7. Security Operations

Question 1

Define an event.

Answer 1

An observable change in state

Question 2

Define an alert.

Answer 2

Flagged events that may require further investigation to determine if an incident has taken place

Question 3

Define an incident.

Answer 3

Adverse impact to the system or network.

Question 4

What are the 3 types of attacks?

Answer 4

1. Dos/DDoS
2. Malicious code
3. Inappropriate usage

Question 5

What are the four steps of incident control?

Answer 5

1. Preparation
2. Detection
3. Containment
4. Post-incident review

Question 6

What is an incident with an unknown cause referred to as?

Answer 6

A problem

Question 7

What are the defined steps of problem management?

Answer 7

1. Incident notification
2. Root cause analysis
3. Solution determination
4. Request for change
5. Implement solution
6. Monitor and report

Question 8

What are the 7 steps of the forensic investigation process?

Answer 8

1. Identification
2. Preservation
3. Collection
4. Examination
5. Analysis
6. Presentation
7. Decision

Question 9

Define Direct evidence

Answer 9

Can prove a fact by itself and does not need back up information.

Question 10

Define Real evidence

Answer 10

Physical evidence. The objects themselves that are used in a crime.

Question 11

Define best evidence

Answer 11

Most reliable. i.e. a signed contract

Question 12

Define secondary evidence

Answer 12

Not strong enough to stand alone, but can support other evidence. I.e. an expert opinion.

Question 13

Define corroborative evidence

Answer 13

Support evidence, backs up other information presented. Cannot stand on its own.

Question 14

Define circumstantial

Answer 14

Proves one fact which can be used to reasonably suggest another. Cannot stand on its own.

Question 15

Who should conduct investigations?

Answer 15

Usually the FBI or Secret Service. You must be careful about 4th amendment rights.

Question 16

What does RAID 0 mean?

Answer 16

Stripping across different drives

Question 17

What does RAID 1 mean?

Answer 17

Mirroring one drive to another, for redundancy.

Question 18

What does RAID 5 mean?

Answer 18

Stripping across hard drives with parity.

Question 19

Define Server clustering

Answer 19

A group of servers that are managed as a single system. Not all clusters do load balancing.

Question 20

What should you always check with performing an unscheduled backup?

Answer 20

Make sure it is a copy!

Question 21

Define a Copy Backup

Answer 21

Same as a full back up, but Archive Bit is not reset.

Question 22

Define a full backup

Answer 22

Back up EVERYTHING. Archival but is reset.

Question 23

Define Incremental back up

Answer 23

Back up all files that have been modified since last back up. Archive bit is reset.

Question 24

Define differential backup

Answer 24

Backs up all files that have been modified since last full back up. Archive but is not reset.

Question 25

Define disk shadowing

Answer 25

A type of database backup. Mirroring technology that can update one or more copies of data at the same time.

Data saved to two different media types for redundancy.

Question 26

Define electric vaulting

Answer 26

A type of database back up.

Copy of modified file is sent to a remote location where an original back up is stored.

Transfers bulk backup information.

Question 27

Define remote journaling

Answer 27

A type of data base back up

Moves the journal or transaction log to a remote location, not the actual files.