uCertify Chapter 14

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following is not a commonly recommended best practice of the incident analysis process based on NIST's guidelines?

Maintain backups of every system and device.

Matt's incident response team has collected log information and is working on identifying attackers using that information. Which two stages of the NIST incident response process is his team working on in the given scenario? Each correct answer represents a complete solution. Choose two.

Detection and analysis Containment, eradication, and recovery

Which of the following is not typically found in a cybersecurity incident report?

Identification of an attacker performing an attack

What strategy does the National Institute of Standards and Technology (NIST) suggest about identifying attackers during an incident response process?

Identifying attackers is not an important part of the incident response process

Which of the following activities is not normally conducted during the recovery validation phase?

Implementing new firewall rules

Your organization is merged with another organization in legal jurisdiction and wants to improve its network security posture in ways that do not require additional resources to implement data isolation. Which of the following would be the best solution for improving the organization's network security?

Implementing network segmentation

Alice works as a cybersecurity analyst in an organization. While monitoring, she confers with other team members and decides that even allowing limited access to other systems is an unacceptable risk and decides to prevent the quarantine VLAN from accessing any other systems by putting firewall rules in place that limit access to other enterprise systems to cut off an attack. Which strategy is Alice pursuing in the given scenario?

Isolation

Which of the following is not a common use of formal incident reports?

Sharing with other organizations

Mark works as an incident team lead at XYZ Inc. Following the successful response to a data-leakage incident, he facilitates an exercise that focuses on continuous improvement of the organization's incident response capabilities. Which of the following he has facilitated in the given scenario?

Lessons learned report

Mark, a security analyst, wants to analyze an incident and determine actions that were taken during the analysis and steps needed to prevent a future occurrence. Which of the following will he use in the given scenario?

Lessons learned report

Which of the following criteria is not normally used when evaluating the appropriateness of a cybersecurity incident containment strategy?

Log records generated by the strategy

Which of the following data elements would not normally be included in an evidence log?

Malware signatures

You've been asked to implement a policy that defines how retired hard drives are sanitized securely. Which of the following would be the least acceptable?

Format hard drives.

Sondra works as a cybersecurity analyst. She determines that an attacker has gained access to a server containing critical business files and wishes to ensure that the attacker cannot delete those files. Which of the following strategies would meet Sondra's goal in the given scenario?

None of these

Allen needs to evaluate, test, and deploy software updates. Which of the following management techniques will she use?

Patch

Joe works as a cybersecurity analyst. He would like to determine the appropriate disposition of a flash drive, which is used to gather highly sensitive evidence during an incident response effort. He does not need to reuse the drive but wants to return it to its owner who is an outside contractor. Which is the appropriate disposition option Joe considered to use for performing the task in the given scenario?

Destroy

Which incident response activity focuses on removing any artifacts of an incident that may remain on an organization's network?

Eradication

A user is responding to a security incident and determines that an attacker is using the Internet on systems on the user's network to attack a third party. Which of the following containment approaches will prevent the user's system from being used by the attacker in the given scenario?

Removal

Which of the following is not a purging activity?

Resetting a device to a factory state

Which of the following actions is not a common activity during the recovery phase of an incident response process?

Reviewing accounts and adding new privileges

After observing an attacker on the wireless connection of a system, a user decides to detach the Internet connection entirely, leaving the system running but inaccessible from outside the quarantine VLAN. Which strategy is the user pursuing to accomplish his goals in the given scenario?

Removal

Jamie works as a security worker in an organization. After a major compromise in an organization, he needs to conduct a forensic examination of the compromised systems. Which containment method should Jamie use to ensure that he can fully investigate systems that were involved while minimizing the risk to his organization's other production systems?

Removal

Which of the following activities applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques?

Purge

Which NIST publication contains guidance on cybersecurity incident handling?

SP 800-61

Which of the following tools may be used to isolate attackers so that they may not cause damage to production systems but may still be observed by cybersecurity analysts?

Sandbox

Which of the following is an act of permanently removing all the data from a storage device?

Sanitization

Which of the following activities does CompTIA classify as part of the recovery validation effort?

Scanning

Alice works as a cybersecurity analyst in an organization. She is responding to a cybersecurity incident and notices a system that she suspects is compromised. She places the system on a quarantine VLAN with limited access to other networked systems. Which containment strategy is Alice pursuing in the given scenario?

Segmentation

As part of her post-incident recovery process, Alicia created a separate virtual network, as shown in the figure, to contain compromised systems she needs to investigate. Which containment technique is Alicia using in the given scenario?

Segmentation

As part of his incident response program, Allan is designing a playcourse for zero-day threats. Which of the following should be in his plan to handle these threats? Each correct answer represents a complete solution. Choose all that apply.

Segmentation Using threat intelligence Whitelisting

Lisa is following the CompTIA process for validation after a compromise. Which of the following activities should be included in the validation phase?

Setting permissions

Which of the following pieces of information is most critical to conduct a solid incident recovery effort?

Root cause of an attack

Which of the following properly lists sanitization descriptions from least to most effective activities for media sanitization?

Clear > purge > destroy

During an incident response process, Susan heads to a compromised system and pulls its network cable. Which phase of the incident response process is Susan performing?

Containment, eradication, and recovery

Which of the following phases of incident response involves active undertakings designed to minimize the damage that an attacker might cause?

Containment, eradication, and recovery

Tamara is a cybersecurity analyst for a private business that is suffering a security breach. She believes the attackers have compromised a database containing sensitive information. Which of the following activities should be Tamara's first priority?

Containment

Bob's manager has asked him to ensure that a compromised system has purged of the compromise. What is Bob's best course of action to ensure this?

Wipe and rebuild the compromised system.

A vulnerability is discovered in an application. Before a patch is available, this vulnerability is used to gain access to sensitive data. What type of vulnerability is being described in the given scenario?

Zero-day


Ensembles d'études connexes

Immunology - Shnyra questions (3)

View Set

Pulmonary Disorders Pt 3 (CHRONIC PULMONARY DISORDERS)

View Set

The Art of Public Speaking - Chapter 12

View Set

OOP and Basic and Advanced Java QC

View Set

Civics (History and Government) Questions for the Naturalization Test URDU AND ENGLISH

View Set

substance abuse counseling test 3

View Set

C724 (Information Systems Management) - (EDITED)

View Set