Questions and Answers
Which phase of incident response involves creating policies and procedures that govern incident response and handling?
Preparation
What is the main purpose of incident response?
To react to unexpected events
What are some examples of security tools or services used in the detection and analysis phase?
All of the above
When does the analysis portion of the detection and analysis phase typically involve human judgment?
Signup and view all the answers
What is the recommended approach for incident response?
Signup and view all the answers
When should incident response be reviewed?
Signup and view all the answers
What is the purpose of the incident response preparation phase?
Signup and view all the answers
What is the most common way to detect an issue during the detection and analysis phase?
Signup and view all the answers
When do incidents often occur according to the text?
Signup and view all the answers
What activities are included in the preparation phase of incident response?
Signup and view all the answers
Which phase of incident response involves evaluating the criticality of the incident and contacting additional resources if needed?
Signup and view all the answers
What is the main objective of the Containment phase in incident response?
Signup and view all the answers
What does the Eradication phase of incident response involve?
Signup and view all the answers
When in doubt about whether malware has been completely removed from the environment, what should you do?
Signup and view all the answers
What is the strategy of formulating a multilayered defense called?
Signup and view all the answers
Which phase of incident response involves evaluating whether the issue constitutes an incident?
Signup and view all the answers
What is the primary objective of the Analysis phase in incident response?
Signup and view all the answers
What might be done during the Eradication phase to ensure that the malware is not present in other systems?
Signup and view all the answers
What is the recommended approach when dealing with very new malware or variants during the Eradication phase?
Signup and view all the answers
In incident response, what does the Containment phase involve if the problem is a malware-infected server actively being controlled by a remote attacker?
Signup and view all the answers