1answer.
Ask question
Login Signup
Ask question
All categories
  • English
  • Mathematics
  • Social Studies
  • Business
  • History
  • Health
  • Geography
  • Biology
  • Physics
  • Chemistry
  • Computers and Technology
  • Arts
  • World Languages
  • Spanish
  • French
  • German
  • Advanced Placement (AP)
  • SAT
  • Medicine
  • Law
  • Engineering
Volgvan
3 years ago
14

An organization's IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the

organization has installed crypto-currency mining software on the organization's web servers. Given the organization's stated priorities, which of the following would be the NEXT step?
a. Remove the affected servers from the network.
b. Review firewall and IDS logs to identify possible source IPs.
c. Identify and apply any missing operating system and software patches
d. Delete the malicious software and determine if the servers must be reimaged
Computers and Technology
1 answer:
djyliett [7]3 years ago
5 0

Answer:

a. Remove the affected servers from the network.

Explanation:

An organization's incident response process (IRP) can be defined as all of the process involved in the cleanup and recovery of data when they fall victim to an attack or cybersecurity breach. The incident response process comprises of six (6) important stages and these are;

1. Preparation.

2. Detection and analysis (identification).

3. Containment.

4. Eradication.

5. Recovery.

6. Review of incident activities.

When an organization's IRP prioritizes containment over eradication and an incident is discovered, where an attacker outside the organization installed a crypto-currency mining software on the organization's web servers. Given the organization's stated priorities, the cybersecurity engineer should remove the affected servers from the network.

A containment process is focused on taking steps to eliminate or contain the attack. It basically involves acting swiftly in response to the attack, so as to prevent it from spreading across board or in order to mitigate the damage already caused.

In this context, the cybersecurity engineer should remove the affected servers from the network in accordance with the organization's IRP priority (containment).

<em>Furthermore, he could take a step further to contain the attack by installing a firewall and updating their policies in the Intrusion Prevention System (IPS) of the organization. </em>

You might be interested in
The first step in the five-step process for problem solving is to ____.
DerKrebs [107]
Define  the problem..................
8 0
3 years ago
Read 2 more answers
Create a view named NHTrips. It consists of the trip ID, trip name, start location, distance, maximum group size, type, and seas
anzhelika [568]

Answer:

CREATE VIEW NHTrips AS

SELECT TripID,

TripName,

StartLocation,

Distance,

MaxGrpSize,

Type,

Season

FROM trip

WHERE State = 'NH';

Explanation:

A view is a user’s view or application program’s view of the database created for execution during a database operation such as those for displaying results, modification of record, updating and deletion of records. It is created by defining a SELECT query and then using a CREATE VIEW command.

syntax for creating view;

The view is created as follows,

Give a view name using the CREATE VIEW command and give optional field names followed by the query using the SELECT statement

I.e

CREATE VIEW viewname

[(column name1, column name2….)] AS Select statement

When the above query is executed, a view named NHTrips will created in the database.

7 0
3 years ago
You will be writing a password validator. The user will input a password and the program must check that it has: At least 8 char
Sidana [21]

Answer:

Ca$h_AlL_d23ay

Explanation:

Hope this is valid. lol

5 0
3 years ago
Suppose we have the list: list = [1,2,3,4,5,6]
mixer [17]
1, 2, 3, 10, 5, 6 is the answer
6 0
2 years ago
Identify characteristics of structured programming design. Choose all that apply.
Degger [83]

Answer:

The correct options are;

The code is easy to test and debug

It creates programs made of modules that can be called when needed

It uses logic flow

The code is easier to follow

The code is easier to modify

Explanation:

The approach of structural programming is one such that the problem is well understood and the solution is economical

Features of structural programming includes;

  • Error debugging are facilitated by structural programs and as such testing to debug
  • Structural program creates program modules that are reusable
  • Structural programs can be easily modified hence maintained
  • Structural program emphasizes on logic
  • The structural program code is easily read and understood, and therefore, it is easier to follow
8 0
3 years ago
Other questions:
  • Create a class named Person that holds the following fields: two String objects for the person’s first and last name and a Local
    5·2 answers
  • On the Picture Tools Layout tab, you can preview results of the numerous styles, borders, effects, and layouts by _______ comman
    7·2 answers
  • This type of website, supporting collaborative writing, is designed to allow visitors to use their browser to add, edit, or dele
    15·1 answer
  • What is the function of a header when writing HTML
    10·1 answer
  • Identify the key that would allow you to move to previous column in a row.
    11·1 answer
  • Write a Python function uniquely_sorted() that takes a list as a parameter, and returns the unique values in sorted order.
    15·1 answer
  • IoT is the interconnection of what?<br> Hardware<br> Networks<br> Everyday devices<br> Cables
    10·1 answer
  • . Explain and demonstrate the functionality of timer devices in an embedded system[
    9·1 answer
  • Which of the following is true of how packets are sent through the Internet?
    7·1 answer
  • You are building a system for a Housing Society, such as Bahria Town. You are supposed to design a very
    14·1 answer
Add answer
Login
Not registered? Fast signup
Signup
Login Signup
Ask question!