Exam (elaborations)
Cyber Defense and Countermeasures (CIH) Questions and Answers Latest Updated 2024
- Course
- Institution
Cyber Defense and Countermeasures (CIH)
[Show more]
Content preview
Cyber Defense and Countermeasures(CIH)
Promiscuous Policy - answer A security policy that doesn't keep any restrictions on the
usage of system resources
Computer Incident Types - answer Malicious Code Attacks
Fraud & Theft
Unauthorized Access
Detecting and Assessing Incidents - answer The most challenging and essential parts of
the incident response process
Risk - answerThe probability of a threat agent exploiting a vulnerability and the
associated impact
Risk Assessment - answerA method of identifying vulnerabilities and threats as well as
assessing the possible impacts to determine where to implement security controls
Stages of the Incident Handling Process - answer* Preparation for Incident Handling
and Response
* Recording & Assignment
* Triage
* Notification
* Containment
* Evidence Gathering and Forensics
* Eradication
* Recovery
* Post-Incident Activities
Forensic Analysis - answerThe process of analyzing and reviewing the data gathered
from computer systems such as log files, system files, wen history files, emails and
installed applications
,Step 1: Preparation for Incident Handling and Response - answerIncludes performing
audit of the resources and assets, building/training the incident response team, and
gathering required tools
Step 2: Incident Recording and Assignment - answerIn this phase the initial
identification, reporting and recording takes place
Step 3: Incident Triage - answerIn this phase, the incident will be analyzed and
validated
Categorization and prioritization of Incidents occurs in this phase
Step 4: Notification - answerIn this phase the incident information will be informed to
various stakeholders, including management, third-party vendors, and clients
Step 5: Containment - answerIn this phase the spread of the incident is stopped
Step 6: Evidence Gathering and Forensic Analysis - answerIn this phase the IH&R team
will accumulate all possible evidence
Analysis of the incident occurs during this phase
Step 7: Eradication - answerIn this phase, the IH&R team will remove or eliminate the
root cause of the incident and close any attack vectors
Step 8: Recovery - answerIn this phase, the IH&R team will restore the affected
systems, services, and resources
Step 9: Post-Incident Activities - answerIn this phase the following activities are
performed:
* Incident Documentation
* Incident Impact Assessment
* Review and Revise Policies
* Close the Investigation
* Incident Disclosure
Techniques Used in the Containment Phase - answer▪ Disabling of Specific System
Services
▪ Changing of Passwords and Disabling Account
▪ Complete Backups of the Infected System
▪ Temporary Shutdown of the Compromised System
, ▪ System Restoration
▪ Maintaining a Low Profile
Phases of the Computer Forensics Investigation Process - answerPre-Investigation
Phase: Setup lab, build the team, assess risk
Investigation Phase: First response, Search/Seizure, collect/secure evidence, Data
Analysis
Post-Investigation Phase: Evidence Assessment, Documenting/Reporting, and
Testifying
Forensic Readiness - answer* Refers to an organization's ability to make optimal use of
digital evidence in a limited period of time and with minimal investigation costs.
* Enables an organization to collect and preserve digital evidence quickly and efficiently
with minimal investigation costs
* Consists of technical and non-technical actions
Objectives of Computer Forensics - answer* To track and prosecute perpetrators of a
cyber crime
* To gather evidence of cyber crimes in a forensically sound manner
* To estimate the potential impact of a malicious activity on the victim and assess the
intent of the perpetrator
* To find vulnerabilities and security loopholes that help attackers
* To recover deleted files, hidden files, and temporary data that could be used as
evidence
First Responder Common Mistakes - answer* Shutting down/rebooting victim's
computer
* Assuming some of the victim's PC components are reliable and usable
* Not having access to baseline documentation
* Not documenting the data collection process
Digital Evidence - answerAny information of probative value that is either stored or
transmitted in a digital form.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80796 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now