Generally, the three phases of a computer forensics investigation are to acquire
ID: 376545 • Letter: G
Question
Generally, the three phases of a computer forensics investigation are to acquire the evidence, authenticate the evidence, and then analyze the evidence.
True
False
A Syn flood attack is an older kind of DoS attack and is no longer used.
True
False
As you enter the detection and analysis phase of the incident handling process, what is an action you might take?
running a virus scan
creating a CIRT plan
performing a backup
launching a counter-attack against the source of the incident
Worms are a type of malware that executes when a user visits a website or opens an e-mail.
True
False
If, during the course of their investigation into the incident, CIRT members have a chance to launch a counter-attack on the attackers who first caused the incident, they should take the opportunity to do so. Launching a counter-attack is important to protecting CBFs.
True
False
Incident response teams often ____________________.
rely on help from SMEs
assess fees for violations in the chain of custody
help create the CIRT plan
work closely with the BCP coordinator
CIRT stands for ____________.
computer information recovery technology
critical information response teams
critical information recovery technology
computer incident response teams
Once attackers gain access, they try to __________.
use privilege escalation techniques to gain additional access
exploit that access
attack or deface a Web server
view or copy sensitive data without authorization
What is NOT a step in the process of hardening a server?
installing AVs
reducing the attack surface
enabling IDSs
enabling firewalls
Use of anonymizers is encouraged in most workplaces, because anonymizers encrypt data and make it harder for attackers to gain access.
True
False
What is NOT an indication that a DoS attack is occurring?
if the IDS system alerts an attack
if users report that they are receiving a large amount of popup ads
if users report system unavailability
if there are unexplained connection losses
What is not a consideration on a DoS checklist?
eradication
recovery
encryption
containment
Defining a computer security incident is _______.
unnecessary because all members of a CIRT team should know what all the definitions are
done by software
a best practice when implementing your CIRT plan
done collectively by all CIRT members
Once you’ve identified how to calculate the impact and priority, you can then focus on checklists.
True
False
What is the purpose of a CIRT plan?
to help an organization prepare for computer incidents
to help an organization respond to computer incidents
to ensure that CBFs are not affected by computer attacks
to facilitate an easy recovery in the event of an attack
A computer incident and a computer security incident are synonymous terms.
True
False
The primary method of protecting against malware is education and training, although the secondary method of protection, antivirus software, is also quite helpful.
True
False
One of the main problems with P2P software is data leakage.
True
False
Members of a CIRT team are usually identified by __________, rather than by ___________ within the plan.
title, CIRT duty
title, name
CIRT duty, title
name, title
New types of malware appear on a daily basis.
True
False
running a virus scan
creating a CIRT plan
performing a backup
launching a counter-attack against the source of the incident
Explanation / Answer
1. True
2. False. It is used but rarely.
3. a. running a virus scan
4. False. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them.
Note: Please post 4 questions or less. We have the right to select atleast or equal to 4 questions in a query submitted
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.