Lesson 12 - Incident Response and Monitoring Concepts Flashcards

1
Q

IR

A

Incident Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SIEM

A

Security Information and Event Management
- A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SOAR

A

Security Orchestration, Automation and Response
- a set of tools and technologies that help organizations manage and respond to security threats efficiently by integrating security tools, automating tasks, and coordinating incident responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CIRT

A

Computer Incident Response Team
- a specialized team responsible for detecting, containing, and responding to cyber incidents, minimizing damage and restoring normal operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CSIRT

A

Computer Security Incident Response Team
- a specialized group of IT professionals who are responsible for responding to and mitigating cybersecurity incidents, ensuring a swift and effective recovery while also preventing future occurrences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CERT

A

Computer Emergency Response Team
- a group of security experts tasked with protecting against, detecting, and responding to cybersecurity incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SOC

A

Security Operations Center
- a centralized function that monitors, detects, and responds to security incidents, employing people, processes, and technology to protect an organization’s assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IRP

A

Incident Response Plan
- Specific procedures that must be performed if a certain type of event is detected or reported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

LLR

A

Lesson Learned Report
- An analysis of events that can provide insight into how to improve response and support processes in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AAR

A

After-Action Report
- a structured document that analyzes a cybersecurity incident or exercise to identify lessons learned and areas for improvement, ultimately enhancing future preparedness and response capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ESI

A

Electronically Stored Information
- encompassing any data held in digital form (emails, documents, databases, etc.) that can be crucial in legal matters, investigations, or compliance, requiring robust security and management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ARP

A

Address Resolution Protocol
- the process of connecting dynamic IP addresses to a physical machine MAC addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

UTC

A

Universal Coordinated Time
- a time standard used for global synchronization of events and data, including cybersecurity incidents and logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

EPP

A

Endpoint Protection Platform
- a suite of security technologies designed to protect endpoint devices (like laptops, desktops, and servers) from various threats, including malware, by combining multiple security functions into a single, centralized system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

MUA

A

Mail User Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

MDA

A

Mail Delivery Agent

17
Q

MTA

A

Message Transfer Agent

18
Q

SNMP

A

Simple Network Management Protocol
- an application-layer protocol that transmits management data between network devices.

19
Q

SCAP

A

Security Content Automation Protocol
- a framework of open standards that automates vulnerability management, measurement, and policy compliance evaluation, enabling organizations to efficiently identify, assess, and remediate security issues

20
Q

OVAL

A

Open Vulnerability and Assessment Language
- an XML schema for describing system security state and querying vulnerability reports and information.

21
Q

XCCDF

A

Extensible Configuration Checklist Description Format
- an XML schema for developing and auditing best practice configuration checklists and rules.