Incident Response
What are key components to include in an incident response plan during the preparation phase?
IR team, communication plan, tools/resources for detection and response, training for employees.
What is FortiMail?
A mail security solution that provides advanced threat protection, anti-spam, anti-phishing, and data loss prevention for email communications.
Which document available to everyone will tell me which reporter to put for each client?
Client list in the main DE sharepoint page
What is the purpose of commenting on a ticket (replying to client) immediately after creating a support ticket?
Stop the SLA by transitioning to “Waiting for Customer”
What is the biggest reason more incidents occur during the holiday season?
Complacency
What actions could be necessary to restore affected systems to normal operation after an incident?
restoring data from backups, verify integrity of restored systems, conducting system and security tests, and gradually bringing systems back online.
In a FortiMail log, you may see numbers in this format:
2:1:3:system.
What do these numbers represent?
Policy ID’s
What agreement outlines the responsibilities and expectations between an MSSP and their client.
Hint:
(Most know this as a timer)
Service Level Agreement (SLA)
How many screenshots of IP reputation tools do we require per each potentially malicious IP?
3
This scam has seen recent influx during the holidays by posing as US Postal Service?
delayed package scam text
Why is it important to conduct a post-incident analysis?
It helps us to understand what happened, evaluate the effectiveness of the response, and identify areas for improvement.
What feature of FortiMail helps to prevent data leaks by scanning outgoing emails for sensitive information?
Data Loss Prevention or (DLP)
What DefendEdge client has the most firewalls?
SMS
Explain the “Waiting for Support” status
Ticket SLA is either in progress and is waiting on DefendEdge to reply to the ticket or provide additional support after a client response.
Which scam has seen a recent influx during the holiday period for a expedited screening program for holiday travel season.
TSA PreCheck Scam
What steps can be taken to contain a security incident and prevent it from spreading?
isolating systems, disabling compromised accounts, disabling network connectivity, blocking malicious traffic, implementing temporary fixes or remediation's to prevent further damage.
Which FortiMail feature allows administrators to create custom policies for handling email threats?
Policy-based filtering
Which client has the most false positives listed on the EDR false positive list?
BWB (Bridge Water Bank)
When do we place a ticket “On Hold?"
Tickets are placed on hold when immediate support is not possible as the issue is a “project” or has a necessary delay while actions are carried out.
in 2023 Lapsus$ hacking group leaked source code and assets for what popular gaming developing companies future project?
What methods could be used to detect and identify potential security incidents?
Intrusion detection systems (IDS), analyzing logs, receiving alerts from security information and event management (SIEM)
Name 3 ways FortiMail's Anti-Spam feature work to reduce unwanted emails?
Blacklists, whitelists, and content filtering.
What 5 clients have their own individual and active Jira portals?
Reyes, Cresa, KGP, BWB, Hubgroup.
Explain the difference between the Client Support portals, such as GetHelp, KGP-GetHelp, and the CTI-Support. Why do we have individual portals?
Support portals are for DefendEdge to provide direct support to clients and handle issues. The project portals are for clients and respective hives to internally track projects or complex issues for clients that require collaboration.
Which merchandise retailer in 2013 experienced a massive data breach that affected 41 million customer payment records and 70 million personal records, including names, addresses, and phone numbers?
Target