Responding To Incidents Flashcards

1
Q

security incidents are adverse events that affect the _____, _____, or _____ of data within the organization

A

security incidents are adverse events that affect the CONFIDENTIALITY, INTEGRITY, or AVAILABILITY of data within the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Incident Response Procedures start with what…

a) Reporting the incident
b) Logging the incident
c) preparation to prevent incidents

A

c) this is often in the form of exercises to simulate an incident and are contained in the Incident response Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which document provides details steps for personnel to use when responding to an incident?

A

The IRP (Incident Response Plan)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What phase of the Incident Response Process includes creating the Incident Response Plan and establishing procedures to prevent incidents like security controls?

A

Preparation phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What 4 phases of an Incident Response Process come after Preparation?

A

Identification
Eradication
Recovery
Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List the 6 Orders of Volatility in order of most to least

A
Cache Memory
RAM
Paging File
Data on disk
Logs on remote systems
Archive media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What would you do before taking a forensic image of a drive?

A

Run a hash before taking the image so you can compare it to another hash taken after the image capture is complete. This is to ensure the imaging process hasn’t disturbed the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What important piece of information do you need to know about when reviewing cctv footage? Why?

A

the record time off-set

So you can calculate the exact time of an event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A ____ __ ____ is a process that provides assurances that evidence has been
controlled and handled properly after collection.

A

chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If a company os ordered by a court to retain data, what is the name of this legal maneuver?

A

a legal hold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If an organization wants to obtain more information about the network and systems during an attack, what strategy can they use? What does it do?

A

an active logging strategy. It’s simply just increasing the level of logging that systems can record to capture more data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a security incident, recording the man-hours and expenses incurred feeds into what type of risk assessment?

A

Quantitative Risk Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly