Unit 6 - Module 3 - Incident Detection and Verification Flashcards
What do you call the prompt discovery of security events?
Dectection
What is called the investigation and validation of alerts?
Analysis
What phase is the incident responce lifecycle, security teams are notified of a possible incident and work to investigate and verify the incident by collecting analyzing data?
Dectection and Analysis Phase
What is the proactive search for threats on a network?
Threat Hunting
What do you call the understanding of threats that is evidence-based information that provides context about existing or emerging threats?
Threat Intelligence
What do these 3 sources provide cybersecurity experts?
1) Industry Reports
2) Government Advisories
3) Threat Data Feeds
Threat Intelligence
What is an active cyber defense mechanism that uses deception technology?
Deception technology - Decoys created that are vulnerable to attacks with the purpose of attracting potential intruders. Once and intruder access’ this file, the security teams are alerted.
Honeypots
What do you call the organzing specific pieces of evidence that are associated with an attack where something has been compromised?
Indicators of Compromise (IoCs)
What do you call the series of events that indicate a real-time incident?
Indicators of Attack (IoA)
What do you call the practice of gathering information using public input and collaboration?
Crowdsourcing
What is do you call the process of documenting evidence possession and control during an incident lifecycle?
Chain of Custody
What is the incosistencies in the collection and logging of evidence in the chain of custody?
Broken Chain of Custody
What do you call any form of recorded content that is used for a specific purpose?
Documentation
What are refrences that inform how to set policies?
Standards
What’s a document that outlines the procedures to take in each step of incident response?
Incident Responce Plan