Answer:
1) When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise,The first thing you should do is to perform a review of every security and service account in the system and all of the connected systems because what you are looking for accounts that shouldnt be in the system
2) When an antivirus program identifies a virus and quarantines this file, The virus and any other malicious malware/software is eradicated from the system at that particular time.
3) SANS Institute’s six-step incident handling process are: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
4) the risk of starting to contain an incident prior to completing the identification process is very little if any.
5) it is a good idea to have a security policy that defines the incident response process in your organization because the Incident response team is responsible for receiving, reviewing, and responding to computer security incident reports.
6) The post-mortem, lessons learned step is the last in the incident response process are;
- There should be a scheduled follow-up meeting to discuss the incident and make recommendations to improve the incident handling plan.
This is the most important step in the process because it helps to prevent future occurrences of the incident that have happened before.
Explanation:
