SER Related
The SER system gives you the option to modify a service account. True or False.
False.
Service accounts must be deleted and recreated in order to modify their permissions.
Who's responsibility is it to monitor the email inboxes?
Everyone, but the primarily Team1.
All emails and alerts must be tracked in a ticket. True or False.
True. Either individual tickets, or bulk if a large amount is received.
Case related account requests are to be completed within what time frame?
Turnaround time for these are to be completed by the end of the next business day.
A "Global" alert means that all of MFN2 is targeted for an Arbor Alert. True or False
False, Global means that our internal Core infrastructure is feeling the impacts of the attack.
You can modify an SER request after it is submitted. True or False.
True, only modified before the first approval.
Customer Portal troubleshooting can be done in what 3 main areas?
Account(AD), Authentication(PW/RSA), F5s
Remain logged into the phones in a ready state if you are at your desk and ready to receive a call to minimize RONAs.
True. Log off/out if you are not ready.
What are the 5 email addresses that are CC'd on reportable cases for MFN2?
What is the maximum attack size our Core Arbor TMS's can handle? What is the maximum attack size that Arbor Cloud mitigation service can handle?
TMS: 20 Gbps
Cloud: 15+ Tbps
How many levels of approval for SERs?
3.
SOC, Industrial Security, Security Manager.
What 4 devices have configs modified for Broadband VPN site turnups for MFN2?
Site Router, MI1 & TL2 VPN ASAs, Panorama
What are the case requirements for each of Team1 and Team2?
Team1: 1 case per week
Team2: 5 HTEN & 1 SOMS case per week. (6 total).
What happens if timestamp 3 and email sent time exceeds 15 minutes apart?
SLA Violation
How many routers across MFN2 route traffic to EITHER TMS or Arbor Cloud? Where are they located?
5 (2x TL2, 2x MI1, 1x DIA)
How long is the SER approval process?
3-5 business days
You can bulk group AD Audit alerts into a ticket. True or False.
True, as long as all of the alert IDs are referenced in the ticket.
The SOC only uses the SIEM, Palo Alto devices, and IDS devices to generate case (reportable) material. True or False.
False, investigations can also start from emails and calls from customers, device alerts/alarms, and Arbor.
What does the SLA timer icon look like in Remedy?
Stopwatch
When does the DDoS SLA timer start?
Customer confirms they are affected by an Arbor Alert and are requesting mitigation.
You can use the SER system to get a USB drive approved. True or False.
Utilize the SER system and create a record utilizing the modify the user account request type. Please note the following: If the device is shared please select the supervisor, who will be labeled as the owner of the device. The owner of the device will be held accountable if the devices are lost or stolen.
SOC Front Monitor Displays are to be triaged as part of Morning Brief responsibilities. True or False.
True. (Morning Brief and SOC Display Wikis)
What is the responsibility of the MFN2 SOC in regards to customer traffic threats?
Recognize, investigate, report. Mitigation falls on the customer to complete.
Remedy ticket file attachments should include the case number in the file name. True or False
True
Analysts can start Arbor manual mitigations if no SecEng is available or responding within the 45 minute time period. True or False
True