CompTIA Security+ 2.5 - Incident Response Procedures

Confidential

Breached data is no longer what?

Disturb the Environment

A first responder to a security incident must be careful not to do what?

Incident Precursor

A heads-up that an incident might occur in the future is known as what?

Buffer Overflow

A very common way to take advantage of bad software in an application or operating system is what?

Lessons Learned

A post-incident meeting is a great idea so that you can cover what?

Incident Recording

Logbooks, digital cameras, audio recorders or a dedicated laptop can be valuable tools for this.

Incident Recovery

Eradicating bugs, restoring from backups, replacing compromised files, and disabling breached user accounts are all part of what?

Sandbox

Letting an attacker think they are on a real system, but in actuality they are in a contained environment is known as what?

Attacks

One challenge of incident detection is the high volume of __________ which makes finding legitimate threats difficult.

Secure Working System

One of the first technical steps in responding to a security incident is reestablishing what?

Connectivity

Some malware can delete itself or delete system files if it loses what?

Preparation

The first step in the incident response lifecycle is what?

Post Incident Activity

The fourth step in the incident response lifecycle is what?

Detection and Analysis

The second step in the incident response lifecycle is what?

Containment Eradication and Recovery

The third step in the incident response lifecycle is what?

Incident Indicators

Things that you can monitor to see if an exploit has been successful, or an attack is underway are what?

Host-Based monitor

This device constantly monitors the system files of an individual system.

Incident Mitigation

This is designed to lessen the impact of an incident.

800-61

What NIST document covers how to handle security incidents?

Attacker

When handling a data breach, you should try to determine what?

Recurrence of the Incident

When handling an incident, after reestablishing a secure working system, you should prevent what?

Communication Methods

When preparing for an incident you may need to lay out your ___________________ which can include phones and contact information.

Phased Approach

When reconstituting after an incident, you should consider using this as it's difficult to fix everything at once.

Isolate and Contain

With a security incident, you want to ________ and _________ the problem because it's generally a bad idea to let things run their course.