题目
多项选择题
Question at position 7 What might additional tools be needed to respond to this particular incident?What indicators of the incident might the organisation detect?Which personnel would be involved in the containment, eradication, and/or recovery processes?What protocols/software/policies/hardware is in place to prevent this incident from reoccurring?What sources of evidence, if any, should the organisation acquire?Is a policy established to classify it as a malicious activity? If so, then what part of the policy is violated?What strategy should the organisation take to contain the incident? Why is this strategy preferable to others?What precursors of the incident, if any, might the organisation detect? Would any precursors cause the organisation to take action before the incident occurred?
选项
A.What might additional tools be needed to respond to this particular incident?
B.What indicators of the incident might the organisation detect?
C.Which personnel would be involved in the containment, eradication, and/or recovery processes?
D.What protocols/software/policies/hardware is in place to prevent this incident from reoccurring?
E.What sources of evidence, if any, should the organisation acquire?
F.Is a policy established to classify it as a malicious activity? If so, then what part of the policy is violated?
G.What strategy should the organisation take to contain the incident? Why is this strategy preferable to others?
H.What precursors of the incident, if any, might the organisation detect? Would any precursors cause the organisation to take action before the incident occurred?
查看解析
标准答案
Please login to view
思路分析
Start by identifying what the question stem is asking: in this case, it asks to select items that pertain to the Containment, Eradication, and Recovery phase of incident response.
Option 1: What might additional tools be needed to respond to this particular incident?
This is relevant to containment and response because having the right tools enables rapid containment, evidence collection, and remediation actions tailored to the incident. It addresses practical readiness for handling the incident specifics.
Option 2: What indicators of the incident might the organisation detect?
While indicators are important for detection and early warning, this question targ......Login to view full explanation登录即可查看完整答案
我们收录了全球超50000道考试原题与详细解析,现在登录,立即获得答案。
类似问题
During incident containment, which action is correct?
Question at position 19 When the attack is minor and unlikely to escalateWhen the root cause of the incident has been identified and requires extensive remediationWhen an organization has unlimited resourcesWhen there is a lack of skilled personnel to manage the incident
Question at position 17 NIST Special Publication 800-61r1 NIST Special Publication 800-61r2 NIST Special Publication (SP) 800-53NIST Special Publication 800-86
Question at position 13 What protocols/software/policies/hardware is in place to prevent this incident from reoccurring?What happened, and at what time?What indicators of the incident might the organisation detect?Were any wrong actions taken that caused damage or inhibited recovery?What precursors of the incident, if any, might the organisation detect? Would any precursors cause the organisation to take action before the incident occurred?What information was needed sooner?Is a policy established to classify it as a malicious activity? If so, then what part of the policy is violated?How well did the incident response team deal with the incident? Were processes followed, and were they sufficient?
更多留学生实用工具
希望你的学习变得更简单
加入我们,立即解锁 海量真题 与 独家解析,让复习快人一步!