Question 70 (practice exam 12) (additional)

0.0(0)
Studied by 0 people
linked notesView linked note
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/7

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 11:54 AM on 4/17/24
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

8 Terms

1
New cards

Containment Phase

The primary goal is to isolate and prevent the further spread or escalation of the security incident.

2
New cards

System Administrator Actions for Containment

Physically disconnecting the Ethernet cable, disabling unknown user accounts, and configuring firewall rules to block suspicious activities.

3
New cards

Difference between Containment and Eradication

Containment isolates and limits the incident, while eradication removes the root cause and restores systems.

4
New cards

Phase after Containment

Eradication phase.

5
New cards

Lessons Learned Phase

Involves documenting insights and enhancing processes for future incidents.

6
New cards

Preparation Phase

Involves preparing contact information, tools, and processes in advance.

7
New cards

Immediate Removal of Unknown User Account

Represents the Eradication phase.

8
New cards

Risk of Not Properly Containing Incident

Allowing the incident to spread or escalate, leading to more damage or compromising additional systems.