CompTIA CySA+ CS0-003 Deck 7 Flashcards
Learn key concepts found in the CompTIA CySA+ CS0-003 Exam.
What provides direction and focus, enabling organizations to achieve strategic goals and objectives?
Action Plans
What is released by developers and often represents the first line of defense against the exploitation of software vulnerabilities?
Security Patches
(IRP)
Incident Response Plans
(IRP) Incident Response Plans
Specific procedures that must be performed if a certain type of event is detected or reported.
Playbooks
A checklist of actions to perform to detect and respond to a specific type of incident.
Tabletop Exercise
A discussion of simulated emergency situations and security incidents.
(LLR)
Lessons Learned Report
(LLR) Lessons Learned Report
An analysis of events that can provide insight into how to improve response and support processes in the future.
(BC)
Business Continuity
(BC) Business Continuity
A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.
(DR)
Disaster Recovery
(DR) Disaster Recovery
A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.
What is the first step in the incident response process?
Preparation (Planning)
Digital Forensics
The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.
Chain of Custody
Record of evidence-handling from collection to presentation in court to disposal.
Legal Hold
A process designed to preserve all relevant information when litigation is reasonably expected to occur.