Who should be contacted FIRST in the event of a security breach?

Who should be contacted FIRST in the event of a security breach?

In which of the following steps of incident response does a team analyse the incident and
determine steps to prevent a future occurrence?

After a recent security breach, the network administrator has been tasked to update and backup
all router and switch configurations. The security administrator has been tasked to enforce stricter
security policies. All users were forced to undergo additional user awareness training. All of these
actions are due to which of the following types of risk mitigation strategies?

A server dedicated to the storage and processing of sensitive information was compromised with a
rootkit and sensitive data was extracted. Which of the following incident response procedures is
best suited to restore the server?

In the initial stages of an incident response, Matt, the security administrator, was provided the hard
drives in question from the incident manager. Which of the following incident response procedures
would he need to perform in order to begin the analysis? (Select TWO).

In the initial stages of an incident response, Matt, the security administrator, was provided the hard
drives in question from the incident manager. Which of the following incident response procedures
would he need to perform in order to begin the analysis? (Select TWO).

Which of the following is the LEAST volatile when performing incident response procedures?

Which of the following is the LEAST volatile when performing incident response procedures?

The security officer is preparing a read-only USB stick with a document of important personal
phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At
which of the following points in an incident should the officer instruct employees to use this
information?