication Plan

18
Q

Signals that are sent between two parties or two devices that are sent via a path
or method different from that of the primary communication between the two
parties or devices

A

Out-of-band Communication

19
Q

Notifications that must be made to affected parties in the event of a data breach,
as required by legislation or regulation

A

Reporting Requirements

20
Q

There are 5 distinct types of breaches

A

Data Exfiltration
Insider Data Exfiltration
Device Theft/Loss
Accidental Data Breach
Integrity/Availability Breach

21
Q

An attacker breaks into the system and transfers data to another
system

A

Data Exfiltration

22
Q

An employee or ex-employee with privileges on the system transfers
data to another system

A

Insider Data Exfiltration

23
Q

A device, such as a smartphone or laptop, containing data is lost or
stolen

A

Device Theft/Loss

24
Q

Public disclosure of information or unauthorized transfer caused by
human error or a misconfiguration

A

Accidental Data Breach

25
Q

Corruption of data or destruction of a system processing data

A

Integrity/Availability Breach

26
Q

An incident response will require coordination between different internal departments
and external agencies

A

Response Coordination

27
Q

Executives and managers who are responsible for business operations and
functional areas

A

Senior Leadership

28
Q

Governmental organizations that oversee the compliance with specific regulations
and laws

A

Regulatory Bodies

29
Q

The business or organization’s legal counsel is responsible for mitigating risk from
civil lawsuits

A

Legal

30
Q

May provide services to assist in your incident handling efforts or to prepare for
legal action against the attacker in the future

A

Law Enforcement

31
Q

Used to ensure no breaches of employment law or employee contracts is made
during an incident response

A

Human Resources (HR)

32
Q

Used to manage negative publicity from a serious incident

A

Public Relations (PR)

33
Q

Education to ensure employees and staff understand processes, procedures, and
priorities during an incident response

A

Training

34
Q

Practical exercising of incident response procedures

A

Testing

35
Q

Exercise that uses an incident scenario against a framework of controls or a red
team

A

Tabletop Exercise (TTX)

36
Q

A red team attempts to conduct an intrusion of the network using a specific
scenario based on threat modeling

A

Penetration Test