We're Open
+44 7340 9595 39
+44 20 3239 6980

When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is



When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?

ANSWER ALL OF THE FOLLOWING QUESTIONS:
PART 1:

1. When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?

2. When an anti-virus application identifies a virus and quarantines this file, does this mean the computer is eradicated of the virus and any malicious software?

3. Where would you check for processes and services enabled in the background of your Student VM workstation?

4. Where would log files typically be kept on most Linux systems?

5. What is the SANS Institute’s 6 step incident handling process?

6. What is the risk of starting to contain an incident prior to completing the identification process?

7. Why do you want to have the incident response handled by the security incident response team and not the IT organization?

8. Do you think it is a good idea to have a security policy defining incident response process in your organization?

9. Why should internal legal counsel be notified when a “Critical” security incident occurs?

10. The post-mortem, lessons learned step is the last in the incident response process. Why is this the most important step in the process?

PART 2:
1. What is the difference between an IDS or an IPS?

2. Why is it important to perform a network traffic baseline definition analysis?
3. Why is a port scan detected from the same IP on a subnet an alarming alert to receive from your IDS?

4. If the SNORT IDS captures the IP packets off the LAN segment for examination, is this an example of promiscuous mode operation? Are these packets saved or logged?

5. What is the difference between network –based IDS (Intrusion Detection System) and a host-based IDS systems?

6. What are some weaknesses of an IDS/IPS solution at an Internet ingress/egress point in the LAN-to-WAN Domain?

7. Why is it important to tune IDS (Intrusion Detection System)/IPS systems?

8. How can you prevent attackers performing reconnaissance and probing using Nmap and Nessus® port scanning and vulnerability assessment scanning tools?

9. Why is it a good idea to have host-based IDS’ (Intrusion Detection System) enabled on critical servers and workstations?

10. Where should you implement IPS’ in your IT infrastructure?


Price: £ 129

100% Plagiarism Free & Custom Written, Tailored to your instructions

Details

  • Title: When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?
  • Price: £ 129
  • Post Date: 2020-05-19T06:57:49+00:00
  • Category: Assignment Queries
  • No Plagiarism Guarantee
  • 100% Custom Written

Customer Reviews

Carl

I am not good at designing PowerPoint presentations so I took help from Insta Research. The format is cool and attractive. All the information is nicely placed and used. I am looking forward to presenting so that I could demonstrate my presentation and receive good comments. Thank you for help.

United Kingdom    2020-03-12

Mike

My order went 3 hours late and I also went mad. Then the customer support team calmed me down and offered me a flat discount of 50%. However, I did get my order and chilled out as the work was exactly what I requested. Next time I would place my order a bit sooner to save any trouble.

United Kingdom    2020-03-12

Write your Feedback

Your email address will not be published. Required fields are marked *