Unit 6 - Module 3 - Incident Detection and Verification

Question 1

What do you call the prompt discovery of security events?

Answer 1

Dectection

Question 2

What is called the investigation and validation of alerts?

Answer 2

Analysis

Question 3

What phase is the incident responce lifecycle, security teams are notified of a possible incident and work to investigate and verify the incident by collecting analyzing data?

Answer 3

Dectection and Analysis Phase

Question 4

What is the proactive search for threats on a network?

Answer 4

Threat Hunting

Question 5

What do you call the understanding of threats that is evidence-based information that provides context about existing or emerging threats?

Answer 5

Threat Intelligence

Question 6

What do these 3 sources provide cybersecurity experts?

1) Industry Reports
2) Government Advisories
3) Threat Data Feeds

Answer 6

Threat Intelligence

Question 7

What is an active cyber defense mechanism that uses deception technology?

Deception technology - Decoys created that are vulnerable to attacks with the purpose of attracting potential intruders. Once and intruder access’ this file, the security teams are alerted.

Answer 7

Honeypots

Question 8

What do you call the organzing specific pieces of evidence that are associated with an attack where something has been compromised?

Answer 8

Indicators of Compromise (IoCs)

Question 9

What do you call the series of events that indicate a real-time incident?

Answer 9

Indicators of Attack (IoA)

Question 10

What do you call the practice of gathering information using public input and collaboration?

Answer 10

Crowdsourcing

Question 11

What is do you call the process of documenting evidence possession and control during an incident lifecycle?

Answer 11

Chain of Custody

Question 12

What is the incosistencies in the collection and logging of evidence in the chain of custody?

Answer 12

Broken Chain of Custody

Question 13

What do you call any form of recorded content that is used for a specific purpose?

Answer 13

Documentation

Question 14

What are refrences that inform how to set policies?

Answer 14

Standards

Question 15

What’s a document that outlines the procedures to take in each step of incident response?

Answer 15

Incident Responce Plan

Question 16

What is a manual that provides details about any operational action?

Answer 16

Playbook

Question 17

What’s do you call prioritizing of the incidents acording to their level of importance or urgency?

Answer 17

Triage

Question 18

What intrusion system monitors a system activity and lerts on possible intrusions?

Answer 18

Intrusion Detection System (IDS)

Question 19

What do you call the act of limiting and preventing additional damage caused by an incident?

Answer 19

Containment

Question 20

What is the complete removal of the incident elements from all affected systems?

Answer 20

Eradication

Question 21

What is the process of returning affected systems back to normal operations?

Answer 21

Recovery

Question 22

What incident response plan outlines the procedures to sustain business operations during and after a significant disruption?

Answer 22

Business Continuity Plan (BCP)

Question 23

What is the ability to prepare for, respond to, and recover from disruptions?

Answer 23

Resilience

Question 24

What is the process of reviewing an incident to identify areas for improvement during incident handling?

Answer 24

Post-incident activity phase

Question 25

What is one of the most essential forms of documentation that gets created during the end of an incident?

Answer 25

Final Report