Incident Response Management Questions

What is the primary purpose of a root cause analysis (RCA) after a security incident?

During forensic analysis of a compromised endpoint, an analyst discovers a malicious binary in the Windows Temp directory that was executed by a sched...

What is the purpose of a tabletop exercise in incident response?

During a post-incident review following a data breach, the team finds that the attacker used a compromised vendor VPN account for initial access. The ...

An incident has been detected where an attacker accessed an administrative account using stolen credentials. After containing the incident, what is th...

What is the purpose of an incident response plan (IRP)?

A security analyst is performing memory forensics on a compromised endpoint and discovers an injected DLL running in the context of a legitimate Windo...

An incident response team has successfully contained and eradicated malware from a compromised server. Before returning the server to production, whic...

During incident response to a confirmed insider threat, legal counsel informs the IR team that evidence may be needed for legal proceedings. Which evi...

What does the term 'eradication' mean in the context of the incident response lifecycle?

A security analyst is performing forensic analysis on a potentially compromised system and needs to preserve a bit-for-bit copy of the hard drive. Whi...

A CISO is reviewing the organization's incident response capability and finds there is no defined criteria for when an analyst should escalate an inci...

After completing eradication of malware from a compromised server, the incident response team determines the server's OS needs to be rebuilt from scra...

A security operations center receives a threat intelligence report indicating a specific adversary group is actively targeting organizations in their ...

What is the Diamond Model of Intrusion Analysis used for?