SECOPS 10: SOC Playbook (Not needed for the exam) Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 10: SOC Playbook (Not needed for the exam) > Flashcards

Flashcards in SECOPS 10: SOC Playbook (Not needed for the exam) Deck (13)
Loading flashcards...
1

Security analytics is accomplished by:

Collecting, correlating, and analyzing a wide range of data.

2

BGP Black-holing

Blocks IP addresses in seconds

3

IAM security device has an unexpected feature...

Device quarantine

4

Plays

self-contained, fully documented, prescriptive procedures for finding and responding to undesired activity

5

High Fidelity report

Guarantied true positive. Not a policy violation.

6

Investigative report

Might be an infection, policy violation, or normal activity.

Anything less than 100% certainty is investigative.

7

Can INV reports become HF?

Yes, with tuning over time.

8

Play objective statement

Describes what a play is looking for and why it's worthwhile to run.

9

Query system

Basically a security system like a logging solution, SIEM, large data warehouse, etc.

10

Data query

Specific syntax used on a security system to identify reported activity

11

Play "action"

Actions to take during IR phase

12

Play "analysis"

Documentation and training material needed to understand the query

13

Play "reference"

Outside info like wiki or ticketing system