Manage Security Risks Flashcards

module four

1
Q

What is a playbook in the context of cybersecurity?

A

A manual that provides details about any operational action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is incident response?

A

A manual that provides details about any operational action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is incident response?

A

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are playbooks used in conjunction with SIEM tools?

A

Playbooks provide analysts with instructions about how to address issues flagged by SIEM tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are SOAR tools used for?

A

To automate repetitive tasks generated by tools such as a SIEM or managed detection and response (MDR).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When should playbooks be updated?

A

When a failure is identified, industry standards change, or the cybersecurity landscape evolves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the preparation phase in an incident response playbook?

A

To document procedures to be followed in the event of a security breach, establish staffing plans, and educate employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the detection and analysis phase involve in an incident response playbook?

A

Using tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the goal of the containment phase in an incident response playbook?

A

To prevent further damage and reduce the immediate impact of a security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens during the eradication and recovery phase of an incident response playbook?

A

Restoring affected data using a clean backup created before the incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the focus of the post-incident activity phase in an incident response playbook?

A

To document the incident, learn from it, and implement improvements to enhance overall security posture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do playbooks help ensure compliance with laws and regulations?

A

By providing detailed actions for security teams to follow, ensuring consistent and compliant responses to incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a common misconception about playbooks?

A

That they should not be updated; in reality, they should be treated as living documents and updated frequently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do playbooks contribute to business continuity plans?

A

By outlining steps to recover and continue operations despite disruptions like security breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the common steps included in incident and vulnerability playbooks?

A

Preparation, Detection, Analysis, Containment, Eradication, Recovery, and Post-incident activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the role of the coordination phase in an incident response playbook?

A

To share information about the incident with relevant government agencies or stakeholders.

17
Q

What type of playbooks are commonly used by entry-level cybersecurity professionals?

A

Incident and vulnerability response playbooks.

18
Q

How do playbooks minimize errors during incident response?

A

By ensuring that important actions are performed within a specific timeframe and following predefined steps.

19
Q

Why is a sense of urgency essential in incident response playbooks?

A

Because the level of risk to the organization depends on the potential damage to its assets.

20
Q

How do SIEM tools and playbooks work together in incident response?

A

SIEM tools detect threats and generate alerts, while playbooks provide a structured response strategy.

21
Q

What action can a security analyst take when assessing a SIEM alert?

A

Analyze log data and related metrics.

22
Q

Why is it important to document incidents and responses?

A

To ensure the organization is better prepared to handle future security events and to improve response strategies

23
Q

How do playbooks help security teams during a ransomware attack?

A

By providing detailed recovery procedures to follow.

24
Q

What should be included in a playbook for a security incident?

A

Detailed steps, responsible individuals, and actions to take in response to the incident.

25
Q

What is a key takeaway about the use of playbooks in cybersecurity?

A

They provide structure, ensure compliance, and help reduce the impact of security incidents.

26
Q

What are some examples of resources for playbook templates outside the U.S.?

A

UK National Cyber Security Center (NCSC), Australian Government Cyber Incident Response Plan, Japan Computer Emergency Response Team (JPCERT/CC), Government of Canada Ransomware Playbook, and Scottish Government Playbook Templates.