Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IT Fundamentals
Block 5 Unit 5 - 20 April 2023
| Question | Answer |
|---|---|
| The first thing to do to prepare for handling security incidents within your organization is to make sure you have a/an ___________________________________ in place | incident response |
| The _______________________is responsible for ensuring that all team members know their role when a security incident occurs | Team Leader |
| The _______________________has the technical expertise to assess and identify the scale of the security incident | Technical Specialist |
| The ______________________________knows how to document the entire response process. | Document Specialist |
| The ____________________________knows the laws and regulations that your organization must follow when it comes to computer forensics and incident response. | Legal Advisor |
| The __________________________________should define each team member's roles and responsibilities. | The Plan |
| The incident response plan, a document created by every organization, identifies ________ and ________ users are supposed to report potential security incidents | how and when |
| The incident response plan contains what common elements? | 1. identify different types of incidents 2. the job role of each team member |
| Incident handling staff should preserve integrity of data to allow for further incident ________________? | analysis |
| A/an _______________is any observable occurrence in a system in a system and/or network. It sometimes provides indication that an incident is occurring. | event |
| A/an _______________is an assessed occurrence that actually jeopardizes the confidentiality, integrity, or availability of an information system. | incident |
| If a virus is discovered on a system, the ______________________should isolate the computer from the network | first responder |
| Name the six phases of the cyber incident response process. | IAW (AFI) 17-203, Cyber Incident Handling : Preparation Identification Containment Eradication Recovery Follow-Up |
| A possible event has just occurred on the network. Upon initial analysis you decide to categorize it as a Category 8: Investigating because you cannot yet determine the _____. | cause |
| An incident has just been detected and declared. In the Preliminary Response Actions phase, the incident handling staff must do what with the data to allow for further incident analysis? | Containment |
| Which organization, during the Response and Recovery phase, will develop a Plan of Action & Milestones detailing the required actions to guide system restoration during similar incidents in the future? ______ | local CFP |
| ________________________ is a series of analytical steps taken to find out what happened in an incident, to include the root cause. | Incidental Analysis |
| Name the cyber incident process steps for root cause analysis, in order. | 1. Gather info 2. Validate the Incident 3. Determine the Operational Impact 4. Coordinate 5. Determine Reporting Requirements |
| During the Gather Information phase, all involved personnel should _____________ and _____________ all relevant information about the incident for use in incident analysis. | identify and collect |
| During which phase should personnel should continuously review the incident to ensure accuracy? _______________________________ | Validate the incident |
| While investigating a cyber incident, who should you coordinate with during the process? _____________________________________________________________________________ | The AF-DAMO, the CORA, or other orgs. |
| A Cyber Incident Report provides a detailed analysis, including the affected system, probable attacker, attack vector used, and ________________ and ________________ impacts. | technical and operational impacts |
| Data captured in the ____________________ includes lessons learned, initial root cause, problems with executing courses of action (COAs), missing policies and procedures, and inadequate infrastructure defenses | Postmortem |
| What report identifies and incident, group of incidents, or network activity or on a foreign individual, group, or organization identified as a threat or potential threat to DOD networks? _________________________________________________ | Network Intelligence Report (NIR) |
Created by:
merrellm
Popular Military sets