Ch17 Flashcards
List the incident response steps
Detection Response Mitigation Reporting Recovery Remediation Lessons Learned
After detecting and verifying an incident, the first response is
contain the incident while protecting evidence.
what 2 stages include root cause analysis to determine the cause and recommend solutions to prevent a reoccurrence.
first remediation stage and then lessons learned stages
what stage is where a system may need to be rebuilt
recovery stage
what is an active response of an IDS
actively changing the environment, some people refer to an active IDS as an IPS such as block malicious traffic before it reaches its target
IPS must be placed inline with the network traffic
True
monitors a single system and hackers can discover and disable them
HIDS
monitors network traffic and is not visible to hackers
NIDS
a system that often has pseudo flaws and fake data to lure intruders.
honeypot
what is the difference between honeypot and padded cell
honeypot lures attacker but the attacker is transferred to a padded cell usually by IDS
what uses precise mathematical functions to extract meaningful information from a large volume of data
Statistical sampling
what is a form of nonstatistical sampling that records only events that exceed a threshold
Clipping
Is reporting the incident based on policies and governing laws the first step
No - Organizations report the incident based on policies and governing laws, but this is not the first step
attempts to identify the cause of the incident and steps that can be taken to prevent a reoccurrence
Remediation
Do you gather the evidence before, during or after containing an incident
important to protect evidence while trying to contain an incident, but gathering the evidence will occur after containment.
most common distribution method for malware
drive by download
