Mastering Incident Response Strategies

Which phase of incident response involves creating policies and procedures that govern incident response and handling?

Preparation

What is the main purpose of incident response?

To react to unexpected events

What are some examples of security tools or services used in the detection and analysis phase?

All of the above

When does the analysis portion of the detection and analysis phase typically involve human judgment?

When reviewing logs output by various security network and infrastructure devices Signup and view all the answers

What is the recommended approach for incident response?

React to incidents based on their severity Signup and view all the answers

When should incident response be reviewed?

Regularly Signup and view all the answers

What is the purpose of the incident response preparation phase?

To create policies and procedures for incident response Signup and view all the answers

What is the most common way to detect an issue during the detection and analysis phase?

Using a security tool or service Signup and view all the answers

When do incidents often occur according to the text?

During non-business hours Signup and view all the answers

What activities are included in the preparation phase of incident response?

Creating policies and procedures, conducting training and education Signup and view all the answers

Which phase of incident response involves evaluating the criticality of the incident and contacting additional resources if needed?

Analysis Signup and view all the answers

What is the main objective of the Containment phase in incident response?

To disconnect the server from the network Signup and view all the answers

What does the Eradication phase of incident response involve?

Cleaning up malware from the server Signup and view all the answers

When in doubt about whether malware has been completely removed from the environment, what should you do?

Err on the side of caution Signup and view all the answers

What is the strategy of formulating a multilayered defense called?

Defense in depth Signup and view all the answers

Which phase of incident response involves evaluating whether the issue constitutes an incident?

Detection Signup and view all the answers

What is the primary objective of the Analysis phase in incident response?

To evaluate the criticality of the incident Signup and view all the answers

What might be done during the Eradication phase to ensure that the malware is not present in other systems?

Scanning other hosts in the environment Signup and view all the answers

What is the recommended approach when dealing with very new malware or variants during the Eradication phase?