Incident Handling Part 2

The goal is to get rid of the attacker's artifacts on the machine?
Preperation
Eradication
Recovery
If you have Rootkit or kernel level Rootkit what should you do?
Wipe the drive, reformat and rebuild the system from the original.
Install antivirus.
Do nothing.
What should you remove in case of an incident.
Virus infestations
Backdoors
Rootkit and Kernel level rootkit
All of the above.
What is the only right step in improving defenses of your system
Null routing IP Address
Applying passwords that is short in length
Not applying firewalls and router filters.
Not changing DNS names.
Attackers often use the same exploits and backdoors on multiple machine.
True
False
What should you do in a vulnerability analysis?
Perform system vulnerability analysis
Perform network vulnerability analysis
If possible, scan your networks for interesting ports
All of the above
The goal of this phase is to put the impacted systems back in production
Preperation
Eradication
Recovery
Lessons learned
You should monitor the system in case of backdoors that escaped detention after the recovery phase?
True
False
This phase is where we should document what happened and how to improve operations to prevent another successful attack?
Eradication
Recovery
Lessons learned
Preperation
You should not develop a follow up report right after recovery?
True
False
How long should it take for you to conduct a meeting after resuming production?
2 weeks
4 weeks
6 months
1 year
Based on what you've learn in the process on what things you should get appropriate approval and funding to fix?
Your process
Your technology
Improved incident handling capabilities
All of the above.
Being agitated and panicky during an incident is a must?
True
False
0
{"name":"Incident Handling Part 2", "url":"https://www.quiz-maker.com/QN5YHT4","txt":"The goal is to get rid of the attacker's artifacts on the machine?, If you have Rootkit or kernel level Rootkit what should you do?, What should you remove in case of an incident.","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}