Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA CySA+ CS0-003 > The eradication stage of Incident response plan > Flashcards

The eradication stage of Incident response plan Flashcards

1
Q

1st Step

A

Sanitization removes all traces of the threat by overwriting the drive multiple times to ensure the threat is removed. This is the correct action for hard disk drives when you must ensure that all traces of the compromise are gone or when the validation stage indicates remaining issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2nd Step

A

Reconstruction/re-imaging means reinstalling the operating system, applying all system updates, reinstalling the anti-malware software, and implementing any organization security settings. It may also mean reimaging the device. This is the correct action to take when all traces of the compromise must be gone and you need to reuse the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Secure Disposal

A

Secure disposal is to dispose of the compromised device (or its storage drive) rather than attempting to sanitize and re-use the device. This is the correct action to take when there are no plans to reuse the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Rollback Plan

A

A rollback plan, which is used to reverse the effects of an faulty update does not take place during the recovery stage of IR. This plan, if necessary, would have been executed much earlier in the IR process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA CySA+ CS0-003 (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions