5.4 Given a scenario, follow incident response procedures. Flashcards

1
Q

Event

A

Defined as anything that happens during a set time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Incident

A

Defined as an event that has a negative impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Incident Response Plan (IRP)

A

A set of written instructions for reacting to a security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cyber-incident Response Teams (CIRT)

A

A dedicated team that is responsible for the investigation of any computer security incidents that occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Exercise

A
  • Put simply, testing the IRP.
  • Used to evaluate the preparedness of CIRT.
  • A fire drill is an example of testing the IRP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Preparation

A

Equipping IT staff, management, and users to handle potential incidents when they arise.
Includes hardening systems in order to prevent and attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Identification

A

Determining whether an event is actually an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Containment

A

Limiting the damage of the incident and isolating those systems that are impacted and prevent the incident from spreading thus preventing further damage.

Quarantine/Isolation of the system to prevent spread.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Eradication

A

Includes the processes used to remove or eliminate the cause of an incident.
(Wipe it out)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Recovery

A

The process of removing and damaged elements from the environment and replacing them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lessons Learned

A
  • The final step in the Incident Response Process.

* Perform an After Action Review of the incident and apply any required changes to the IRP and future responses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
In what phase of an incident response plan does the organization return to normal operations after handling a violating event?
A. Containment
B. Lessons Learned
C. Recovery
D. Eradication
A

C. Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ben has been asked to work on a report that will analyze the results of an incident exercise with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will he be working on?
A. Containment report
B. After Action Report
C. Identification of critical systems repor
D. Eradication Report

A

B. After Action Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
It has been reported that someone has caused an information spillage incident on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in the incident response process did you just complete?
A. Identification
B. Isolation
C. Eradication
D. Containment
A

D. Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly