What is the goal of Incident Response?
- impact
- detection and containment
- Facilitate recovery
Incident response is a systematic approach to managing and mitigating security incidents.
List the key steps in the Incident Response process.
- Detection
- Classification
- Containment
- Eradication
- Evidence preservation
- Communication
- Lessons learned
These steps are essential for effectively managing security incidents.
What are the seven phases of the Incident Response process according to the CompTIA model?
- Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Post-Incident Activity
This model expands on the NIST four-phase incident response process.
True or false: Threat Hunting is a proactive cybersecurity approach for continuous threat identification.
TRUE
It involves actively seeking out potential threats within your network.
What is the purpose of Root Cause Analysis (RCA)?
- Identify the initial source of an incident
- Prevent it from recurring
RCA is a systematic process to investigate incidents and identify underlying factors.
Fill in the blank: Incident Response Training and Testing includes methods such as _______.
- Tabletop Exercises
- Simulations
- Drills
- Live Exercises
These methods prepare personnel and systems for effective incident response.
What are the four main phases of Digital Forensic Procedures?
- Identification
- Collection
- Analysis
- Reporting
These phases are crucial for investigating and analyzing digital devices and data.
What does Order of Volatility dictate in data collection?
The sequence in which data sources should be collected based on their susceptibility to modification or loss
Following this order minimizes data loss during incident response.
What is the Chain of Custody?
Documented and verifiable record that tracks the handling, transfer, and preservation of digital evidence
It ensures that evidence remains intact and is admissible in court.
What is the purpose of Legal Hold in digital forensics?
Preserves potentially relevant electronic data when litigation is expected
It ensures evidence is not tampered with, deleted, or lost.
What is the goal of Incident Response Training?
Ensure employees and staff understand incident response processes, procedures, and priorities
Training should be tailored to different roles within the organization.
What is the benefit of Root Cause Analysis?
- Identifies vulnerabilities and weaknesses
- Creates robust protections against cyber threats
- Encourages a no-blame culture
RCA focuses on solutions and improvements rather than assigning fault.
What is the purpose of Digital Forensics?
Investigating and analyzing digital devices and data to uncover evidence for legal purposes
This process is crucial for legal proceedings related to cybercrimes.
What are the steps in Threat Hunting?
- Establishing a Hypothesis
- Profiling Threat Actors and Activities
- Threat Hunting Process
These steps help in actively seeking out potential threats within the network.
What is the importance of Incident Response Team?
- Includes cybersecurity professionals with incident response experience
- Temporary members may be added as needed
Large organizations may have full-time teams, while smaller ones form temporary teams for specific incidents.
What is a Tabletop Exercise (TTX)?
A theoretical exercise that presents an incident response scenario for discussion
It is cost-effective but lacks hands-on experience.
What does E-Discovery involve?
Identifying, collecting, and presenting electronically stored information for potential legal proceedings
This process is crucial for litigation involving electronic data.
What is the purpose of performing analysis on a disk image instead of the original drive?
To prevent modifications or alterations
Analyzing a disk image ensures the integrity of the original data.
What are the Digital Forensic Collection Techniques?
- Making forensic images of data
- Allowing incident response teams to resume operations quickly
- Maintaining evidence for potential legal action
These techniques are crucial for effective incident response and legal compliance.
What does data collection involve?
- Capturing and hashing system images
- Analyzing data with forensic tools
- Capturing machine screenshots
- Reviewing network logs
- Collecting CCTV video
These steps are essential for thorough data analysis in forensic investigations.
Name two forensic tools used in data analysis.
- FTK (Forensic Toolkit)
- EnCase
These tools are widely used in digital forensics for data analysis.
What does the Order of Volatility guide?
The sequence of collecting data from most volatile to least volatile
This order helps prioritize data collection to preserve critical information.
What is the significance of licensing and documentation reviews in data collection?
Ensures system configurations align with their design
This step is important for maintaining compliance and integrity in forensic investigations.
What is data acquisition?
The method and tools used to create a forensically sound copy of data from a source device
This process is crucial for preserving evidence in digital forensics.
-
Fundamentals of Security46
-
Threat Actors22
-
Physical Security19
-
Social Engineering17
-
Malware19
-
Data Protection18
-
Cryptographic Solutions53
-
Risk Management17
-
Third-party Vendor Risks17
-
Governance and Compliance19
-
Asset and Change Management27
-
Audits and Assessments26
-
Cyber Resilience and Redundancy38
-
Security Architecture34
-
Security Infrastructure39
-
Identity and Access Management (IAM) Solutions56
-
Vulnerabilities and Attacks47
-
Malicious Activity38
-
Hardening32
-
Security Techniques37
-
Vulnerability Management31
-
Alerting and Monitoring32
-
Incident Response28
-
Investigating an Incident16
-
Automation and Orchestration28
-
Security Awareness27
