Incident Response Basics
This is the first phase of the incident response process.
- What is Preparation?
This term refers to the tactics, techniques, and procedures used by threat actors.
- What are TTPs?
This tool is widely used for capturing and analyzing network traffic.
- What is Wireshark?
This type of malware encrypts files and demands a ransom for decryption.
- What is Ransomware?
The process of updating software to fix security vulnerabilities.
- What is Patch Management
This document outlines specific actions to take during a cyber incident.
- What is an Incident Response Plan (IRP)?
The framework developed by MITRE to categorize adversary behavior.
- What is the ATT&CK Framework?
The technology that aggregates and correlates logs from various sources within a SOC.
- What is a SIEM (Security Information and Event Management)?
This type of attack involves an attacker injecting malicious SQL statements into a query.
- What is SQL Injection?
A security measure that requires two forms of verification to access a system.
- What is Multi-Factor Authentication (MFA)?
This phase involves identifying and confirming the occurrence of a security incident.
- What is Detection and Analysis?
This type of intelligence focuses on the tools and malware used by attackers.
- What is Technical Intelligence?
This is the process of automatically blocking malicious traffic based on predefined rules.
- What is Intrusion Prevention System (IPS)
A program designed to hide its existence by disguising itself as legitimate software.
- What is a Trojan Horse?
The practice of limiting user access to only the resources necessary for their role.
- What is the Principle of Least Privilege?
The process of isolating affected systems to prevent further damage.
- What is Containment?
The process of collecting and analyzing data to predict and prevent future attacks.
- What is Threat Hunting?
The practice of setting up decoy systems or networks to lure attackers.
- What is a Honeypot?
This type of attack leverages a network of compromised devices to launch large-scale attacks.
- What is a DDoS (Distributed Denial of Service) attack?
This type of encryption ensures data is secure while being transmitted over a network.
- What is Transport Layer Security (TLS)?
After eradicating the threat, this final phase focuses on returning systems to normal operation.
- What is Recovery?
A shared repository of cyber threat indicators that helps organizations stay informed about new threats.
- What is a Threat Intelligence Platform (TIP)?
This platform enables security teams to automate, orchestrate, and respond to incidents more efficiently.
- What is SOAR (Security Orchestration, Automation, and Response)?
A technique used by attackers to persist on a system by modifying legitimate processes.
- What is DLL Injection?
A technique used to detect abnormal behavior on a network or system.
- What is Anomaly Detection?