Security Operations Flashcards
What outlines the scope, objectives, limitations, and boundaries of a penetration test?
Rules of Engagement (RoE)
What is active reconnaissance?
- When a pen-tester actively probes and scans the target environment to gather information
- Ex. Port/service scans, vulnerability scans
What is passive reconnaissance?
- Involves gathering information without directly interacting with the target systems
- Ex. Monitoring traffic or analyzing publicly available information
What is required for an organization to properly manage its restore process in the event of system failure?
DRP (Disaster Recovery Plan)
What is the purpose of a RPO?
Covers the amount of data that is expected to be recovered given a failure
If you wanted to inspect data about an executable than ran on a employee’s laptop, what logs would you use?
Endpoint/host logs
What is the purpose of a DRP?
A plan for the whole recovery process necessary to restore the system
What is it called when an analyst proactively searches for signs of compromise or suspicious actives within the network?
Threat hunting
What encryption technique would you use to protect data on an employees’ laptop?
Full disk encryption
What should a security administrator adhere to when setting up a new set of firewall rules?
Change management procedure
What is it called when companies pay non-employees to find vulnerabilities?
Bug bounty
What document would a company provide to a client to outline the project, cost, and the completion time frame?
SOW (Statement of Work)
What should be done first when a high-priority patch to a production system needs to be applied?
Create a change control request
Why should root cause analysis be conducted as part of incident response?
To prevent future incidents of the same nature
What is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
Audit findings
What is it when a company determines the staffing levels needed to sustain business operations during a disruption?
- Capacity planning
- This ensures that the organization has sufficient human resources to maintain essential functions and minimize downtime
What is it called when a company required hard drives to be securely wiped before sending decommissioned systems to recycling?
Sanitization
What data classification should be used to secure and protect patient data?
Sensitive
What team can a company hire to perform an offensive security assessment covering penetration testing and social engineering?
Red
What team would perform a defensive security assessment?
Blue
What can be used to identify potential attacker activities without affecting production servers?
Honeypot
What is the process called when an incident response team engages in the process of understanding the source of an incident?
Analysis
What should be done after a security network completes a vulnerability assessment of the network and remedies the vulnerabilities?
Rescan the network
What does automation involve?
Using tools and scripts to regularly check and report on the security settings of servers