Podcast
Questions and Answers
Which phase of incident response involves creating policies and procedures that govern incident response and handling?
Which phase of incident response involves creating policies and procedures that govern incident response and handling?
- Incident Response
- Preparation (correct)
- Detection and Analysis
- None of the above
What is the main purpose of incident response?
What is the main purpose of incident response?
- To review logs and evaluate situations
- To detect and analyze issues
- To prepare for potential incidents
- To react to unexpected events (correct)
What are some examples of security tools or services used in the detection and analysis phase?
What are some examples of security tools or services used in the detection and analysis phase?
- Antivirus software and firewall logs
- Intrusion detection system and proxy logs
- Security information and event monitoring tool and managed security service provider
- All of the above (correct)
When does the analysis portion of the detection and analysis phase typically involve human judgment?
When does the analysis portion of the detection and analysis phase typically involve human judgment?
What is the recommended approach for incident response?
What is the recommended approach for incident response?
When should incident response be reviewed?
When should incident response be reviewed?
What is the purpose of the incident response preparation phase?
What is the purpose of the incident response preparation phase?
What is the most common way to detect an issue during the detection and analysis phase?
What is the most common way to detect an issue during the detection and analysis phase?
When do incidents often occur according to the text?
When do incidents often occur according to the text?
What activities are included in the preparation phase of incident response?
What activities are included in the preparation phase of incident response?
Which phase of incident response involves evaluating the criticality of the incident and contacting additional resources if needed?
Which phase of incident response involves evaluating the criticality of the incident and contacting additional resources if needed?
What is the main objective of the Containment phase in incident response?
What is the main objective of the Containment phase in incident response?
What does the Eradication phase of incident response involve?
What does the Eradication phase of incident response involve?
When in doubt about whether malware has been completely removed from the environment, what should you do?
When in doubt about whether malware has been completely removed from the environment, what should you do?
What is the strategy of formulating a multilayered defense called?
What is the strategy of formulating a multilayered defense called?
Which phase of incident response involves evaluating whether the issue constitutes an incident?
Which phase of incident response involves evaluating whether the issue constitutes an incident?
What is the primary objective of the Analysis phase in incident response?
What is the primary objective of the Analysis phase in incident response?
What might be done during the Eradication phase to ensure that the malware is not present in other systems?
What might be done during the Eradication phase to ensure that the malware is not present in other systems?
What is the recommended approach when dealing with very new malware or variants during the Eradication phase?
What is the recommended approach when dealing with very new malware or variants during the Eradication phase?
In incident response, what does the Containment phase involve if the problem is a malware-infected server actively being controlled by a remote attacker?
In incident response, what does the Containment phase involve if the problem is a malware-infected server actively being controlled by a remote attacker?
