Which of the following are activities conducted during the initial response portion of the incident response plan?
A. Incident declaration, internal notification, and activation of an incident response team
B. Steps taken to prevent the incident from spreading
C. Establishing processes and a knowledge base to accurately detect and assess precursors and indicators
D. Elimination of components of the incident
Answer: A
Explanation: Incident declaration, internal notification, and activation of an incident response team is part of initial response. Detection and investigation portion of the incident response plan includes establishing processes and a knowledge base to accurately detect and assess precursors and indicators. Containment includes the steps taken to prevent the incident from spreading. Eradication and recovery includes the elimination of components of the incident.
You might also like to view...
The Linux administrator need to restart the DNS service on a remote server. He connects using SSH, and once authenticated he executes the command: servicebind restart If he is not logged in as root, what will be the response of the DNS server?
A. access denied B. dependent service failed to start C. unable to restart BIND D. enter your password
MMC is designed to be used in a domain environment; however, in a workgroup environment with different security boundaries, you might be required to use the Run As function for a custom MMC console
Indicate whether the statement is true or false