Incident Response Process Flashcards

1
Q

What is an Incident?

A

act of violating an explicit or implied security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Incident Response Procedures?

A

Guidelines for handling security incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 7 Phases of the CompTIA Incident Response Cycle?

A
  1. preparation
  2. detection
  3. analysis
  4. containment
  5. eradication
  6. recovery
  7. post-incident activity or lesson learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain Preparation in the incident Response Lifecycle

A

Involves strengthening systems and networks to resist attacks

Done for getting ready for future incidents to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain Detection in the Incident Response Lifecycle

A

Identifies security incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain Analysis in the Incident Response Lifecycle

A

Involves a thorough examination and evaluation of the incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain Containment in the Incident Response Lifecycle

A

Limits the incidents impact by securing data and protecting business operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain Eradication in the Incident Response Lifecycle

A

Happens right after containment and aims to remove the malicious activity from a system or network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain Recovery in the Incident Response Lifecycle

A

Restores systems and services to their secure state after an incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain Post-incident activity or lesson learned in the Incident Response Lifecycle

A

occurs after the system has been contained and malicious activity was eradicated and the system is fully recovered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Root Cause Analysis?

A

Identifies the incidents source and how to prevent it in the future
4 step process:
1. Define/scope the incident
2. Determine the causal relationship that led to the incident
3. Identify an effective solution
4. Implement and track the solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the Lessons Learned Process?

A

Document experiences during incidents in a formalized way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is After-Action Report?

A

Formalized report that collects information about what happened.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly