Chapters 21-22 Q's

What tool is the protocol/standard for the collection of network metadata on the flows of network traffic?

NetFlow

Which indicator of compromise (IOC) standard is an open source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?

OpenIOC

Which type of systems is an optional environment, but it is commonly found when there are multiple production environments.

Staging

Which type of systems is one that fairly closely mimics the production environment, with the same versions of software, down to patch levels, and the same sets of permissions, file structures, and so on?

Test

Within the software change control workflow, which individual is usually responsible for compiling and incorporating changed software into an executable image?

The buildmaster

Which term refers to the targeting of specific steps of a multistep process with the goal of disrupting the overall process?

Kill chain

What two components are necessary for successful incident response?

Knowledge of one's own systems and knowledge of the adversary

In which CMMI-DEV maturity level are processes well characterized and understood, and described in standards, procedures, tools, and methods?

Level 3: Defined

In which CMMI-DEV maturity level does an organization continually improve its processes based on a quantitative understanding of its business objectives and performance needs?

Level 4: Quantitatively Managed

Which statement applies to a low-impact exposure incident?

A low-impact exposure incident only involves repairing the broken system.

Which change management phase ensures that only approved changes to a baseline are allowed to be implemented?

Configuration control

Which attack involves the planting of software in the victim's network, creating network backdoors and tunnels to allow stealth access to its infrastructure?

Remote administration Trojan (RAT) attack

Which indicator of compromise (IOC) standard is an XML format specified in RFC 5070 for conveying incident information between response teams, both internally and externally with respect to organizations?

Incident Object Description Exchange Format (IODEF)

Which attack type is common, and to a degree, relatively harmless?

Port scan

Which type of system is the environment where the systems work with real data, doing the business that the system is supposed to perform?

Production

Which term refers to the examination of machines to determine what operating systems, services, and vulnerabilities exist?

Scanning

What is a foundation for change management?

Separation of duties

What should an incident response team do when they are notified of a potential incident?

The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.

What is the primary objective of change management?

To enable beneficial changes to be made, with minimum disruption to IT services

What is the primary goal of a backout plan?

To restore the system to its previous operating condition