which of the following phases of the Incident Response process should a security administrator define and impl

seenagapeNovember 11, 2016

During which of the following phases of the Incident Response process should a security administrator
define and implement general defense against malware?

PrepAway - Latest Free Exam Questions & Answers

A.
Lessons Learned

B.
Preparation

C.
Eradication

D.
Identification

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification;
Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder;
Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. It is important to
stop malware before it ever gets hold of a system –thus you should know which malware is out there and
take defensive measures – this means preparation to guard against malware infection should be done.
Incorrect Answers:
A: Lessons learned is one of the latter phases in incident response after the event occurred – this means
that general defense has not been observed.
C: Eradication is done after the infection already occurred and can thus not be considered general
defense.
D: Incident Identification presumes that the incident already occurred – thus it cannot be considered
general defense against malware.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 121-122, 429

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

CompTIA Exam Questions

Free CompTIA Study Guide

which of the following phases of the Incident Response process should a security administrator define and impl

Leave a Reply Cancel reply