Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security SY0-701 + > Incident Response Process (OBJ 4.8) > Flashcards

Incident Response Process (OBJ 4.8) Flashcards

1
Q

7 Step of Incident Response

A
  1. Preparation
  2. Detection
  3. Analysis
  4. Containment
  5. Eradication
  6. Recovery
  7. Post-Incident Activity/ Lesson Learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Preparation Phase

A

Policy, standard, training, testing and exercises of simulated incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Detection Phase

A

Identifies security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Analysis Phase

A
  • Involves a thorough examination and evaluation of the incident.
  • Stakeholders are notified
  • containment begins
  • initial response actions are taken.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Containment

A

Limit the scope and magnitude of the incident by securing data and protecting business operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Eradication

A

Starts after containment and aims to remove malicious activity from the system network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hybrid Password samples

A

admin1
Xyz@123
qwertyABCD!
$ecUr3P@55

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Penetration Testing tools

A

Metabolites
Cobalt Strike
Kali Linux
ParrotOS
Commando OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Directory Traversal Attack sample

A

Time | Source IP | Request URL | HTTP Status
18:02:00 | 198.51.100.2 | /images/logo.png | 200

18:02:10 | 198.51.100.2 | /css/style.css | 200

18:02:15 | 198.51.100.2 | /api/products | 200

18:02:20 | 198.51.100.2 | /../../../etc/passwd | 404

18:02:25 | 198.51.100.2 | /images/../../../../etc/shadow | 404

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Distributed Denial of Service

A

Time | Source IP | Destination IP | Destination Port | Protocol | Event | Packets

20:00:00 | 192.0.2.10 | 203.0.113.5 | 80 | TCP | Connection Attempt | 10000

20:00:01 | 192.0.2.11 | 203.0.113.5 | 80 | TCP | Connection Attempt | 10000

20:00:01 | 192.0.2.12 | 203.0.113.5 | 80 | TCP | Connection Attempt | 10000

20:00:01 | 192.0.2.13 | 203.0.113.5 | 80 | TCP | Connection Attempt | 10000

20:00:01 | 192.0.2.14 | 203.0.113.5 | 80 | TCP | Connection Attempt | 10000

20:00:02 | 192.0.2.250 | 203.0.113.5 | 80 | TCP | Connection Attempt | 10000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

XML injection

A

Time | Source IP | Request URL | HTTP Status | Payload

21:45:00 | 203.0.113.4 | /api/createUser | 200 | <user><name>John</name><password>abc123</password></user>

21:45:05 | 203.0.113.4 | /api/createUser | 200 | <user><name>Jane</name><password>xyz789</password></user>

21:45:10 | 203.0.113.4 | /api/createUser | 400 | <user><name>Bob</name><password>123&<isAdmin>1</isAdmin></password></user>

21:45:15 | 203.0.113.4 | /api/createUser | 400 | <user><name>Alice</name><password>456<!-- injected --></password></user>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Playbook

A

Is a checklist of actions for specific incident responses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Runbook

A

Automated versions of playbooks with human interaction points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security SY0-701 + (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions