SANS FOR508 Questions And Answers Verified Study Solutions
2 views 0 purchase
Course
SANS FOR508
Institution
SANS FOR508
SANS FOR508 Questions And Answers Verified Study Solutions
Dwell Time ANS The time an attacker has remained undetected within a network. An important metric to track as it directly correlates with the ability of an attacker to accomplish their objectives.
Breakout Time ANS Time is takes an in...
SANS FOR508 Questions And Answers Verified Study
Solutions
Dwell Time ANS The time an attacker has remained undetected within a network. An important
metric to track as it directly correlates with the ability of an attacker to accomplish their objectives.
Breakout Time ANS Time is takes an intruder to begin moving laterally once they have an initial
foothold in the network.
Main Threat Actors ANS APT (Nation State Actors)
Organized Crime
Hacktivists
NIST ANS US National Institute for Standards and Technology
Six-Step Incident Response Process ANS 1: Preparation
2: Identification
3: Containment and Intelligence Development
4: Eradication and Remediation
5: Recovery
6: Follow-up
Six-Step - Preparation ANS Incident response methodologies emphasize preparation-not only
establishing a response capability so the organization is ready to respond to incidents but also
preventing incidents by ensuring that systems, networks, and applications are sufficiently secure.
Six-Step - Identificatoin ANS Identification is triggered by a suspicious event. This could be
from a security appliance, a call to the help-desk, or the result of something discovered via threat
hunting. Event validation should occur and a decision made as to the severity of the finding (not
valid events lead to a full incident response). Once an incident response has begun, this phase is used
to better understand the findings and begin scoping the network for additional compromise.
, Six Step - Containment and Intelligence development ANS In this phase, the goal is to rapidly
understand the adversary and begin crafting a containment strategy. Responders must identify the
initial vulnerability or exploit, how the attackers are maintaining persistence and laterally moving in
the network, and how command and control is being accomplished. in conjunction with the previous
scoping phase, responders will work to have a complete picture of the attack and often implement
changes to the environment to increase host and network visibility. Threat intelligence is one of the
key products of the IP team during this phase.
Six Step - Eradication and Remediation ANS Arguably the most important phase of the process,
eradication aims to remove the threat and restore business operations to a normal state. However,
successful eradication cannot occur until the full scop of the intrusion is understood. A rush to this
phase usually results in failure. Remediation plans are developed, and recommendations are
implemented in a planned and controlled manner. Ex. Include
-Block malicious IP addresses
-Blackhole malicious domain names
-Rebuild compromised systems
-Coordinate with cloud and service providers
-Enterprise-wide password changes
-Implementation validation
Recovery ANS Recovery leads the enterprise back to day-to-day business. The organization will
have learned a lot during the incident investigation and will invariably have many changes to
implement to make the enterprise more defensible. Recovery plans are typically divided into near-,
mid-, and long-term goals, and near-term changes should start immediately. The foal during this
phase is to improve the overall security of the network and to detect and prevent immediate
reinfection. Some recovery models include
-Improve Enterprise Authentication Model
-Enhanced Network Visibility
-Establish comprehensive Patch Management Program
-Enforce Change Management Program
-Centralized Logging (SIM/SIEM)
-Enhance Password Portal
-Establish Security Awareness Training Program
-Network Redesign
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Labtech. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.