Hello folks,
In this write up, we will provide the answers of Intro to IR and IM room which is a part of Security Engineer learning path under Managing Incidents. This is accessible to TryHackMe subscribers only. By successfully completing these challenges you will gain access to tickets that can boost your chances of winning incredible prizes.
You can access the room by clicking here.
Task 1- Introduction
This task will let you know the learning objectives and prerequisites of this room.
I am ready to learn about Incident Response and Incident Management!
No answer required
Task 2- What is Incident Response and Management
In this task, you will learn about Cyber Incident, Incident response, Incident Management and different Levels of Incidents Response and Management.
Q 2.1- At what level (number only) of an incident would the SOC be placed at high alert and to deal with an incident?
A 2.1- 3
Q 2.2- At what level (number only) of an incident would it be classified as a cyber crisis?
A 2.2- 4
Q 2.3 Which component (IR or IM) is responsible for trying to answer the question: How do we respond to what happened?
A 2.3- IM
Q 2.4 Which component (IR or IM) is responsible for trying to answer the question: What happened?
A 2.4- IR
Task 3- The Different Roles During an Incident
In this task, you will learn about different roles during an Incident Response and Incident Management such as SOC Analyst, SOC Lead, Forensic Analyst, Threat Hunter, Security Engineer, etc.
Q 3.1- What is the value of the flag you receive after matching the roles and responsibilities?
A 3.1- THM{Roles.and.Responsibilities.of.IR.and>IM}
Task 4- The Process of Incident Management
In this task, you will understand the four step process of Incident Management which is Preparation, Detection and Analysis, Containment, Eradication, and Recovery and Post-Incident Activity.
Q 4.1- What is the value of the flag you receive after correctly matching the steps of the incident management process?
A 4.1- THM{Preparation.is.Key.for.Incident.Management}
Task 5- Common Pitfalls During an Incident
In this task, you will learn about some common pitfalls during Incident Response and Management such as Insufficient Hardening, Insufficient Logging, Insufficient- and Over-Alerting, Insufficient Backups and Insufficient Determination of Incident Scope
Q 5.1- What is the value of the flag you receive when you overcome the common pitfalls of a cyber incident?
A 5.1- THM{Avoiding.the.Common.IM.Mistakes}
Please comment below if you want to get the detailed write up of this room.
You can check out our other blogs here.
Happy Pentesting!!!
Team CyberiumX