Hello folks,
In this write up, we will provide the answers of the Cyber Crisis Management room which is a part of the Security Engineer learning path under the Managing Incidents section. This is freely accessible to all the users of TryHackMe. By successfully completing these challenges you will gain access to tickets that can boost your chances of winning incredible prizes.
You can access the room by clicking here.
Task 1- Introduction
In this room, we will learn about crisis management and how the Crisis Management Team (CMT) can take charge to help steer the organization safely out of a cyber crisis.
I am ready to learn about cyber crisis management!
No answer required
Task 2- What is a Cyber Crisis
In this task, you will learn about Cyber Crisis, Crisis Management Team (CMT) and levels of CMT.
Q 2.1- What would the severity rating of an incident be where multiple users are affected and the impact is medium?
A 2.1- Moderate
Q 2.2- What would the severity rating of an incident be where multiple users are affected and the impact is low?
A 2.2- Low
Q 2.3- What would the severity rating of an incident be where an entire business unit is affected and the impact is high?
A 2.3- Critical
Task 3- The Roles and Responsibilities in a CMT
In this task, you will learn about the working of CMT, their roles and responsibilities.
Q 3.1- Who is responsible for note-taking in the CMT?
A 3.1- Scribe
Q 3.2- Who is responsible for leading the CMT session?
A 3.2- Chair
Q 3.3- Who is responsible for ensuring that the actions taken by the CMT do not break the law?
A 3.3- Legal
Q 3.4- Who is responsible for making sure that the stakeholders are informed during the CMT?
A 3.4- Communication
Q 3.5- Who is responsible for providing more technical information to the CMT to ensure that they can take the appropriate actions?
A 3.5- Subject Matter Experts
Task 4- The Golden Hour
In this task, you will learn how to handle the first hour when CMT is invoked.
Q 4.1- What is the first step that has to be performed during the CMT golden hour?
A 4.1- Assembly
Q 4.2- In the event of a cyber crisis, who provides the update to the CMT?
A 4.2- CSIRT
Task 5- The CMT Process
In this task, you will learn about the six step process of CMT which involves The Golden Hour, Information Update, Triage, Action Discussion, Action Approval and Documentation & Crisis Closure.
Q 5.1- What is the term used to describe the process by which the CMT determines the severity of the crisis?
A 5.1- Triage
Q 5.2- Who is ultimately responsible for ensuring that the CMT takes action?
A 5.2- CMT Chair
Q 5.3- Who will ultimately be held accountable for the crisis?
A 5.3-CEO
Task 6- The Importance of SMEs
In this task, you will learn about the importance of Subject Matter Experts (SME) and their actions in resolving the crisis.
Q 6.1- Who is responsible for providing the CMT with technical and in-depth information to allow them to make an informed decision during the crisis?
A 6.1- Subject Matter Experts
Task 7- The Actions Available to the CMT
In this task, you will learn about the actions that will help the CMT.
Q 7.1 What is the value of the flag you receive after successfully dealing with the cyber crisis?
A 7.2- THM{The.Crisis.has.been.managed!}
We will be providing the answers for the Security Engineer Learning Path. If you need an explanation to these answers, please comment below and we will provide the explanation as per request.
You can check out our other blogs here.
Happy Pentesting!!!
Team CyberiumX