CIRT
GSOC
GCIA
100

Ensure the SOC is ready to conduct a structured response to an incident

What is the goal of Preparation?

100

- Linear approach

- Absence of essential security tools

- Lack of visibility 

What are the downsides of PICERL?  

100

Document summarizing the incident and the steps performed to handle the incident. 

What is After Action Report?

200

Get the business back up and running

What is the goal of Recovery?

200

1. Preparation

2. Detection and Analysis

3. Containment, Eradication, Recovery

4. Post Incident Activity

What is NIST Model of IR?

200

Summarize incident and develop strategies to prevent reoccurrence

What is the goal of Post incident/Wrap-up/Lessons Learned?

300

Stop the adversary from continuing to operate in the environment

What is the goal of Containment?

300

An adverse event in a computing environment

What is an Incident?

300

The most effective and cost efficient way to preform recovery

What is rebuilding?

400

Monitor security events in order to detect, alert, and report on the potential security incident

What is the goal of Detection?

400

1.Preparation

2.Identification

3.Containment

4.Eradication

5.Recovery

6.Lessons Learned

What is SANS model of IR

400

Verifying you have an incident

What is the first move of Detection?

500

Undoing the adversary's actions

What is the goal of Eradication?

500

Enforcing stronger password policies

What is an example of Remediation?

500

- Isolating Systems

- Patching Systems

- Removing accounts created by Adversary

- Applying filters to firewalls/routers

- Changing entries in DNS

What are examples of Containment?