Incident Response Procedures

Question 1

What what is occurring when an investigator follows a set of procedures after a computer security incident?

Answer 1

Incident Response

Question 2

What do you call the overall program, regarding the response to a computer security event?

Answer 2

Incident Management Program

Question 3

What are the six steps in an Incident Response?

Answer 3

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

Exam Tip: You must know exactly the order of these steps, and what they are

Question 4

Explain the general idea of the preparation phase

What step is this?

Answer 4

Having a well planned incident response procedure.
Having a strong security posture.
Having a knowledgeable chief information security officer.

Step 1

Question 5

What step of incident response is determining that if an event should be elevated to an incident status?

What step is this?

Answer 5

Identification

Step 2

Question 6

What step of incident response is focused on isolating the incident?

What step is this?

Answer 6

Containment

Step 3

Question 7

What step of incident response is focused on removing the threat or attack?

What step is this?

Answer 7

Eradication

Step 4

Question 8

What step of incident response is focused on data restoration, system repair, and bringing the network/servers back online?

What step is this?

Answer 8

Recovery

Step 5

Question 9

What step of incident response is focused on learning from the incident?

What step is this?

Answer 9

Lessons Learned

Step 6