two part lab assessment, computer science homework help

Use the questions with the answers

Overview In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, retest the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG AntiVirus Business Edition to scan the infected workstation and documented your findings as you proceeded. Lab Assessment Questions & Answers

1. When you are notified that a user’s workstation or system is acting strange and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?

2. When an antivirus program identifies a virus and quarantines this file, has the malware been eradicated?

3. What is the SANS Institute’s six-step incident handling process?

4. What is the risk of starting to contain an incident prior to completing the identification process?

5. Why is it a good idea to have a security policy that defines the incident response process in your organization?

6. The post-mortem “lessons learned” step is the last in the incident response process. Why is this the most important step in the process?

In this lab, you configured Snort, an open source intrusion prevention and detection system, on the TargetSnort virtual machine, and the Web-based IDS monitoring tool called Snorby. You also used the OpenVAS scanning tool to scan the TargetSnort virtual machine to test the Snort configuration and see exactly what circumstances trigger an IDS alert.

1. What is the difference between an IDS and an IPS?

2. Why is it important to perform a network traffic baseline definition analysis?

3. Why is a port scan detected from the same IP on a subnet an alarming alert to receive from your IDS?

4. If the Snort IDS captures the IP packets off the LAN segment for examination, is this an example of promiscuous mode operation? Are these packets saved or logged?

5. What is the difference between a host-based IDS and a network-based IDS?

6. How can you block attackers, who are performing reconnaissance and probing, with Nmap and OpenVAS port scanning and vulnerability assessment scanning tools?

7. Why is it a good idea to have host-based intrusion detection systems enabled on critical servers and workstations?

8. Where should you implement intrusion prevention systems in your IT infrastructure?

"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.

Discount Code: CIPD30

Click ORDER NOW..

two part lab assessment, computer science homework help

"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.

Discount Code: CIPD30

Click ORDER NOW..

Skilled CIPD Assignment Tutors Saudi Arabia

Best CIPD Assignment Writing Services In The UK

Custom Assignment Writing

PAYMENT METHOD

CONTACT US

Disclaimer