1
Q
When did events occur?
A
In UTC
2
Q
Who?
A
IP/Domain associated with malware.
3
Q
Where did the infection come from?
A
Location of the attacker
4
Q
What type of malware is on the system?
A
Use sandbox to find out type of malware.
5
Q
Why? What does it do and what is it’s purpose?
A
Sandbox to see what it’s doing and find its intent.
6
Q
How did the malware get on the system?
A
Email, Scareware, etc.
7
Q
Threat investigation process (5)
A
Alert Detect Confirm Remediate Resolve
8
Q
X-Forwarded-For HTTP header
A
ID originating IP address, which often is a proxy.
CCNA Cyber Ops SECOPS
flashcards
Decks in class (19)
# Cards
-
SECOPS 1: Defining the SOC24
-
SECOPS 2: NSM Tools and Data11
-
Security Onion1
-
SECOPS 3: Incident Analysis in a Threat Centric SOC20
-
SECOPS 4: Hunting Cyber Threats41
-
SECOPS 5: Event correlation and normalization23
-
SECOPS 6: Common Attack Vectors32
-
SECOPS 7: Identifying Malicious Activity8
-
Regex14
-
SECOPS 98
-
SECOPS 10: SOC Playbook (Not needed for the exam)13
-
SECOPS 11: SOC Metrics7
-
SECOPS 12: SOC WMS and Automation18
-
SECOPS 13: Incident Response Plan20
-
Appendix A: CSIRT13
-
Appendix B: VERIS8
-
RFI36
-
NIST 800-61r29
-
Blueprint60
