Module 1 - Intro to Ethical Hacking Flashcards

1
Q

Existence of a weakness, design, or implementation error that can lead to an unexpected event compromising the security of the system.

a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot

A

a. Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A breach of IT system security through vulnerabilities.

a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot

A

b. Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer.

a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot

A

c. Payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.

a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot

A

d. Zero-Day Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information.

a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot

A

e. Daisy Chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Publishing personally identifiable information about an individual collected from publicly available databases and social media.

a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot

A

f. Doxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A software application that can be controlled remotely to execute or automate predefined tasks.

a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot

A

g. Bot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Assurance that the information is accessible only to those authorized to have access.

a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation

A

a. Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Gaurantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation

A

e. Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users.

a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation

A

c. Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The trustworthiness of data or resources in terms of preventing improper and unauthorized changes.

a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation

A

b. Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Refers to the characteristic of a communication, document or any data that ensures the quality of being genuine.

a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation

A

d. Authenticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is an on-demand delivery of IT capabilities where sensitive data of organizations and their clients is stored.

a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware

A

a. Cloud Computing Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Restricts access to the computer system’s files and folders and demands an online ransom payment to the malware creator(s) in order to remove the restrictions.

a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware

A

d. Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Are the most prevalent networking threat that are capable of infecting a network within seconds.

a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware

A

c. Viruses and Worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Is an attack that is focused on stealing information from the victim machine without thy user being aware of it.

a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware

A

b. Advanced Persistent Threats (APT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

1- Due to hardware constraints do not include complex security mechanisms.

2- Are conected to the internet with no security

3- They have many apps to access the device rmotely.

The text above refers to what security attack Verctor?

a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats

A

e. IoT Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Is a huge network of the compromised systems used by an intruder to perform various network attacks.

a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats

A

a. Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Is the practice of sending an illegitimate email falsely claiming to be from a legitimate site in an attempts to acquire a user’s personal or account information.

a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats

A

c. Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

It is an attack performed on a corporate network or on a single computer by an entrusted person who has authorized access to the network.

a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats

A

b. Insider Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Attackers target web applications to steal credentials, set up phishing site, or acquire private information to threaten the performance of the website and hamper its security.

a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats

A

d. Web Application Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Individuals who promote a political agenda by hacking, or especially by defacing or disabling websites.

a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists

A

g. Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

An unskilled hacker who compromises system by running scripts, tools, and software developed by real hackers.

a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists

A

e. Script Kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Individuals who work both offensively and defensively at various times.

a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists

A

c. Gray Hats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also know as crackers.

a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists

A

a. Black Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Individuals employed by the government to penetrate and gain top-secret information and to damage information systems of other governments.

a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists

A

f. State Sponsored Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment.

a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists

A

d. Suicide Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts. They have permission from the system owner.

a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists

A

b. White Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the 5 hacking phases?

a. Spoofing
b. Gaining Access
c. Documenting
d. Scanning/Enumeration
e. Reconnaissance/Footprinting
f. Tracking
g. Maintaining Access
h. Phishing
i. Clearing Tracks

A

e. Reconnaissance/Footprinting
d. Scanning/Enumeration
b. Gaining Access
g. Maintianing Access
i. Clearing Tracks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are the 2 types of Reconnaissance?

A

Passive & Active

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Involves acquiring information without directly interacting with the target.

a. Active
b. Passive

A

b. Passive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Involves interacting with the target directly by any means.

a. Active
b. Passive

A

a. Active

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Refers to phase when the attacker scans the network for specific information on the basis of information gathered during reconnaissance.

a. Attack
b. Pre-Attack Phase
c. Post Attack

A

b. Pre-Attack Phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Attackers extract information such as live machines, port, port status, OS details, device type, system uptime, etc. to lauch attack. What is this hacking phase?

a. Reconnnaisssance
b. Scanning
c. Gaining Access
d. Mantaining Access
e. Clearing Tracks

A

b. Scanning

35
Q

Can include use of dialers, port scanners, network mappers, ping tools, vulnerability scanners, etc.

A

Scanning Hacking Phase

36
Q

Involves the use of hacking tools, tricks, and techniques to identify vulnerabilities so as to ensure system security.

A

Ethical Hacking

37
Q

Controlled zone, as it provides a barrier between internal networks and Internet.

a. Internet Zone
b. DMZ
c. Intranet Zone
d. Management Network Zone

A

b. DMZ

38
Q

Secured zone with strict policies.

a. Internet Zone
b. DMZ
c. Intranet Zone
d. Management Network Zone

A

d. Management Network Zone

39
Q

Uncontrolled zone, as it is outside the boundaries of an organization.

a. Internet Zone
b. DMZ
c. Intranet Zone
d. Management Network Zone

A

a. Internet Zone

40
Q

Controlled zone with no heavy restrictions.

a. Internet Zone
b. DMZ
c. Intranet Zone
d. Management Network Zone

A

c. Intranet Zone

41
Q

Types of Security Policies:

No restrictions on usage of system resources.

a. Promiscuous Policy
b. Permissive Policy
c. Prudent Policy
d. Paranoid Policy

A

a. Promiscuous Policy

42
Q

Types of Security Policies:

Policy begins wide open and only known dangerous services/attacks or behaviors are blocked. It should be updated regularly to be effective.

a. Promiscuous Policy
b. Permissive Policy
c. Prudent Policy
d. Paranoid Policy

A

b. Permissive Policy

43
Q

Types of Security Policies:

It provides maximum security while allowing known but necessary dangers. It blocks all services and only save/necessary services are enabled individually; everything logged.

a. Promiscuous Policy
b. Permissive Policy
c. Prudent Policy
d. Paranoid Policy

A

c. Prudent Policy

44
Q

Types of Physical Security Control:

Prevent security violations and enforce various access control mechanisms. Examples include door lock, security guard, etc.

a. Preventive Controls
b. Detective Controls
c. Deterrent Controls
d. Recovery Controls
e. Compensating Controls

A

a. Preventive Controls

45
Q

Types of Physical Security Control:

Detect Security violations and record any intrusion attempts. Examples include motion detector, alarm systems and sensors, video surveillance, etc.

a. Preventive Controls
b. Detective Controls
c. Deterrent Controls
d. Recovery Controls
e. Compensating Controls

A

b. Detective Controls

46
Q

Types of Physical Security Control:

Used to discourage attackers and send warning messages to the attackers to discourage an intrusion attempt. Examples include various types of warning signs.

a. Preventive Controls
b. Detective Controls
c. Deterrent Controls
d. Recovery Controls
e. Compensating Controls

A

b. Deterrent Controls

47
Q

Types of Physical Security Control:

Used to recover from security violation and restore information and systems to a persistent state. Examples include disaster recovery, business continuity plans, backup systems, etc.

a. Preventive Controls
b. Detective Controls
c. Deterrent Controls
d. Recovery Controls
e. Compensating Controls

A

d. Recovery Controls

48
Q

Types of Physical Security Control:

Used as an alternative control when the intended controls failed or cannot be used. Examples include hot site, backup power system, etc. Work Arounds

a. Preventive Controls
b. Detective Controls
c. Deterrent Controls
d. Recovery Controls
e. Compensating Controls

A

e. Compensating Controls

49
Q

Risk Management:

Identifies the sources, causes, consequences, etc. of the internal and external risks affecting the security of the organization.

a. Risk Identification
b. Risk Assessment
c. Risk Treatment
d. Risk Tracking
e. Risk Review

A

a. Risk Identification

50
Q

Risk Management:

Assesses the organization’s risk and provides an estimate on the likelihood and impact of the risk.

a. Risk Identification
b. Risk Assessment
c. Risk Treatment
d. Risk Tracking
e. Risk Review

A

b. Risk Assessment

51
Q

Risk Management:

Selects and implements appropriate controls on the identified risks.

a. Risk Identification
b. Risk Assessment
c. Risk Treatment
d. Risk Tracking
e. Risk Review

A

c. Risk Treatment

52
Q

Risk Management:

Ensures appropriate controls are implemented to handle risks and identifies the chance of a new risk occurring.

a. Risk Identification
b. Risk Assessment
c. Risk Treatment
d. Risk Tracking
e. Risk Review

A

d. Risk Tracking

Coments:

Risk Identification: Identifies the sources, causes or risks.

Risk Assessment: Avaliação. Estimate the likelehood of risk.

Risk Treatment: Select and implement controls.

Risk Tracking: Varredura, verificação. Ensures appropriate controls are implemented.

Risk Review: Evaluetes the performande of implemented risk managment

53
Q

Risk Management:

Evaluates the performance of the implemented risk management strategies.

a. Risk Identification
b. Risk Assessment
c. Risk Treatment
d. Risk Tracking
e. Risk Review

A

e. Risk Review

54
Q

Performs real-time SOC (Security Operations Center) functions like identifying, monitoring, recording, auditing, and analyzing security incidents.

A

SIEM (Security Incident and Event Management)

55
Q

Used to ensure the confidentiality, integrity, and availability of the network services.

A

Network Security Controls

56
Q

Network Security Controls:

  • The selective restriction of access to a place or other system/network resource.
  • It protects information assets by determining who can and cannot access them.
  • It involves user identification, authentication, authorization, and accountablility.
    a. Access Control
    b. Identification
    c. Authentication
    d. Authorization
    e. Cryptography
    f. Accounting
    g. Security Policy
A

a. Access Control

57
Q

Types of Access Control:

Owner grants permission

a. Discretionary Access Control (DAC)
b. Mandatory Access Control (MAC)
c. Role-Based Access

A

a. Discretionary Access Control (DAC)

58
Q

Types of Access Control:

  • It does not permit the end user to decide who can access the information.
  • It does not permit the user to pass privileges to other users, as the access could then be circumvented.
    a. Discretionary Access Control (DAC)
    b. Mandatory Access Control (MAC)
    c. Role-Based Access
A

b. Mandatory Access Control (MAC)

59
Q

Types of Access Control:

  • Users can be assigned access to systems, files, and fields on a one-by-one basis whereby access is granted to the user for a particular file or system.
  • It can simplify the assignment of privileges and ensure that individuals have all the privileges necessary to perform their duties.
    a. Discretionary Access Control (DAC)
    b. Mandatory Access Control (MAC)
    c. Role-Based Access
A

c. Role-Based Access

60
Q

Information Security Controls:

Describes a method to ensure that an individual holds a valid identify. Examples: username, account no, username, CAC, etc.

a. Identification
b. Authentication
c. Authorization
d. Accounting

A

a. Identification

61
Q

Information Security Controls:

It involves validating the identity of an individual. Examples: password, PIN, etc.

a. Identification
b. Authentication
c. Authorization
d. Accounting

A

b. Authentication

62
Q

Information Security Controls:

It involves controlling the access of information for an individual. Emamples: A user can only read the file but not write to or delete it. (Access to)

a. Identification
b. Authentication
c. Authorization
d. Accounting

A

c. Authorization

63
Q

Information Security Controls:

It is a method of keeping track of user actions on the network. It keeps track of who, when, how the users access the network. It helps in identifying authorized and unauthorized actions.

a. Identification
b. Authentication
c. Authorization
d. Accounting

A

d. Accounting

64
Q

Information Security Controls:

Refers to unauthorized access or disclosure of sensitive or confidential data.

A

Data Leakage (Spillage)

65
Q

Information Security Controls:

The process of making a duplicate copy of critical data that can be used to restore and recover purposes when a primary copy is lost or corrupted either accidentally or on purpose.

A

Backup

66
Q

Penetration Testing Concepts:

A method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker can exploit.

A

Penetration Testing

67
Q

Penetration Testing Concepts:

Focuses on discovering the vulnerabilities in the information system but provides no indication if the vulnerabilities can be exploited or the amount of damage that may result from the successful exploitation of the vulnerability. Inside Passive

a. Penetration Testing
b. Vulnerability Assessment
c. Scanning/Enumeration
d. Gaining Access

A

b. Vulnerability Assessment

68
Q

Penetration Testing Concepts:

A methodological approach to security assessment that encompasses the security audit and vulnerability assessment and demonstrates if the vulnerabilities in system can be successfully exploited by attackers. Outside Active

a. Penetration Testing
b. Vulnerability Assessment
c. Scanning/Enumeration
d. Gaining Access

A

a. Penetration Testing

69
Q

Penetration Testing Concepts:

  • An approach where a set of security responders performs analysis of an information system to assess the adequacy and efficiency of its security controls.
  • Has access to all the organizational resources and information.
  • Primary role is to detect and mitigate attackers activities, and to anticipate how surprise attacks might occur.
    a. Red Teaming
    b. Gray Teaming
    c. White Teaming
    d. Blue Teaming
A

d. Blue Teaming

70
Q

Penetration Testing Concepts:

  • An approach where a team of ethical hackers perform penetration test on an information system with no or very limited access to the organization’s internal resources.
  • It may be conducted with or without warning.
  • It is proposed to detect network and system vulnerabilities and check security from an attacker’s perspective approach to network, system, or information access.
    a. Red Teaming
    b. Gray Teaming
    c. White Teaming
    d. Blue Teaming
A

a. Red Teaming

71
Q

Information Security Laws and Standards:

Provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets.

A

FISMA (Federal Information Security Management Act)

72
Q

Information Security Threats and Attack Vectors:

An attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conntected to the internet.

a. Zombie Attack
b. Denial of Service (DoS)
c. Privilege Escalation
d. Distributed Denial of Service (DDoS)
e. Input Validation
f. Error Handling

A

b. Denial of Service (DoS)

73
Q

Information Security Threats and Attack Vectors:

The act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

a. Zombie Attack
b. Denial of Service (DoS)
c. Privilege Escalation
d. Distributed Denial of Service (DDoS)
e. Input Validation
f. Error Handling

A

c. Privilege Escalation

74
Q

Information Security Threats and Attack Vectors:

Occurs when more data is put into a fixed-length buffer then the buffer can handle. The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting ythe data held in that space.

a. Phishing
b. Denial of Service (DoS)
c. Privilege Escalation
d. Buffer Overflow
e. Input Validation
f. Error Handling

A

d. Buffer Overflow

75
Q

Information Security Threats and Attacks Vectors:

Social Engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

a. Phishing
b. Denial of Service (DoS)
c. Privilege Escalation
d. Buffer Overflow
e. Input Validation
f. Error Handling

A

a. Phishing

76
Q

Information Security Controls:

________ ________ is a set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore normal service operations as quickly as possible and prevent future recurrence of the incident.

a. Classification and Prioritization
b. Detection and Analysis
c. Incident Management
d. Forensic Investigation

A

c. Incident Management

77
Q

Information Security Controls:

Once complete, the security incident requires additional review and analysis before closing the case.

a. Preparation for Incident Handline and Response
b. Detection and Analysis
c. Classification and Prioritization
d. Notification
e. Containment
f. Forensic Investigation
g. Eradication and Recovery
h. Post-Incident Activities

A

h. Post-Incident Activities

78
Q

Information Security Controls:

The process of recovering the system or network to its original state. The process is done only after the completion of all internal and external actions.

a. Preparation for Incident Handline and Response
b. Detection and Analysis
c. Classification and Prioritization
d. Notification
e. Containment
f. Forensic Investigation
g. Eradication and Recovery
h. Post-Incident Activities

A

g. Eradication and Recovery

79
Q

Information Security Controls:

Performed to find the root cause of the incident to know what exactly happened to the information system.

a. Preparation for Incident Handline and Response
b. Detection and Analysis
c. Classification and Prioritization
d. Notification
e. Containment
f. Forensic Investigation
g. Eradication and Recovery
h. Post-Incident Activities

A

f. Forensic Investigation

80
Q

Information Security Controls:

  • Is a crucial step in the incident management process that focuses on preventing additional damage.
  • Ensuring all the critical and essential computer resources are kept and protected at a safe place.
  • Regular check on infected system is done to know their operational status.
    a. Preparation for Incident Handline and Response
    b. Detection and Analysis
    c. Classification and Prioritization
    d. Notification
    e. Containment
    f. Forensic Investigation
    g. Eradication and Recovery
    h. Post-Incident Activities
A

e. Containment

81
Q

Information Security Controls:

After the incident has been identified and classified, suitable people and teams are notified about the problem.

a. Preparation for Incident Handline and Response
b. Detection and Analysis
c. Classification and Prioritization
d. Notification
e. Containment
f. Forensic Investigation
g. Eradication and Recovery
h. Post-Incident Activities

A

d. Notification

82
Q

Information Security Controls:

Each incident is categorized and sub-categorized to troubleshoot the incident securely. Accurate categorization helps to allocate the management to the right team that has the appropriate knowledge and skills to handle the situation in real time.

a. Preparation for Incident Handline and Response
b. Detection and Analysis
c. Classification and Prioritization
d. Notification
e. Containment
f. Forensic Investigation
g. Eradication and Recovery
h. Post-Incident Activities

A

c. Classification and Prioritization

83
Q

Information Security Controls:

  • Security events are monitored and carefully analyzed using firewalls, intrusion detection and prevention systems, etc.
  • Identifying signatures of an incident, analyzing those signatures, recording the incident, prioritizing various incidents and alerting incidents.
    a. Preparation for Incident Handline and Response
    b. Detection and Analysis
    c. Classification and Prioritization
    d. Notification
    e. Containment
    f. Forensic Investigation
    g. Eradication and Recovery
    h. Post-Incident Activities
A

b. Detection and Analysis

Comments:

Classification and Priorization also prioritaze. The main question here is “dentifying signatures of an incident, analyzing those signatures”

84
Q

Information Security Controls:

  • All the actions are pre-planned and detailed guidelines are provided to the employees at this step.
  • Various policies and procedures are established to stay well equipped.
    a. Preparation for Incident Handline and Response
    b. Detection and Analysis
    c. Classification and Prioritization
    d. Notification
    e. Containment
    f. Forensic Investigation
    g. Eradication and Recovery
    h. Post-Incident Activities
A

a. Preparation for Incident Handling and Response