4.2 Policies / Processes Incident Response

Question 1

During which incident response phase is the preservation of evidence performed?

Answer 1

Containment, eradication, and recovery: preserve forensic and incident information for future needs, prevent future attacks or bring up an attacker on criminal charges

Question 2

Incident Response Phase - PREPARATION

Answer 2

incident response team conducts training, prepares their incident response kits, and researches threats and intelligence

Question 3

Incident Response Phase - DETECTION and ANALYSIS

Answer 3

an organization focuses on monitoring and detecting any possible malicious events or attacks

Question 4

Incident Response Phase - POST INCIDENT ACTIVITY

Answer 4

the organization conducts after-action reports, creates lessons learned, and conducts follow-up actions to better prevent another incident from occurring

Question 5

Lessons Learned Report

Answer 5

provides you with the details of the incident, its severity, the remediation method, and, most importantly, how effective your response was. Additionally, it provides recommendations for improvements in the future

Question 6

What does a forensic analysis report not provide?

Answer 6

recommendations for future improvements, even though it provides many of the other details

Question 7

Trend Analysis Report

Answer 7

describes whether behaviors have increased, decreased, or stayed the same over time

Question 8

chain of custody report

Answer 8

chronological documentation or paper trail that records the custody, control, transfer, analysis, and disposition of physical or electronic evidence