28.4.13 Lab - Incident Handling
28.4.13 Lab - Incident Handling
Objectives
Apply your knowledge of security incident handling procedures to formulate questions about given incident
scenarios.
Background / Scenario
Computer security incident response has become a vital part of any organization. The process for handling a
security incident can be complicated and involve many different groups. An organization must have standards
for responding to incidents in the form of policies, procedures, and checklists. To properly respond to a
security incident, the security analyst must be trained to understand what to do and must also follow all of the
guidelines outlined by the organization. There are many resources available to help organizations create and
maintain a computer incident response handling policy. The NIST Special Publication 800-61r2 is specifically
cited in the Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) exam topics.
Instructions
2018 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 3 www.netacad.com
Lab - Incident Handling
2018 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 3 www.netacad.com
Lab - Incident Handling
inside of company network made a request for an immediate shell onto our production server as far
as we can tell.
Type your answers here.
Containment, Eradication, and Recovery: The incident team should have already started doing the
reconnaissance. They’d have had someone in place to take pictures of the broken glass, track signals
on the ground, and keep an eye out for accelerometers. They would have been gathering information
before they received the call, name of the staff member who saw the incident happen, background
information about that staff member, and a discussion about the situation prior to when it happened.
The goal of an incident response team is to provide an incident response solution to the organization.
In this case, it would be much easier for them if they had an extra set of eyes looking at the problem
every day, but there simply isn’t enough money to outsource full-time staffing responsibilities this
way.
Type your answers here.
Post-Incident Activity: Incident handling is a proactive security measure designed to minimize the
damage caused by an attack, while also allowing you to learn from the incident. Learn how incident
handling can help your organization become more secure.
End of document6
2018 - 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 3 www.netacad.com