SER Related
An SER is submitted to modify a user account in HTEN and SOMS, they only have a SOMS account. What needs to happen? (3x)
Do not approve the SER, they need 2x SERs. One to modify SOMS, one to create HTEN account.
Who's responsibility is it to monitor the email inboxes?
Everyone, but the primarily Team1.
All emails and alerts must be tracked in a ticket. True or False.
True. Either individual tickets, or bulk if a large amount is received.
Case related account requests are to be completed within what time frame?
Turnaround time for these are to be completed by the end of the next business day.
A "Global" alert means that all of HTEN is targeted for an Arbor Alert. True or False
False, Global means that our internal Core infrastructure is feeling the impacts of the attack.
A service account SER was submitted without an owner or description. Does this SER get approved?
No
Customer Portal troubleshooting can be done in what 3 main tools?
Account(AD), Authentication(PW/RSA), F5s
Remain logged into the phones in a ready state if you are at your desk and ready to receive a call to minimize RONAs.
True. Log off/out if you are not ready.
What are the 5 email addresses that are CC'd on reportable cases for MFN2?
What is the maximum attack size our Core Arbor TMS's can handle? What is the maximum attack size that Arbor Cloud mitigation service can handle?
TMS: 20 Gbps
Cloud: 15+ Tbps
Industrial Security approved the SER to create an MFN2 user account, this means that the person is cleared for MFN2.
False. The SOC needs to confirm clearance prior to providing credentials to the user. (Process changing soon)
Will your team do physical work for 300 points? Y/N
15 Team pushups for 300 points.
What are the case requirements for each of Team1 and Team2?
Team1: 1 case per week
Team2: 5 HTEN & 1 SOMS case per week. (6 total).
Will your team do physical work for 300 points? Y/N
15 Team jumping jacks for 300 points.
How many routers across MFN2 route traffic to EITHER TMS or Arbor Cloud? Where are they located?
5 (2x TL2, 2x MI1, 1x DIA)
False, SERs can only be modified before the first approval.
Team1 can process AND assign tickets to other members of the team if things are busy.
True, as long as there is communication between team members about the work needing to be done and tie is spent efficiently.
The SOC only uses the SIEM, Palo Alto devices, and IDS devices to generate case (reportable) material. True or False.
False, investigations can also start from emails and calls from customers, device alerts/alarms, and Arbor.
What does the SLA timer icon look like in Remedy?
Stopwatch
When does the DDoS SLA timer start?
Customer confirms via email they are affected by an Arbor Alert and are requesting mitigation.
You must properly investigate the request in the relative environments prior to approving them.
True. Ensure the request matches what is reflected in the environments.
SOC Front Monitor Displays are to be triaged as part of Morning Brief responsibilities. True or False.
True. (Morning Brief and SOC Display Wikis)
What is the responsibility of the MFN2 SOC in regards to addressing customer traffic threats?
Nothing. The SOC should only Recognize, investigate, report. Mitigation falls on the customer to complete.
Case Remedy ticket file attachments should include the WHAT in the file name?
Case Number
Who can start Arbor manual mitigations if no SecEng is available or responding within the 45 minute time period?
Anyone