DE Leadership
What is Wes favorite drink?
Shirley Temple
FAZ is commonly used in MSSP environments to manage and analyze this type of data?
Logs
How many times a day does Aaron reboot me?
at least once
What are the three attributes that define a threat?
Opportunity, Intent, Capability.
What assessment technique evaluates the effectiveness of incident response plans through a simulated breach?
Tabletop exercise
This leadership role is responsible for handling escalations within the SOC teams?
SOC Director
This component of FAZ allows for real-time log monitoring across multiple devices?
Firewalls
What is the primary function of a SIEM solution in a cybersecurity environment?
Collecting, analyzing, and correlating security event logs.
What entities are covered in CTIs 4+1 Report?
Russia, China, North Korea, Iran, Non Nation actors.
What type of assessment evaluates how well security controls have been implemented?
Security Audit
This role within DE Leadership is responsible for overseeing security operations across multiple regions?
Global SOC Operations Director
This component of FAZ allows for real-time log monitoring across multiple devices?
Log Forwarding
This type of data source is essential for a SIEM to detect lateral movement in a network?
Network traffic logs
What are the three types of sensitive information?
SI (sensitive information), PI (proprietary information), PII (Personally Identifiable Information).
What assessment technique simulates an adversary's actions to evaluate the defense capabilities of an organization?
Red team exercise
DefendEdge Leadership uses this framework to ensure responsibilities are clearly defined between departments?
RACI or RACI matrix
FAZ integrates with FortiGate firewalls to offer this real-time feature?
Threat Correlation
This SIEM strategy involves using machine learning to detect unknown threats?
Anomaly-based detection
What is the difference between information and intelligence?
Info is raw data collected from any source, while intelligence is information that has been processed, analyzed, and contextualized into a workable and usable form.
What assessment imitates the tactics and behaviors of attackers to assess the security posture of an organization's network, computer system, or web application?
Pen test
For what school district is Taso an active board member?
Addison School District 4
FAZ uses what technology to provide MSSPs with intelligent insights into network traffic patterns?
Machine Learning
When a SIEM solution integrates with what tool, it can automatically take actions like isolating devices?
SOAR (Security Orchestration, Automation, and Response)
What are the 4 products that the CTI team provides to clients on a schedule basis?
Cyber Advisory (Thursday every week).
iDNA (1st of every month).
4+1 Report (15th of every month).
Global Threat Summary (Once Every 6 months).
What assessment framework is commonly used to evaluate an organization’s compliance with cybersecurity policies?
NIST Cybersecurity Framework