Incident Response Plan (NCTS)
Types of Cyber Attacks
Reporting
Best practices/Tools
Facts about IT1 Morales
100

Intrusion or event? 

Root Level Intrusion

Incident
100

What is Phishing?

Malicious actor sends emails that seem to be coming from trusted, legitimate sources in an attempt to grab sensitive information from the target. 

100

Who do you report a potential incident to first?

N2/Cyber

100

When leaving your computer you should remove your?

CAC

100

Where was IT1 Morales Born?

Los Angeles California

200

Intrusion or event?

Explained Anomaly IE: suspicious events

event

200

What is a MITM attack?

Breaches in cybersecurity that make it possible for an attacker to eavesdrop on the data sent back and forth between two people.

200

What are 3 things you should include in a general report to N2/Cyber?

Time of event

Classification of network

Originator of event

Method IE email, portable media, etc. 

Users affected

200

What is a suite of tools used to help prevent cyber attacks/incidents? 

McAfee Total Protection

200

How old is IT1 Morales?

35

300

What is used by a unit commander to provide appropriate notification of an incident that has impacted mission or operations?

OPREP-3

300

What is DNS Spoofing?

A hacker alters DNS records to send traffic to a fake or “spoofed” website. Once on the fraudulent site, the victim may enter sensitive information that can be used or sold by the hacker

300

Who wears a blue vest and likes to steal your CAC?

Cyber Jeff

300

What tool can be used to secure and privatize your connection/network

VPN

300

True or False: I once drove and around base and picked up the bass player of Sublime and took him to the lodge because he was lost.

True

400

What are the 4 internal roles IAW with local IRP?

Management

ISSM

IT Support

Physical Security

400

Definition - The attacker takes the time to research their intended targets and then write messages the target is likely to find personally relevant. These types of attacks are aptly called . . . 

Spear-fishing

400

What instruction governs Computer Network Incident Response and Reporting Requirements?

SECNAVINST 5239.19A

400

What is used to detect external media that is plugged into a workstation?

DLP endpoint console

400

How many countries have I been to? It's between 15-32.

25

500

what are the 6 steps of CYBER INCIDENT HANDLING PROCESS AND LIFE CYCLE?

1) Detection of events.

2) Preliminary analysis and identification of incidents.

3) Preliminary response actions.

4) Incident analysis.

5) Response and recovery.

6) Post‐incident analysis.

500

Definition - The attacker simply tries to guess the login credentials of someone with access to the target system. Once they get it right, they are in. They often use bots to crack the credentials. This is known as . . .

Brute force attacks

500

What form is used for reporting electronic spillages?

SECNAV 5500/1 aka Electronic Spillage Action Form (ESAF)

500

This type of person exposes security risks for the sake of helping others improve their cybersecurity...

white hacker

500

True or False

I killed a pig in the Philippines for a pig roast.