#Sales Offer!| Get upto 25% Off:
SAVE25
Log In

When an antivirus program identifies a virus and quarantines this file, has the malware been eradicated

  1. When you are notified that a user’s workstation or system is acting strangely

and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?

 

The first thing you should do is to isolate and quarantine the workstation. This is done in an attempt to stop the spread of the infection and/or close off access to the perpetrator.

 

 

 

  1. When an antivirus program identifies a virus and quarantines this file, has the

malware been eradicated?

 

No, this means the identified virus has been isolated so that it can no longer be activated. This does not mean that all malicious software has been eradicated or that all of it is even quarantined, given that a virus scan can potentially miss newer viruses if the antivirus software’s signature database is not up to date.

 

  1. What is the SANS Institute’s six-step incident handling process?

Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

 

 

 

  1. What is the risk of starting to contain an incident prior to completing the

identification process?

There is no risk in taking the infected workstation offline to prevent contamination to other workstations or server on the network. The isolated machine should not be powered off, it should be left in its steady state for further analysis.

 

 

 

  1. Why is it a good idea to have a security policy that defines the incident

response process in your organization?

 

It is a good idea to have a security policy that defines the incident response process because it would allow for users to act quickly and efficiently in the case of an attack/breach. At the very minimum the security policy would list who to notify in this type of situation.

 

 

 

 

  1. The post-mortem, lessons learned step is the last in the incident response

process. Why is this the most important step in the process?

There should always be a follow-up meeting to discuss the incident and make suggestions to improve the incident handling plan. Focus on preventing future occurrences of the incident that just happened.

The lessons learned during the debriefing can then be used to determine the changes that will be made to improve the incident response process next time it is put into effect.

Click here to order
Share this :

Found something interesting ?

We don't just promise. Here is what we guarantee!

• On-time delivery guarantee
• PhD-level professional writers
• Free Plagiarism Report

• 100% money-back guarantee
• Absolute Privacy & Confidentiality
• High Quality custom-written papers

Order Now

Related Model Questions

Feel free to peruse our college and university model questions. If any our our assignment tasks interests you, click to place your order. Every paper is written by our professional essay writers from scratch to avoid plagiarism. We guarantee highest quality of work besides delivering your paper on time.
Site Logo for EssayBureau.com essay company limited

ESSAYBUREAU.COM

We are your most trusted essay writing company in provision of quality research papers, coursework and assignments

Sitemap

All papers are meant to assist in further research only and attribution must be done to avoid plagiarism.
We Accept Payment of all Cards
A photo of all major card payments accepted by EssayBureau.com
© 2023. EssayBureau.com. All rights reserved!

Grab your Discount!

25% Coupon Code: SAVE25
Order Now
get 25% !!