Block 5 Unit 5 C

Question 1

______ is a series of analystical steps taken to find out what happened in an incident, to inlude the root cause.

Answer 1

Root Cause Analysis

Question 2

Name the cyber inident process steps for root cause analysis,

Answer 2

1. Gather information, Validate Incident, Determine Oper Imp, Coordinate, Det Report Requirement

Question 3

During the Gather Information phase, all involved personnel should_____ and_____ all relevant information about the indident for use in incident analysis.

Answer 3

Identify, Collect

Question 4

During which phase should personnel continuously review the incident to ensure accuracy?

Answer 4

Validate the incident

Question 5

During the “Determine the Operational Impact” phase, you should coordinate as necessary with the______, the lead CDA unit for Cyber Operations Risk Assessments (CORA), or other organizations for assistance in preparing an impact assessment.

Answer 5

HQ USAF dam ass

Question 6

A Cyber Incident Report provides a detailed anaylsis that includes the______, ______, _______, & _______.

Answer 6

Affected system, Probable attacker, Attack vector, Tech & oper impacts

Question 7

Data captured in the______ includes lessons learned, initial root cause, problems with executing courses of action (COAs), missing policies and procedures, and inadequate infrastructure defenses.

Answer 7

Postmortem

Question 8

What report identifies and incident, group of incidents, or network activity or on a foreign infivdual, group, or organization identified as a threat or potentail threa to DOD networks?

Answer 8

Net Int Rep (NIR)