SY0-401 CompTIA Security+ Certification Practice Exam – 01, Attend this SY0-401 CompTIA Security+ Certification Practice Exam – 01 will get a Good Score 80% on Main Exam.
In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?
After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?
Implementing policies to prevent data loss
User rights and permissions review
A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?
Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.
Format the storage and reinstall both the OS and the data from the most current backup.
Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Choose two.)
Begin the chain of custody paperwork
Take screen shots
Capture the system image
Decompile suspicious files
Which of the following is the LEAST volatile when performing incident response procedures?