SECOPS 13: Incident Response Plan Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 13: Incident Response Plan > Flashcards

Flashcards in SECOPS 13: Incident Response Plan Deck (20)
Loading flashcards...
1
Q

IR Plan questions (4)

A

Assets to protect?
Threats to assets?
How are threats detected?
Response to threats?

2
Q

IR Lifecycle (7)

A
Preparation
Identification
Analysis
Containment
Eradication/Recovery
Lessons Learned
Reporting
3
Q

Preparation phase

A

Get ready to handle an incident

4
Q

Identification phase

A

Monitoring and hunting

5
Q

Analysis phase

A

Preform analysis and determine scope

6
Q

Containment phase

A

Determine best containment steps.

Hardest decision

7
Q

Eradication and Recovery

A

Find root cause and clean it up (hardening, etc.).

8
Q

Lessons learned

A

How and why? Conduct FMEA

9
Q

FMEA

A

Failure Mode and Effects Analysis. Qualitative tool in a spreadsheet documenting what might go wrong.

10
Q

Reporting phase

A

IR Team notifies appropriate individuals

11
Q

Attrition attack vector

A

Brute force. DDOS

12
Q

Improper usage

A

Incident from violation of AUP.

13
Q

Impersonation attack vector

A

Replacing something benign with something malicious. Spoofing, MITM, rogue wireless, some SQL injection

14
Q

US-CIRT reporting Testing (CAT and time)

A

CAT 0. n/a

15
Q

US-CIRT reporting Unauthorized Access (Cat and time)

A

CAT 1. 1 Hour

16
Q

US-CIRT reporting DOS (Cat and time)

A

CAT 2. 2 hours if ongoing

17
Q

US-CIRT reporting Malicious code (Cat and time)

A

CAT 3. 1 hour if widespread

18
Q

US-CIRT reporting Improper Usage (Cat and time)

A

CAT 4. Weekly

19
Q

US-CIRT reporting Scans\Probes\Attempted Access. (CAT and time)

A

CAT 5. Monthly or 1 hour for classified

20
Q

US-CIRT reporting Investigation (Cat and time)

A

CAT 6. n/a