LP - Automation, Orchestration, & Incident Response

Question 1

Orchestration involves managing several or many

Answer 1

automated tasks or processes

Question 2

Automation invooles generating a single task to run automatically

Answer 2

without any human intervention

Question 3

IdM stands for

Answer 3

Identity management

Question 4

Security group firewalls are on layer

Answer 4

3/5 and are stateful packet filters

Question 5

Benefits of Automation

Answer 5

1. Efficiency and productivity
2. Time Savings
3. Enforcing baselines
4. Standard infrastructure configuration
5. Secure scalability
6. Employee retention
7. Reaction time
8. Force multiplier

Question 6

SPOF stands for

Answer 6

single point of failure

Question 7

Incident Response Life Cycle

Answer 7

Preparation - detection - analysis and escalation - containment - eradication and recovery - lessons learned

Question 8

IRT stands for

Answer 8

incident response team

Question 9

MSSP stands for

Answer 9

managed security service providers

Question 10

PUPs stand for

Answer 10

potentially unwanted programs

Question 11

RCA stands for

Answer 11

root cause analysis

Question 12

Root cause analysis (RCA) steps

Answer 12

1. Define the problem
2. Collect data
3. Identify possible causal factors
4. Identify the root cause(s)
5. Recommend and implement solutions

Question 13

Cyber Kill Chain is

Answer 13

A - advanced - Targeted, coordinated, purposeful
P- persistent - Targeted, coordinated, purposeful
T - threat - Person(s) with intent, opportunity and capability

Question 14

7-step Cyber Kill Chain

Answer 14

1. Recon
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command and control
7. Exfiltration of data

Question 15

E-discovery phases are:

Answer 15

1. Identifying and collecting documents
2. Sorting through data by relevance
3. Creating production sets
4. Data management

Question 16

Order of Volatility

Answer 16

1. CPU and its cache
2. Kernel statistics, tables and caches
3. Memory (RAM)
4. Temporary file systems and swap/slack space
5. Disk drives and volumes
6. attached removable drives
7. Logged data to a remote location
8. Copies of data to archived media/cloud

Question 17

SOAR (security orchestration, automation and response) can do one or more of these

Answer 17

• Threat and vulnerability management
• Incident response
• Security operations automation

Question 18

Four types of SOAR automation

Answer 18

• Defensive
• Forensic
• Offensive
• Deception

Question 19

Three types of SOAR action

Answer 19

• Enrichment
• Esclation
• Mitigation