Shared Flashcard Set

Details

AWR-169-W Cyber Incident Analysis and Response Module 3
AWR-169-W Cyber Incident Analysis and Response Module 3
21
Computer Science
Professional
12/15/2015

Additional Computer Science Flashcards

 


 

Cards

Term
In determining scope and characteristics, the cyber incident response team should examine logs and alerts, as well as look for ________.
Definition
a. The intruder who initiated the event

b. Cause and effect <--NOT

c. Missing logs and alerts

d. Anything suspicious
Term
What is an incident precursor?
Definition
a. A sign that an incident may occur in the future <--

b. A sign that an incident is occurring now

c. A sign that an incident may have occurred

d. A symptom of an imminent shutdown
Term
In regard to IT system components, event monitoring and detection are applied to networks, operating systems, and ________.
Definition
a. Applications <--

b. Computer operators

c. Browsers

d. Search engines
Term
To what components of an overall IT system are event monitoring and detection applied? (Choose the BEST answer)
Definition
a. Server and client operating systems

b. Local and wide area network components

c. Databases and web servers

d. Networks, operating systems, and application software <--
Term
Types of cyber event false alarms and non-security alerts would include which of the following?
Definition
a. Inaccurate reports <--

b. Detection

c. Both inaccurate reports and detection

d. None of the above
Term
Escalation time periods, as a function of criticality, are often represented in the form of what type of agreement?
Definition
a. MOU

b. SLA <--

c. MOA

d. ISA
Term
Regarding a suspected incident, information should be collected about the reporter (caller), the event(s), the ________, and the systems involved.
Definition
a. Security Information and Event Management (SIEM) records

b. Risk scenarios

c. Diagnostic matrix

d. Actions taken so far <--
Term
A cyber incident response SLA matrix sets escalation times in relation to ________ and ________.
Definition
a. Incident type / number of users

b. Response times / incident type <--NOT

c. Impacts / number of users

d. Impact / criticality
Term
What are the two types of cyber event log management tools?
Definition
a. Network and operating system

b. Automated log management, and security information and event management (SIEM) <--

c. System software and application software

d. Batch and real time
Term
Which law or regulation requires financial institutions to protect their customers' information via cyber log management?


Question text

Which law or regulation requires financial institutions to protect their customers' information via cyber log management?
Definition
a. GLBA

b. FISMA

c. HIPPA

d. PCI <-- NOT
Term
Which of the following activities is NOT part of the investigation activities for incident analysis?
Definition
a. Synchronizing server clocks <--

b. Performing event correlation

c. Using packet sniffers on networks

d. Using Internet search engines for research
Term
Event ________ is used to relate events reported by different subsystems and possibly occurring at different times and on different systems.
Definition
a. Discovery

b. Correlation <--

c. Containment

d. Mitigation
Term
Which of the following is NOT involved with a security incident's overall effect?
Definition
a. Current technical effect

b. The criticality of the system(s) <-- NOT

c. Which resources are affected

d. Future technical effect
Term
Agentless SIEM tools hold the following advantage over Agent-based SIEM tools:
Definition
a. The lack of filtering and aggregation at the individual server level causes larger amounts of data to be transferred over networks.

b. They analyze the data from different log sources, correlate events, identify and prioritize significant events, and initiate responses to events. <-- NOT

c. All logs go to a common format such as syslog.

d. Installation and configuration control on the clients is not an issue.
Term
Which one of the following is NOT a typical automation method for cyber incident management?
Definition
a. Software tools installed and managed by the organization

b. Removable hard drive units <--

c. Managed security service providers

d. Problem resolution services
Term
Cyber event false alarms and non-security alerts could include which of the following?
Definition
a. Human or operational errors <--

b. Detection

c. Testing

d. All of the above
Term
Profiling systems involves _________.
Definition
a. Packet sniffing

b. File integrity checksums

c. Reviewing logs

d. Synchronizing host clocks <-- NOT
Term
Which of the following are primary sources for cyber logs and alerts?
Definition
a. Intrusion detection devices, operating systems, application programs, anti-malware software, and networking equipment <--

b. Modems and other communication devices

c. Disk backup systems

d. Accounting software
Term
"Criticality" is considered ________ in a system that is mission critical to multiple agencies or critical infrastructure.
Definition
a. Medium

b. Low

c. Critical

d. High <--
Term
Initial incident data should be obtained by the organization's ________ and ________.
Definition
a. IT and MIS

b. Director and VP

c. Help desk and FIRE

d. Help desk and CSIRT <--
Term
What type of service represents an outsourcing of the CSIRT function?
Definition
a. Business continuity provider

b. Managed security provider <--

c. Internet service provider

d. Application service provider
Supporting users have an ad free experience!