The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring?
A. Unannounced audit response B. Incident response process C. Business continuity planning D. Unified threat management E. Disaster recovery process
Answer: B
Explanation: The Incident response policy outlines the processes that should be followed when an incident occurs. Thus when a CSO is contacted by a first responder and then assign a handler for the incident it is clearly the incident response process that is put in practice.
During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?
A. Lessons Learned B. Preparation C. Eradication D. Identification
Answer: B
Explanation: Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. It is important to stop malware before it ever gets hold of a system –thus you should know which malware is out there and take defensive measures – this means preparation to guard against malware infection should be done.