1. When you are notified that a user’s workstation or system is acting strangely

and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?

 

The first thing you should do is to isolate and quarantine the workstation. This is done in an attempt to stop the spread of the infection and/or close off access to the perpetrator.

 

 

 

  1. When an antivirus program identifies a virus and quarantines this file, has the

malware been eradicated?

 

No, this means the identified virus has been isolated so that it can no longer be activated. This does not mean that all malicious software has been eradicated or that all of it is even quarantined, given that a virus scan can potentially miss newer viruses if the antivirus software’s signature database is not up to date.

 

  1. What is the SANS Institute’s six-step incident handling process?

Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

 

 

 

  1. What is the risk of starting to contain an incident prior to completing the

identification process?

There is no risk in taking the infected workstation offline to prevent contamination to other workstations or server on the network. The isolated machine should not be powered off, it should be left in its steady state for further analysis.

 

 

 

  1. Why is it a good idea to have a security policy that defines the incident

response process in your organization?

 

It is a good idea to have a security policy that defines the incident response process because it would allow for users to act quickly and efficiently in the case of an attack/breach. At the very minimum the security policy would list who to notify in this type of situation.

 

 

 

 

  1. The post-mortem, lessons learned step is the last in the incident response

process. Why is this the most important step in the process?

There should always be a follow-up meeting to discuss the incident and make suggestions to improve the incident handling plan. Focus on preventing future occurrences of the incident that just happened.

The lessons learned during the debriefing can then be used to determine the changes that will be made to improve the incident response process next time it is put into effect.

Found something interesting ?

• On-time delivery guarantee
• PhD-level professional writers
• Free Plagiarism Report

• 100% money-back guarantee
• Absolute Privacy & Confidentiality
• High Quality custom-written papers

Related Model Questions

Feel free to peruse our college and university model questions. If any our our assignment tasks interests you, click to place your order. Every paper is written by our professional essay writers from scratch to avoid plagiarism. We guarantee highest quality of work besides delivering your paper on time.

Grab your Discount!

25% Coupon Code: SAVE25
get 25% !!