Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PCS - CCSA - Certified Cyber Security Architect > Module 4 > Flashcards

Module 4 Flashcards

1
Q

4 steps to incident response life cycle

from NIST 800-61 R2

A
  1. Preparation
  2. Detection and Analysis
  3. containment, eradication, recovery
    4 post incident activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are the 4 functional impact categories and explain them

A
  1. None
  2. Low
  3. Medium
  4. High
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what are the four informational impact categories

A
  1. None
  2. privacy breach
  3. proprietary breach
  4. integrity loss
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

list 7 incident attack vectors

A
  1. External/Removable media
  2. attrition - brute force methods
  3. web
  4. email
  5. improper usage - resulting from a violation of acceptable use policies
  6. loss or theft of equipment
    7, other - this attack does not fit in the other categories
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what incident response life cycle step do the actions below belong in

    • choosing a containment strategy
    • evidence gathering and handling
  • -identify the attacking hosts
    • eradication and recovery
A

containment, eradication, and recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what part of the incident life cycle do these actions belong to

    • lessons learned
    • using collected incident data
    • evidence retention
A

Post-Incident Activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is CSIRT

A

computer security incident response team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is the function of CSIRT

A

responsible for providing incident response services to part or all of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

define incident response plan

A

provides the roadmap for implementing the incident response capabilities - provides foundation for the response policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

define incident response policy

A

policy governing incident response is highly individualized to the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

define incident procedures

A

SOP (standard operating procedures)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what are some parties your incident response team might be communicating with

A
  1. other incident response teams
  2. internet service provider
  3. incident reporters
  4. law enforcement agencies
  5. software and support vendors
  6. customer constituents, and media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

impact categories low, medium, high are based off what standards

A

FIPS 199

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is the acronym FIPS

A

Federal Information Processing standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what functional impact category would this definition below to:
minimal effect: the organization can still provide all critical services to all users but has lost efficiency

A

Low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what functional impact category would this definition below to:
organization has lost the ability to provide a critical service to a subset of system users

A

Medium

17
Q

what functional impact category would this definition below to:
organization is no longer able to provide some critical services to any users

A

High

18
Q

what Information impact category would this definition belong to:
sensitive personally identifiable information(PII) of taxpayers, employees, beneficiaries, etc. was accessed or exfiltrated

A

privacy breach

19
Q

what Information impact category would this definition belong to:
unclassified proprietary information such as Protected Critical Infrastructure Information(PCII) was accessed or breached

A

proprietary breach

20
Q

what Information impact category would this definition belong to:
sensitive or proprietary information was changed or deleted

A

integrity loss

21
Q 
attack vectors like those below would belong to what step of incident response/security  life cycle:
external/removable media
attrition
web
email
impersonation
improper usage
A

detection and analysis

22
Q 
what incident response step would the items/actions below belong to:
port list
current baseline
laptops
contact information
incident reporting mechanism
war room
A

preparation

23
Q

what step in the incident response cycle do these actions belong to:
evidence gathering and handling
identifying the attack hosts
eradication and recovery

A

containment, eradication and recovery

PCS - CCSA - Certified Cyber Security Architect (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions