Unit 6 - Module 3 - Incident Detection and Verification Flashcards
What do you call the prompt discovery of security events?
Dectection
What is called the investigation and validation of alerts?
Analysis
What phase is the incident responce lifecycle, security teams are notified of a possible incident and work to investigate and verify the incident by collecting analyzing data?
Dectection and Analysis Phase
What is the proactive search for threats on a network?
Threat Hunting
What do you call the understanding of threats that is evidence-based information that provides context about existing or emerging threats?
Threat Intelligence
What do these 3 sources provide cybersecurity experts?
1) Industry Reports
2) Government Advisories
3) Threat Data Feeds
Threat Intelligence
What is an active cyber defense mechanism that uses deception technology?
Deception technology - Decoys created that are vulnerable to attacks with the purpose of attracting potential intruders. Once and intruder access’ this file, the security teams are alerted.
Honeypots
What do you call the organzing specific pieces of evidence that are associated with an attack where something has been compromised?
Indicators of Compromise (IoCs)
What do you call the series of events that indicate a real-time incident?
Indicators of Attack (IoA)
What do you call the practice of gathering information using public input and collaboration?
Crowdsourcing
What is do you call the process of documenting evidence possession and control during an incident lifecycle?
Chain of Custody
What is the incosistencies in the collection and logging of evidence in the chain of custody?
Broken Chain of Custody
What do you call any form of recorded content that is used for a specific purpose?
Documentation
What are refrences that inform how to set policies?
Standards
What’s a document that outlines the procedures to take in each step of incident response?
Incident Responce Plan
What is a manual that provides details about any operational action?
Playbook
What’s do you call prioritizing of the incidents acording to their level of importance or urgency?
Triage
What intrusion system monitors a system activity and lerts on possible intrusions?
Intrusion Detection System (IDS)
What do you call the act of limiting and preventing additional damage caused by an incident?
Containment
What is the complete removal of the incident elements from all affected systems?
Eradication
What is the process of returning affected systems back to normal operations?
Recovery
What incident response plan outlines the procedures to sustain business operations during and after a significant disruption?
Business Continuity Plan (BCP)
What is the ability to prepare for, respond to, and recover from disruptions?
Resilience
What is the process of reviewing an incident to identify areas for improvement during incident handling?
Post-incident activity phase
What is one of the most essential forms of documentation that gets created during the end of an incident?
Final Report