site_logo

previous next

Appropriate Risk Mitigation Strategies,Incident Response Procedures,Security Related Awareness Training

2.2 Carry out appropriate risk mitigation strategies

  • Change management refers to a methodology for making modifications and keeping track of those changes. In some instances, changes to network or system configurations are made haphazardly to alleviate a pressing problem. Without proper documentation, a future change may negate or diminish a previous change or even unknowingly create a security vulnerability. Change management seeks to approach changes systematically and provide the necessary documentation of the changes.

  • Incident management can be defined as the "framework" and functions required to enable incident response and incident handling within an organization. The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the users

  • Routine system audits will check for user rights and permissions as well as analyze log files, for example, the Security log in Windows. The development and implementation of the security policy that enabled the security log should have been done long before actual auditing takes place.

2.3 Execute appropriate incident response procedures

Order Of Volatility : The sequence of volatile data that must be preserved in a computer forensics investigation

  • Register, cache

  • routing table, AP cache, process table, kernel statistics, memory

  • Temporary file system

  • Disk

  • Remote logging and monitoring data that is relevant to system

  • Physical configuration, network topology

  • Archival media

Capture system Image : Forensic imagining program is used to create bit stream image copy of a storage device. The image copy will be stored onto a forensically clean storage device. Hash calculation of original media is performed before and after image coping is performed

Network traffic and logs : In some network environments it may be possible to maintain an ongoing recording of network traffic. Since this would result in huge storage requirement these recording will only maintain a sliding window in minutes or hours of recent network activity

Capture Video : If there are security cameras present then recording of security violation should be preserved. Another is video recording of investigation being performed to collect physical and logical evidences. Theses can be used for later reviews.

Chain of custody : The chain of custody documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. A chain of custody includes documenting all of the serial numbers of the systems involved, who handled and had custody of the systems and for what length of time, how the computer was shipped, and any other steps in the process.

2.4 Explain the importance of security related awareness and training

Given below are some of the widely known password guessing methods:

  • Dictionary: this is the method in which dictionary terms are used for guessing a password

  • Birthday: It takes advantage of probabilities, much like two people in a 50-person room shared the same birthday. With every person, the chances of two people having the same birth date increases. In the same way, when you start guessing the password, the chances of a hit keep increasing.

  • Brute force: In a Brute Force attack, muscle (in this case, CPU and/or network muscle) is applied to break through a particular security mechanism, rather than using particular intelligence or logic. "Brute force" is most commonly applied to password guessing, taking advantage of computer power available to an attacker, to try every possible password value, until the right one is found. In cryptography, a brute-force attack is an attempt to recover a cryptographic key or password by trying every possible combination until the correct one is found. How quickly this can be done depends on the size of the key, and the computing resources applied.

  • Rainbow tables: Rainbow tables are huge lists of keys or passwords. A password-guessing program uses these lists of keys or passwords rather than generating each key or password itself.

previous next


  1. A+ Core 1 Exam Sim
  2. A+ Core 2 Exam Sim
  3. Network+ Exam Sim
  4. Security+ Exam Sim
  5. Server+ Exam Sim


simulationexams.com ad


certexams.com ad

Disclaimer:TutorialsWeb.com is neither associated nor affiliated with CompTIA® or any other company. A+, Network+, Security+, Server+ are trademarks of CompTIA® organization and duly acknowledged. The Cram Notes material is a copyright of TutorialsWeb.com and the same is not approved or endorsed by respective certifying bodies.