2 cissp ® Official Study Guide Eighth Edition


Know incident response steps



Download 19,3 Mb.
Pdf ko'rish
bet739/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   735   736   737   738   739   740   741   742   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Know incident response steps.
The CISSP Security Operations domain lists incident 
response steps as detection, response, mitigation, reporting, recovery, remediation, and 
lessons learned. After detecting and verifying an incident, the first response is to limit 
or contain the scope of the incident while protecting evidence. Based on governing 
laws, an organization may need to report an incident to official authorities, and if PII is 
affected, individuals need to be informed. The remediation and lessons learned stages 
include root cause analysis to determine the cause and recommend solutions to prevent a 
reoccurrence.
Know basic preventive measures.
Basic preventive measures can prevent many incidents 
from occurring. These include keeping systems up-to-date, removing or disabling unneeded 
protocols and services, using intrusion detection and prevention systems, using anti-malware 
software with up-to-date signatures, and enabling both host-based and network-based 
firewalls.
Know what denial-of-service (DoS) attacks are.
DoS attacks prevent a system from 
responding to legitimate requests for service. A common DoS attack is the SYN flood 
attack, which disrupts the TCP three-way handshake. Even though older attacks are not 
as common today because basic precautions block them, you may still be tested on them 
because many newer attacks are often variations on older methods. Smurf attacks employ 
an amplification network to send numerous response packets to a victim. Ping-of-death 
attacks send numerous oversized ping packets to the victim, causing the victim to freeze, 
crash, or reboot.
Understand botnets, botnet controllers, and bot herders.
Botnets represent significant 
threats due to the massive number of computers that can launch attacks, so it’s important 
to know what they are. A botnet is a collection of compromised computing devices (often 
called bots or zombies) organized in a network controlled by a criminal known as a bot 
herder. Bot herders use a command and control server to remotely control the zombies 
and often use the botnet to launch attacks on other systems, or to send spam or phishing 
emails. Bot herders also rent botnet access out to other criminals.

Exam Essentials 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   735   736   737   738   739   740   741   742   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish