14-Containment, Eradication, and Recovery

Ace your homework & exams now with Quizwiz!

Applies logical methods to sanitize data in all user-addressable storage locations A)Purge B)Clear C)Destroy

Clear

Tamara is a cybersecurity analyst for a private business that is suffering a security breach. She believes the attackers have compromised a database containing sensitive information. Which of the following activities should be Tamara's first priority? A)Eradication B)Identification of the source of an attack C)Recovery D)Containment

Containment

Which of the following phases of incident response involves active undertakings designed to minimize the damage that an attacker might cause? A)Preparation B)Post-incident activity C)Detection and analysis D)Containment, eradication, and recovery

Containment, eradication, and recovery

Joe works as a cybersecurity analyst. He would like to determine the appropriate disposition of a flash drive, which is used to gather highly sensitive evidence during an incident response effort. He does not need to reuse the drive but wants to return it to its owner who is an outside contractor. Which is the appropriate disposition option Joe considered to use for performing the task in the given scenario? A)Erase B)Purge C)Destroy D)Clear

Destroy

Renders target data recovery infeasible using state-of-the-art laboratory methods and results in the subsequent inability to use media for storage of data A)Purge B)Clear C)Destroy

Destroy

Which incident response activity focuses on removing any artifacts of an incident that may remain on an organization's network? A)Post-incident Activity B)Eradication C)Containment D)Recovery

Eradication

Question 6 :Which of the following is not typically found in a cybersecurity incident report? A)Chronology of events for an incident and response efforts B)Identification of an attacker performing an attack C)Estimates of the impact of an incident on an organization and its stakeholders D)Documentation of issues identified during the lessons learned review

Identification of an attacker performing an attack

Which of the following activities is not normally conducted during the recovery validation phase? A)Implementing new firewall rules B)Conducting vulnerability scans on all systems C)Verifying that all systems are logging properly D)Verifying the proper restoration of permissions assigned to each account

Implementing new firewall rules

Alice works as a cybersecurity analyst in an organization. While monitoring, she confers with other team members and decides that even allowing limited access to other systems is an unacceptable risk and decides to prevent the quarantine VLAN from accessing any other systems by putting firewall rules in place that limit access to other enterprise systems to cut off an attack. Which strategy is Alice pursuing in the given scenario? A)Eradication B)Removal C)Segmentation D)Isolation

Isolation

Connects a quarantine network directly to the Internet and provides no access to other systems A)Isolation B)Segmentation C)Removal

Isolation

Which of the following criteria is not normally used when evaluating the appropriateness of a cybersecurity incident containment strategy? A)Evidence preservation requirements B)Log records generated by the strategy C)Cost of the strategy D)Effectiveness of the strategy

Log records generated by the strategy

Which of the following data elements would not normally be included in an evidence log? A)Record of handling B)Storage location C)Malware signatures D)Serial number

Malware signatures

Sondra works as a cybersecurity analyst. She determines that an attacker has gained access to a server containing critical business files and wishes to ensure that the attacker cannot delete those files. Which of the following strategies would meet Sondra's goal in the given scenario? A)Isolation B)None of these C)Removal D)Segmentation

None of these

Applies physical or logical methods that render target data recovery infeasible using laboratory methods A)Purge B)Clear C)Destroy

Purge

Which of the following activities applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques? A)Clear B)Destroy C)Purge D)Erase

Purge

Eliminates the need to reconfigure everything except reconfiguring standard images A)Sanitization B)Reconstruction/Reimage

Reconstruction/Reimage

Involves reinstalling operating systems, updating systems, and implementing security settings of any organization A)Sanitization B)Reconstruction/Reimage

Reconstruction/Reimage

A user is responding to a security incident and determines that an attacker is using the Internet on systems on the user's network to attack a third party. Which of the following containment approaches will prevent the user's system from being used by the attacker in the given scenario? A)Removal B)Segmentation C)Detection D)Isolation

Removal

After observing an attacker on the wireless connection of a system, a user decides to detach the Internet connection entirely, leaving the system running but inaccessible from outside the quarantine VLAN. Which strategy is the user pursuing to accomplish his goals in the given scenario? A)Segmentation B)Isolation C)Eradication D)Removal

Removal

Disconnects affected systems completely from other networks A)Isolation B)Segmentation C)Removal

Removal

Which of the following is not a purging activity? A)Block erase B)Cryptographic erase C)Resetting a device to a factory state D)Overwriting

Resetting a device to a factory state

What are the elements included in a post-incident report? A) The root cause of the incident B) The location and description of evidence gathered C) Results of the new security controls D) Chronology of the events for the incident and response efforts E) Estimates the impact of the incident on a organization F) Remediation of the issues identified G)Results of post-recovery validation efforts H)Documentation of issues identified during the lessons-learned review

Results of post-recovery validation efforts Estimates the impact of the incident on an organization Documentation of issues identified during the lessons-learned review Chronology of events for the incident and response efforts The root cause of an incident The location and description of evidence gathered

Which of the following pieces of information is most critical to conduct a solid incident recovery effort? A)Identification of an attacker B)Time of an attack C)Root cause of an attack D)Attacks on other organizations

Root cause of an attack

Which NIST publication contains guidance on cybersecurity incident handling? A)SP 800-88 B)SP 800-18 C)SP 800-61 D)SP 800-53

SP 800-61

Which of the following tools may be used to isolate attackers so that they may not cause damage to production systems but may still be observed by cybersecurity analysts? A)Data loss prevention B)Intrusion detection system C)Playpen D)Sandbox

Sandbox

Refers to removing all traces of a threat by overwriting a drive multiple times A)Sanitization B)Reconstruction/Reimage

Sanitization

Works well for mechanical hard disk drives but not with solid-state drives as they cannot be overwritten A)Sanitization B)Reconstruction/Reimage

Sanitization

Which of the following activities does CompTIA classify as part of the recovery validation effort? A)Secure disposal B)Sanitization C)Rebuilding systems D)Scanning

Scanning

Alice works as a cybersecurity analyst in an organization. She is responding to a cybersecurity incident and notices a system that she suspects is compromised. She places the system on a quarantine VLAN with limited access to other networked systems. Which containment strategy is Alice pursuing in the given scenario? A)Isolation B)Segmentation C)Removal D)Eradication

Segmentation

Prevents the spread of future security incidents by splitting a computer network into subnetworks A)Isolation B)Segmentation C)Removal

Segmentation

Which of the following is not a common use of formal incident reports? A)Developing new security controls B)Assisting with legal action C)Training new team members D)Sharing with other organizations

Sharing with other organizations

A media sanitization option that applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple noninvasive data recovery techniques. A)destroy B)clear C)isolation D)removal E)purge

clear

An incident response phase that isolates an incident and prevents it from spreading further. A)recovery B)eradication C)degaussing D)containment E)sanitization

containment

A form of purging that uses extremely strong magnetic fields to disrupt stored data on a device. A)recovery B)eradication C)degaussing D)containment E)sanitization

degaussing

A media sanitization option that renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data. A)destroy B)clear C)isolation D)removal E)purge

destroy

An incident response phase that removes any of the artifacts of an incident that may remain in an organization's network. A)recovery B)eradication C)degaussing D)containment E)sanitization

eradication

A containment technique that connects a quarantine network directly to the Internet and provides no access to other systems. A)destroy B)clear C)isolation D)removal E)purge

isolation

A media sanitization option that applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques. A)destroy B)clear C)isolation D)removal E)purge

purge

An incident response phase that focuses on restoring normal operations and correcting security control deficiencies that may have led to an attack. A)recovery B)eradication C)degaussing D)containment E)sanitization

recovery

A containment technique that disconnects affected systems completely from other networks. A)destroy B)clear C)isolation D)removal E)purge

removal

A thorough process of completely removing data from a storage medium so that data cannot be recovered. A)recovery B)eradication C)degaussing D)containment E)sanitization

sanitization


Related study sets

ASTRO 7N - UNIT 4 PART 1 (convo)

View Set

Homework: HW1 Applications of Functions (3.3 & 3.4)

View Set

ERGONOMICS SAFE PATIENT HANDLING OSHA

View Set

Appendix 2A - Activity-Based absorption Costing

View Set

Microeconomics exam 2 - review questions

View Set

Chapter 37: Drugs Therapy for Peptic Ulcer Disease and Hyperacidity

View Set