Which of the following best describes the purpose of the detection and investigation portion of the incident response plan?
A. To describe the steps that need to be taken to prevent the incident from spreading
B. To establish processes and knowledge base to accurately detect and assess precursors and indicators
C. To describe incident declaration and notification
D. To describe the steps to eliminate the components of the incident
Answer: B
Explanation: The detection and investigation portion of the incident response plan includes the processes and knowledge base to accurately detect and assess precursors and indications of an incident.
You might also like to view...
Directory’s method GetDirectories returns:
a) a string of all the names of sibling directories b) an array of strings of all the names of sibling directories c) a string of all the names of subdirectories d) an array of strings of all the names of subdirectories
Which of the following statements are true?
a. Multiple constructors can be defined in a class. b. Constructors do not have a return type, not even void. c. Constructors must have the same name as the class itself. d. Constructors are invoked using the new operator when an object is created.
Each image placeholder created by the Web browser displays the image's alternate text until the image itself is rendered.
Answer the following statement true (T) or false (F)
If the probability that a normal object is classified as an anomaly is 0.01 and the probability that an anomalous object is classified as anomalous is 0.99, then what is the false alarm rate and detection rate if 99% of the objects are normal? (Use the definitions given below.)
