Incident Response Essentials Flashcards
CompTIA SecurityX CAS-005 (V5) Flashcards
| Front | Back |
| Crucial role of the Incident Commander? | Coordinate all response activities and make final decisions |
| Focus of the Recovery phase? | Restore systems to normal operations and validate that the threat is removed |
| Goal of the Lessons Learned phase? | Analyze the incident to improve future response and strengthen security posture |
| Key action in the Containment phase? | Limit the scope and impact of the incident through isolation and control |
| Key best practice for password handling during incident response? | Enforce password resets for compromised accounts and use strong credential policies |
| Main objective during the Identification phase? | Determine whether an incident has occurred and classify its nature |
| Phases of Incident Response? | Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned |
| Primary goal of the Preparation phase? | Establish and maintain policies, communication plans, and team readiness |
| Purpose of the Eradication phase? | Remove the threat, malware, or adversary activity from the environment |
| Role of the Forensic Analyst? | Gather evidence and analyze compromised systems for legal and technical insight |
| When should communication plans be tested? | Regularly during drills and tabletop exercises |
| Why is documentation important? | "It helps track actions taken, evidence collected, and lessons learned" |
About the Flashcards
Flashcards for the CompTIA SecurityX exam help students review core incident response terminology, concepts, and phase objectives. The deck summarizes the standard phases-Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned-and highlights the main goals and actions associated with each stage to support quick recall under exam conditions.
Cards also cover operational roles and practical procedures, including the Incident Commander's coordination, forensic analyst evidence collection, documentation best practices, communication plans, and routine drills. Concise prompts on password handling, testing communication plans, and validating system restoration reinforce procedural memory for exam-style questions and real-world response tasks.
Topics covered in this flashcard deck:
- Incident response phases
- Roles and responsibilities
- Containment and eradication
- Recovery and validation
- Documentation and forensics
- Communication and drills