100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SANS FOR508 Questions And Answers Verified Study Solutions $10.49   Add to cart

Exam (elaborations)

SANS FOR508 Questions And Answers Verified Study Solutions

 2 views  0 purchase
  • Course
  • SANS FOR508
  • Institution
  • SANS FOR508

SANS FOR508 Questions And Answers Verified Study Solutions Dwell Time ANS The time an attacker has remained undetected within a network. An important metric to track as it directly correlates with the ability of an attacker to accomplish their objectives. Breakout Time ANS Time is takes an in...

[Show more]

Preview 2 out of 9  pages

  • November 7, 2024
  • 9
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • sans for508
  • SANS FOR508
  • SANS FOR508
avatar-seller
Labtech
SANS FOR508 Questions And Answers Verified Study
Solutions
Dwell Time ANS The time an attacker has remained undetected within a network. An important
metric to track as it directly correlates with the ability of an attacker to accomplish their objectives.



Breakout Time ANS Time is takes an intruder to begin moving laterally once they have an initial
foothold in the network.



Main Threat Actors ANS APT (Nation State Actors)
Organized Crime
Hacktivists


NIST ANS US National Institute for Standards and Technology



Six-Step Incident Response Process ANS 1: Preparation
2: Identification
3: Containment and Intelligence Development
4: Eradication and Remediation
5: Recovery
6: Follow-up



Six-Step - Preparation ANS Incident response methodologies emphasize preparation-not only
establishing a response capability so the organization is ready to respond to incidents but also
preventing incidents by ensuring that systems, networks, and applications are sufficiently secure.



Six-Step - Identificatoin ANS Identification is triggered by a suspicious event. This could be
from a security appliance, a call to the help-desk, or the result of something discovered via threat
hunting. Event validation should occur and a decision made as to the severity of the finding (not
valid events lead to a full incident response). Once an incident response has begun, this phase is used
to better understand the findings and begin scoping the network for additional compromise.

, Six Step - Containment and Intelligence development ANS In this phase, the goal is to rapidly
understand the adversary and begin crafting a containment strategy. Responders must identify the
initial vulnerability or exploit, how the attackers are maintaining persistence and laterally moving in
the network, and how command and control is being accomplished. in conjunction with the previous
scoping phase, responders will work to have a complete picture of the attack and often implement
changes to the environment to increase host and network visibility. Threat intelligence is one of the
key products of the IP team during this phase.



Six Step - Eradication and Remediation ANS Arguably the most important phase of the process,
eradication aims to remove the threat and restore business operations to a normal state. However,
successful eradication cannot occur until the full scop of the intrusion is understood. A rush to this
phase usually results in failure. Remediation plans are developed, and recommendations are
implemented in a planned and controlled manner. Ex. Include
-Block malicious IP addresses
-Blackhole malicious domain names
-Rebuild compromised systems
-Coordinate with cloud and service providers
-Enterprise-wide password changes
-Implementation validation



Recovery ANS Recovery leads the enterprise back to day-to-day business. The organization will
have learned a lot during the incident investigation and will invariably have many changes to
implement to make the enterprise more defensible. Recovery plans are typically divided into near-,
mid-, and long-term goals, and near-term changes should start immediately. The foal during this
phase is to improve the overall security of the network and to detect and prevent immediate
reinfection. Some recovery models include
-Improve Enterprise Authentication Model
-Enhanced Network Visibility
-Establish comprehensive Patch Management Program
-Enforce Change Management Program
-Centralized Logging (SIM/SIEM)
-Enhance Password Portal
-Establish Security Awareness Training Program
-Network Redesign

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Labtech. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67866 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.49
  • (0)
  Add to cart