Unit 6 - Module 3 - Incident Detection and Verification Flashcards

1
Q

What do you call the prompt discovery of security events?

A

Dectection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is called the investigation and validation of alerts?

A

Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What phase is the incident responce lifecycle, security teams are notified of a possible incident and work to investigate and verify the incident by collecting analyzing data?

A

Dectection and Analysis Phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the proactive search for threats on a network?

A

Threat Hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do you call the understanding of threats that is evidence-based information that provides context about existing or emerging threats?

A

Threat Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do these 3 sources provide cybersecurity experts?

1) Industry Reports
2) Government Advisories
3) Threat Data Feeds

A

Threat Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an active cyber defense mechanism that uses deception technology?

Deception technology - Decoys created that are vulnerable to attacks with the purpose of attracting potential intruders. Once and intruder access’ this file, the security teams are alerted.

A

Honeypots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What do you call the organzing specific pieces of evidence that are associated with an attack where something has been compromised?

A

Indicators of Compromise (IoCs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What do you call the series of events that indicate a real-time incident?

A

Indicators of Attack (IoA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What do you call the practice of gathering information using public input and collaboration?

A

Crowdsourcing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is do you call the process of documenting evidence possession and control during an incident lifecycle?

A

Chain of Custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the incosistencies in the collection and logging of evidence in the chain of custody?

A

Broken Chain of Custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do you call any form of recorded content that is used for a specific purpose?

A

Documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are refrences that inform how to set policies?

A

Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s a document that outlines the procedures to take in each step of incident response?

A

Incident Responce Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a manual that provides details about any operational action?

A

Playbook

17
Q

What’s do you call prioritizing of the incidents acording to their level of importance or urgency?

A

Triage

18
Q

What intrusion system monitors a system activity and lerts on possible intrusions?

A

Intrusion Detection System (IDS)

19
Q

What do you call the act of limiting and preventing additional damage caused by an incident?

A

Containment

20
Q

What is the complete removal of the incident elements from all affected systems?

A

Eradication

21
Q

What is the process of returning affected systems back to normal operations?

A

Recovery

22
Q

What incident response plan outlines the procedures to sustain business operations during and after a significant disruption?

A

Business Continuity Plan (BCP)

23
Q

What is the ability to prepare for, respond to, and recover from disruptions?

A

Resilience

24
Q

What is the process of reviewing an incident to identify areas for improvement during incident handling?

A

Post-incident activity phase

25
Q

What is one of the most essential forms of documentation that gets created during the end of an incident?

A

Final Report

26
Q
A