Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA CySA+ CS0-003 > Containment, Eradication and Recovery > Flashcards

Containment, Eradication and Recovery Flashcards

3rd Phase of Incident Response Plan

1
Q

Containment

A

reduce or eliminate the spread of the incident; includes preserving evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Eradication

A

return all systems to a known good state; rebuild systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Recovery

A

identify the relevant attack vectors and implement countermeasures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What criteria you need to consider in Containment

A

Scope
Segmentation (micro)
Isolation
Removal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To Remove or Not Remove

A

Threat Intelligence value
Crime Scene Evidence
Ability to restore

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What criteria you need to consider in Eradication?

A

All systems returned to a known good state

Be sure to gather Evidence first

Rebuild instead of repair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What criteria you need to consider in Recovery?

A

Vulnerability mitigations

Sanitization

Reconstruction

Secure Disposal

Patching - vendor specific patch requirement

Permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Factors for Considerations

A

Impact

Isolation

remediation

Compensating controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA CySA+ CS0-003 (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions