Primary Definitions 23.0-27.0

Question 1

Incident Response Process

Answer 1

Outlines a structured approach to manage and mitigate security incidents effectively.

Question 2

Incident

Answer 2

Act of violating an explicit or implied security policy.

Question 3

The 7 Phases of Incident Response

Answer 3

Preparation, Detection, Analysis, Containment, Eradication, Recovery, and Lessons Learned.

Question 4

Root cause analysis

Answer 4

Identifies incident source and how to prevent it in the future.

Question 5

Lessons learned process

Answer 5

Documents experiences during incident in formalized way.

Question 6

After-action report

Answer 6

Collects formalized information about what occurred.

Question 7

Threat Hunting

Answer 7

Cybersecurity method for finding hidden threats not caught by regular security monitoring.

Question 8

Advisories and Bulletins

Answer 8

Published by vendors and security researchers when new TTPs and vulnerabilities are discovered.

Question 9

Digital Forensic

Answer 9

Process of investigating and analyzing digital devices and data to uncover evidence for legal purposes.

Question 10

Order of Volatility

Answer 10

Dictates the sequence in which data sources should be collected and preserved based on their susceptibility to modification or loss.

Question 11

Chain of Custody

Answer 11

Documented and verifiable record that tracks the handling, transfer, and preservation of digital evidence from the moment it is collected until it is presented in a court of law.

Question 12

Disk Imaging

Answer 12

Involves creating a bit-by-bit or logical copy of a storage device, preserving its entire content, including deleted files and unallocated space.

Question 13

File Carving

Answer 13

Focuses on extracting files and data fragments from storage media without relying on the file system.

Question 14

Legal Hold

Answer 14

Formal notification that instructs employees to preserve all potentially relevant electronic data, documents, and records.

Question 15

Electronic Discovery

Answer 15

Process of identifying, collecting, and producing electronically stored information during potential legal proceedings.

Question 16

4 Procedures of Digital Forensics

Answer 16

Identification, Collection, Analysis, and Reporting.

Question 17

5 Steps of the Order of Volatility

Answer 17

1. Collect data from the system’s memory
2. Capture data from the system state
3. Collect data from storage devices
4. Capture network traffic and logs
5. Collect remotely stored or archived data

Question 18

Data Acquisition

Answer 18

The method and tools used to create a forensically sound copy of the data from a source device, such as system memory or a hard disk.

Question 19

6 Steps of Data Acquisition

Answer 19

1. CPU registers and cache memory
2. RAM, routing tables, ARP caches, process table, temporary swap files
3. Data on persistent mass storage (HDD, SSD, Flash Drive)
4. Remote logging and monitoring data
5. Physical configuration and network topology
6. Archival media

Question 20

Log File

Answer 20

A file that records either events that occur in an operating system or other software that runs, or messages between different users of a communication software.

Question 21

Syslog/Rsyslog/Syslog-ng

Answer 21

Variations of syslog which all permit the logging of data from different types of systems in a central repository.

Question 22

Journalctl

Answer 22

Linux command line utility used for querying and displaying logs from the journald (journal daemon), which is responsible for managing and storing log data on a Linux machine.

Question 23

NXLog

Answer 23

A multi-platform log management tool that helps to easily identify security risks, policy breaches, or analyze operational problems.

Question 24

Sampled Flow (SFlow)

Answer 24

Provides a means for exporting truncated packets, together with interface counters for the purpose of network monitoring.

Question 25

Internet Protocol Flow Information Export (IPFIX)

Answer 25

Universal standard of export for Internet Protocol flow information from routers, probes, and other devices that are used by mediation systems, account and billing systems, and network management systems to facilitate services.

Question 26

Metadata

Answer 26

Data that describes other data by providing an underlying definition or description by summarizing basic information about data that makes finding and working with particular instances of data easier.

Question 27

Dashboards

Answer 27

Visually display information from various systems, used in security operation centers for a comprehensive overview.

Question 28

Automated Report

Answer 28

Computer-generated report created automatically.

Question 29

Packet Capture

Answer 29

Gathers all data sent to or from a specific network device.

Question 30

Automation

Answer 30

Automatic execution of tasks without manual involvement.

Question 31

Orchestration

Answer 31

Coordination of the automated tasks for a specific outcome or workflow.

Question 32

Security, Orchestration, Automation, and Response (SOAR)

Answer 32

Like a SIEM 2.0 because its automation capabilities allow it to serve in incident response.

Question 33

Runbook

Answer 33

Automate versions of playbooks with human interaction points.

Question 34

Technical Debt

Answer 34

Cost and complexity of poorly implemented software needing future adjustments.

Question 35

Resource Provisioning

Answer 35

Allocating the necessary tools and resources that new employees need to perform their jobs.

Question 36

Security Automation

Answer 36

Involves use of technology to handle repetitive security tasks and maintain consistent defenses.

Question 37

Guardrails

Answer 37

Automated security controls to protect against insecure infrastructure configurations.

Question 38

Service Access Management

Answer 38

A crucial area to prioritize in security automation for risk reduction and operational efficiency.

Question 39

Continuous Integration (CI)

Answer 39

Practice in software development where developers merge code changes frequently in one place.

Question 40

Release

Answer 40

Process of finalizing and preparing new software or updates.

Question 41

Deployment

Answer 41

Involves automated process of software releases to users.

Question 42

Continuous Delivery

Answer 42

Maintains deployable code with automation.

Question 43

Continuous Deployment

Answer 43

Automates the process of deploying code changes from testing to production after completion of the build stage.

Question 44

Integration

Answer 44

Process of combining different subsystems or components into one comprehensive system to ensure that they function properly together.

Question 45

Application Programming Interface (API)

Answer 45

Set of rules and protocols that are used for building and integrating application software.

Question 46

Representational State Transfer (REST)

Answer 46

Architectural style that uses standard HTTP methods and status codes, uniform resource identifiers, and MIME types.

Question 47

Simple Object Access Protocol (SOAP)

Answer 47

Protocol that defines a strict standard with a set structure for the message, usually in XML format.

Question 48

CURL

Answer 48

Tool to transfer data to or from a server using one of the supported protocols. The protocols it can use are HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP, FILE.

Question 49

Security Awareness

Answer 49

Refers to the knowledge and understanding of potential threats.

Question 50

Situational Awareness

Answer 50

Being mindful of surroundings, tasks, and the potential consequences of one's actions.

Question 51

Operational Security (OPSEC)

Answer 51

Stresses data protection against social engineers for business aspects such as routines, project details, and internal procedures.

Question 52

Handbook

Answer 52

Concise booklet offering detailed guidance on organization-specific procedures, guidelines, and best practices for individuals.

Question 53

Remote Work

Answer 53

A work setup in which the employees work from locations outside a traditional office.

Question 54

Hybrid Work

Answer 54

Combination of traditional office settings with remote work options.

Question 55

Organizational Change Management (OCM)

Answer 55

Recognizing the human role in security, ensuring staff engagement, and policy adherence.

Question 56

3 Phases to Develop Security Culture

Answer 56

Development, Execution, Reporting/Monitoring.