SECOPS 13: Incident Response Plan Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 13: Incident Response Plan > Flashcards

Flashcards in SECOPS 13: Incident Response Plan Deck (20)
Loading flashcards...
1

IR Plan questions (4)

Assets to protect?
Threats to assets?
How are threats detected?
Response to threats?

2

IR Lifecycle (7)

Preparation
Identification
Analysis
Containment
Eradication/Recovery
Lessons Learned
Reporting

3

Preparation phase

Get ready to handle an incident

4

Identification phase

Monitoring and hunting

5

Analysis phase

Preform analysis and determine scope

6

Containment phase

Determine best containment steps.

Hardest decision

7

Eradication and Recovery

Find root cause and clean it up (hardening, etc.).

8

Lessons learned

How and why? Conduct FMEA

9

FMEA

Failure Mode and Effects Analysis. Qualitative tool in a spreadsheet documenting what might go wrong.

10

Reporting phase

IR Team notifies appropriate individuals

11

Attrition attack vector

Brute force. DDOS

12

Improper usage

Incident from violation of AUP.

13

Impersonation attack vector

Replacing something benign with something malicious. Spoofing, MITM, rogue wireless, some SQL injection

14

US-CIRT reporting Testing (CAT and time)

CAT 0. n/a

15

US-CIRT reporting Unauthorized Access (Cat and time)

CAT 1. 1 Hour

16

US-CIRT reporting DOS (Cat and time)

CAT 2. 2 hours if ongoing

17

US-CIRT reporting Malicious code (Cat and time)

CAT 3. 1 hour if widespread

18

US-CIRT reporting Improper Usage (Cat and time)

CAT 4. Weekly

19

US-CIRT reporting Scans\Probes\Attempted Access. (CAT and time)

CAT 5. Monthly or 1 hour for classified

20

US-CIRT reporting Investigation (Cat and time)

CAT 6. n/a