CompTIA Security+ 2.5 - Incident Response Procedures
Confidential
Breached data is no longer what?
Disturb the Environment
A first responder to a security incident must be careful not to do what?
Incident Precursor
A heads-up that an incident might occur in the future is known as what?
Buffer Overflow
A very common way to take advantage of bad software in an application or operating system is what?
Lessons Learned
A post-incident meeting is a great idea so that you can cover what?
Incident Recording
Logbooks, digital cameras, audio recorders or a dedicated laptop can be valuable tools for this.
Incident Recovery
Eradicating bugs, restoring from backups, replacing compromised files, and disabling breached user accounts are all part of what?
Sandbox
Letting an attacker think they are on a real system, but in actuality they are in a contained environment is known as what?
Attacks
One challenge of incident detection is the high volume of __________ which makes finding legitimate threats difficult.
Secure Working System
One of the first technical steps in responding to a security incident is reestablishing what?
Connectivity
Some malware can delete itself or delete system files if it loses what?
Preparation
The first step in the incident response lifecycle is what?
Post Incident Activity
The fourth step in the incident response lifecycle is what?
Detection and Analysis
The second step in the incident response lifecycle is what?
Containment Eradication and Recovery
The third step in the incident response lifecycle is what?
Incident Indicators
Things that you can monitor to see if an exploit has been successful, or an attack is underway are what?
Host-Based monitor
This device constantly monitors the system files of an individual system.
Incident Mitigation
This is designed to lessen the impact of an incident.
800-61
What NIST document covers how to handle security incidents?
Attacker
When handling a data breach, you should try to determine what?
Recurrence of the Incident
When handling an incident, after reestablishing a secure working system, you should prevent what?
Communication Methods
When preparing for an incident you may need to lay out your ___________________ which can include phones and contact information.
Phased Approach
When reconstituting after an incident, you should consider using this as it's difficult to fix everything at once.
Isolate and Contain
With a security incident, you want to ________ and _________ the problem because it's generally a bad idea to let things run their course.