08. Exercise: Incident Response Life Cycle
Exercise: Incident Response Life Cycle
Reflect
QUESTION:
You just received an alert that a critical server on your network is receiving traffic from various IP addresses and no longer has the capacity to handle the number of requests coming through – they are almost ten times the amount of normal traffic. What kind of attack is this and what are steps that can be taken during the preparation phase to prepare for this kind of incident?
ANSWER:
This is a Distributed Denial of Service Attack. A few example steps that can be taken to in preparation include:
- Monitor networks for unusual activity daily
- Document your infrastructure
- Establish an inventory of your critical assets and processes
- Test DDoS response plan
- Implement an incident response policy that all employees must read
- Implement a security strategy
Incident Response Lifecycle
QUIZ QUESTION::
You just received an alert that a critical server on your network is receiving traffic from various IP addresses and no longer has the capacity to handle the number of requests coming through – they are almost ten times the amount of normal traffic. Which actions relate to each phase of the incident response lifecycle?
ANSWER CHOICES:
|
Lifecycle phase |
Activity |
|---|---|
Preparation |
|
Detection and Analysis |
|
Containment, Eradication, and Recovery |
|
Post-Incident Activity |
SOLUTION:
|
Lifecycle phase |
Activity |
|---|---|
|
Post-Incident Activity |
|
|
Containment, Eradication, and Recovery |
|
|
Preparation |
|
|
Detection and Analysis |