SECOPS 1: Defining the SOC Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 1: Defining the SOC > Flashcards

Flashcards in SECOPS 1: Defining the SOC Deck (24)
Loading flashcards...
1

Three SOC types

Threat-centric SOCs
Compliance-based SOCs
Operational-based SOC's

2

threat-centric SOC

proactively hunts for malicious threats on networks

3

Before an attack...

Comprehensive contextual awareness
in-depth analysis of network traffic.

4

During an attack

Ability to continuously detect the presence of threats

5

After an attack

ID Point of Entry
Determine scope
Contain threat
Remediate host
Minimize risk of reinfection

6

Key to successful compliance based SOC

Linking an org's risk management and IR practices to an automated system compliance process

7

Compliance based SOC is focused on...

comparing the compliance posture of network systems to reference config templates and standard system builds

8

Operational based SOC

internally focused organization that is tasked with monitoring the security posture

9

CSIRT

Operational based SOC

10

Operational based SOC focused on

maintaining the operational integrity

11

SOC tools do these things:

Network mapping
Network monitoring
Vulnerability detection
Penetration testing
Data collection
Threat and anomaly detection
Data aggregation and correlation

12

NSM

network security monitoring

13

SOC automation tasks

Ticket generation
False positive alert handling
Report generation

14

Data analytics

Science of examining raw data or data sets with the purpose of drawing conclusions.

15

Data Set

Collection of related, discrete items of related data in a structure

16

Database contains or can be a...

Data Set

17

Dynamic analysis is

evaluation of a program by executing the data in real-time to find errors.

18

Sequencing

Reconstructing network traffic flow

19

Path analysis

Interpretation of a chain of consecutive events during a short period of time.

20

Path analysis purpose

Understand attackers behavior in order to gain actionable insights

21

Log clustering

Mine large amounts of log data to identify anomalous behavior.

22

Incidents are

Alerts or events that could pose a serious threat to the organization

23

Alarm prioritization

Relieves analysts from sorting through low-level and irrelevant alerts

24

NIST 800-181

Cyber-workforce framework