GCGA Ch. 11 Incident Response (ST)

Question 1

Incident response policy

Answer 1

defines incident response procedures. Organizations review and update incidents periodically and after reviewing lessons learned after actual incidents.

Question 2

Communication plan

Answer 2

identifies who to inform when an incident occurs. It also outlines the roles and responsibilities of various personnel, including a communication expert that would communicate with the media.

Question 3

First step in incident response

Answer 3

preparation. It includes creating and maintaining an incident response policy and includes prevention steps such as implementing security controls to prevent malware infections.

Question 4

Second step in incident response

Answer 4

analysis. After detecting a potential incident, personnel perform an analysis to confirm that a security incident is underway.

Question 5

Third step in incident response

Answer 5

containment. Next, they attempt to contain or isolate the problem. Disconnecting a computer from a network will isolate it.

Question 6

Fourth step in incident response

Answer 6

eradication attempts to remove all malicious components left after an incident. Recovery restores a system to its original state. Depending on the scope of the incident, administrators might completely rebuild the system, including applying all updates and patches.

Question 7

Reviewing lessons learned

Answer 7

A review of lessons learned helps an organization prevent a reoccurrence of an incident.

Question 8

Tabletop exercises vs simulations

Answer 8

Tabletop exercises are a type of scenario-based training where participants discuss and analyze a hypothetical incident in a non-threatening environment, whereas simulations involve recreating real-world incidents as closely as possible.