Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Lab #9 - Assessment Worksheet Investigating and Responding to Security Incidents

ID: 3732854 • Letter: L

Question

Lab #9 - Assessment Worksheet

Investigating and Responding to Security Incidents

Course Name and Number: ______________________________________________________________

Student Name: ________________________________________________________________ Instructor Name: ________________________________________________________________

Lab Due Date: ________________________________________________________________

Lab Assessment Questions & Answers

1. When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?

2. When an antivirus program identifies a virus and quarantines this file, has the malware been eradicated?

3. What is the SANS Institute’s six-step incident handling process?

4. What is the risk of starting to contain an incident prior to completing the identification process?

5. Why is it a good idea to have a security policy that defines the incident response process in your organization?

6. The post-mortem, lessons learned step is the last in the incident response process. Why is this the most important step in the process?

Explanation / Answer

The Answer is as follows :

1) The first thing you should do is to review every security account in the system and all of the connected systems because you are looking for any account that shouldn't be there or can't be explained.

2) The computer is eradicated of that particular virus and any malicious software at that particular time but this does not mean that another virus or malicious software can infect the computer at a later time.

3) Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

4) There is very little risk if any.

5) The Incident response team is responsible for receiving, reviewing, and responding to computer security incident reports and activity.

6) There should regularly be a follow-up meeting to discuss the incident and make suggestions to improve the incident handling plan. Focus on preventing future occurrences of the incident that have recenty happened.

Related Questions

LaPugh Discount Perfumes has accidentally leaked one of its raw ingredients, met
Question #531716
LaPugh Discount Perfumes has accidentally leaked one of its raw ingredients, met
Question #1001945
LaRoe Lawns\' inventory increased during the year by $5.9 million. Its accounts
Question #2581415
LaRoe Lawns’ inventory increased during the year by $5.9 million. Its accounts p
Question #2418369
LaRue Industries offers a variety of stock-based compensation plans to employees
Question #2599129
LaSalle Bank loaned $8 million to Cypress Creek 1, LP, to build an apartment com
Question #470380
LaTanya Corporation is planning to issue $101,000, nine-year, 8 percent bonds. I
Question #2499834
LaTanya Corporation is planning to issue $110, 000, ten-year, 9percent bonds. In
Question #2741282

Navigate

Previous
Lab #8: Loop Practice ( for loops) IST 132- Fall 201 3 -Tom Paci-Funk Goals • us
Next
Lab #9 CS1113 Fall 2016 Write a program to implement array with method. In this

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.