Operations and Incident Response

Question 1

What analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?

Answer 1

The MITRE ATT&CK framework

Explanation - The MITRE ATT&CK framework provides explicit pseudo-code examples for how to detect or mitigate a given threat within a network and ties specific behaviors back to individual actors.

Question 2

What platform utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?

Answer 2

Infrastructure as Code (IaC)

Explanation - IaC is designed with the idea that a well-coded description of the server/network operating environment will produce consistent result across an enterprise, and significantly reduce IT overhead costs.

Question 3

What should be used as a checklist of actions to perform in order to detect and respond to an ongoing spearphishing campaign against an organization?

Answer 3

A “Playbook” is a checklist of actions to perform to detect and respond to a specific type of incident.

Question 4

What practices should be implemented to ensure that none of its computers can run a peer-to-peer file sharing program on an office environment?

Answer 4

Application Blacklisting

Explanation - Implementing this practice will block and limit the number of known programs.

Question 5

What is the correct order for the Incident Response process?

Answer 5

• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons Learned

Question 6

What action should be done FIRST after forensically imaging a hard drive for evidence in an investigation?

Answer 6

Create a hash digest of the source drive and the image file to ensure both match