CREST CPIA
Accidental Breach Causes - CORRECT ANSWER-1. Data Transportation
2. Misconfigured Settings
3. Misinterpretation of Instructions
4. OSINT
5. Loss of Data
6. Insider Threat
Intentional Breach Causes - CORRECT ANSWER-1. Insider Threat
2. Phishing and Spear Phishing
3. Social Engineering
4. Watering Holes/Exploit Kits
5. Sniffing
6. Code Exploitation
7. Misconfigured Exploitation
8. SQL Injection
9. Password Attack
How Are Breaches Identified? - CORRECT ANSWER-1. Security Tools
2. Suspicious Activity Noted
3. SOC
4. Ransoms
5. Public Data Leaks
Definition of Governance - CORRECT ANSWER-The establishment of policies and
continuous monitoring of their proper implementation, by the members of the governing
body of an organisation.
Why Do We Need Governance? - CORRECT ANSWER-Senior leadership support is
crucial and reduces resistance to changes and saves time.
Incident Response Workflow - CORRECT ANSWER-1. Crest - Prepare, Respond,
Follow UP
2. SANS - Prep, Identify, Contain, Eradicate, Recover, Lesson Learnt
3. NIST - Prep, Detection & Analysis, Contain-Eradicate & Recovery
Incident Response Plan 1 - CORRECT ANSWER-1. Roles and Responsibilities
2. Dependant on Organisation
, 3. Corporate Level Buy In - Ultimately responsible
4. Governance Requirements
Incident Response Plan 2 - CORRECT ANSWER-1. Incident Response Manager /
Team
2. Geographic Locations - local point of contact
3. Documentation - Who does what and when
4. Communications - Informing relevant organisations
5. Severity Level v Response Level
Items Found in a Grab Bag - CORRECT ANSWER-1. Hardware
2. Software
3. Documents
4. Toiletries
5. Currency
CPU Protection Rings - CORRECT ANSWER-1. Most OS, including Windows, do not
fully use the available protection rings.
2. Processes in higher level rings do not have access to lower level rings.
3. R3-User Mode, R2-Reserved, R1-Reserved, R0-Kernal Mode, R-1 -HyperVisor, R-2 -
System Management Mode, R-1 - Firmware Processing
What is Incident Response? - CORRECT ANSWER-The actions taken starting from
when an incident is raised and following it through to complete remediation as well as
the post incident assessments.
How Do We Define A Computer Breach or Intrusion? - CORRECT ANSWER-A
computer breach can be considered as either an intentional or unintentional situation
which affects the C.I.A of a computer.
Goals of Incident Response - CORRECT ANSWER-1. Prepare for the inevitable
2. Identify the Intrusion
3. Contain the threat
4. Eradicate the threat
Accidental Breach Causes - CORRECT ANSWER-1. Data Transportation
2. Misconfigured Settings
3. Misinterpretation of Instructions
4. OSINT
5. Loss of Data
6. Insider Threat
Intentional Breach Causes - CORRECT ANSWER-1. Insider Threat
2. Phishing and Spear Phishing
3. Social Engineering
4. Watering Holes/Exploit Kits
5. Sniffing
6. Code Exploitation
7. Misconfigured Exploitation
8. SQL Injection
9. Password Attack
How Are Breaches Identified? - CORRECT ANSWER-1. Security Tools
2. Suspicious Activity Noted
3. SOC
4. Ransoms
5. Public Data Leaks
Definition of Governance - CORRECT ANSWER-The establishment of policies and
continuous monitoring of their proper implementation, by the members of the governing
body of an organisation.
Why Do We Need Governance? - CORRECT ANSWER-Senior leadership support is
crucial and reduces resistance to changes and saves time.
Incident Response Workflow - CORRECT ANSWER-1. Crest - Prepare, Respond,
Follow UP
2. SANS - Prep, Identify, Contain, Eradicate, Recover, Lesson Learnt
3. NIST - Prep, Detection & Analysis, Contain-Eradicate & Recovery
Incident Response Plan 1 - CORRECT ANSWER-1. Roles and Responsibilities
2. Dependant on Organisation
, 3. Corporate Level Buy In - Ultimately responsible
4. Governance Requirements
Incident Response Plan 2 - CORRECT ANSWER-1. Incident Response Manager /
Team
2. Geographic Locations - local point of contact
3. Documentation - Who does what and when
4. Communications - Informing relevant organisations
5. Severity Level v Response Level
Items Found in a Grab Bag - CORRECT ANSWER-1. Hardware
2. Software
3. Documents
4. Toiletries
5. Currency
CPU Protection Rings - CORRECT ANSWER-1. Most OS, including Windows, do not
fully use the available protection rings.
2. Processes in higher level rings do not have access to lower level rings.
3. R3-User Mode, R2-Reserved, R1-Reserved, R0-Kernal Mode, R-1 -HyperVisor, R-2 -
System Management Mode, R-1 - Firmware Processing
What is Incident Response? - CORRECT ANSWER-The actions taken starting from
when an incident is raised and following it through to complete remediation as well as
the post incident assessments.
How Do We Define A Computer Breach or Intrusion? - CORRECT ANSWER-A
computer breach can be considered as either an intentional or unintentional situation
which affects the C.I.A of a computer.
Goals of Incident Response - CORRECT ANSWER-1. Prepare for the inevitable
2. Identify the Intrusion
3. Contain the threat
4. Eradicate the threat
