Bash, the Crucial Exams Chat Bot
AI Bot
Incident Response Essentials Flashcards
CompTIA SecurityX CAS-005 (V5) Flashcards
| Front | Back |
| Crucial role of the Incident Commander? | Coordinate all response activities and make final decisions |
| Focus of the Recovery phase? | Restore systems to normal operations and validate that the threat is removed |
| Goal of the Lessons Learned phase? | Analyze the incident to improve future response and strengthen security posture |
| Key action in the Containment phase? | Limit the scope and impact of the incident through isolation and control |
| Key best practice for password handling during incident response? | Enforce password resets for compromised accounts and use strong credential policies |
| Main objective during the Identification phase? | Determine whether an incident has occurred and classify its nature |
| Phases of Incident Response? | Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned |
| Primary goal of the Preparation phase? | Establish and maintain policies, communication plans, and team readiness |
| Purpose of the Eradication phase? | Remove the threat, malware, or adversary activity from the environment |
| Role of the Forensic Analyst? | Gather evidence and analyze compromised systems for legal and technical insight |
| When should communication plans be tested? | Regularly during drills and tabletop exercises |
| Why is documentation important? | "It helps track actions taken, evidence collected, and lessons learned" |
Focus on the core phases of incident response, crucial roles, and execution of best practices to effectively mitigate cyber threats.