Close
What is the first step in deciding how to respond to a computer attack?
What's the second step once the occurrence of an incident has been determined?
Types of investigations
This type of investigation examines issues related to the organization's computing infrastructure and primary goal is to resolve operational issues
This type of investigation is typically conducted by law enforcement personnel to look into alleged legal violations
This type of investigation typically involves internal employees and outside consultants working on behalf of a legal team to prepare evidence necessary to resolve a dispute between two parties
This type of investigation is performed by government agencies when they believe administrative law has been violated
This investigation has the loosest standards for collection of information
Evidence that demonstrates the outcome of the case is more likely than not, also called preponderance of the evidence standard, is good enough for which kind of investigation
What are the 9 steps in the Electronic Discovery (eDiscovery) Reference Model that describes a standard process for conducting eDiscovery
What is media analysis
Why is it difficult to reconstruct activities that took place over a network for forensic analysis?
Major categories of computer crime
Primary focus of business attacks
Primary focus of financial attacks
What are advanced persistent threats?
What are military and intelligence attacks?
What is an incident?
List the general categories of incidents
What are scanning attacks?
How might scanning attacks be identified?
What is a system compromise?
How can system compromises be detected?
How to detect a malicious code incident?
How to detect DoS incidents?
What are the primary responsibilities of a computer incident response team (CIRTs)?
Steps in the incident response process
Tools to monitor for events potentially pointing to security incidents
What source of data to gather or confiscate when gathering evidence
