Monitoring and incident response

Area 2: Security, Confidentiality, and Privacy (35-45%)

Your Progress

0 of 100 questions attempted

Topics

  • Security monitoring and SIEM
  • Incident response planning and execution
  • Digital forensics fundamentals

Lessons

Study Frameworks

Incident Response Lifecycle

NIST SP 800-61 Incident Response
Preparation
Establish IR team, policies, tools, and communication plans
Conduct tabletop exercises and simulations
Identification
Detect and confirm the incident
Classify severity and scope
Activate IR team and begin documentation
Containment
Short-term: isolate affected systems immediately
Long-term: apply temporary fixes, preserve evidence
Eradication
Remove root cause (malware, compromised accounts)
Patch vulnerabilities that were exploited
Recovery
Restore systems from clean backups
Verify system integrity before returning to production
Monitor for signs of recurrence
Lessons Learned
Post-incident review within 1-2 weeks
Document findings and update IR plan
Improve controls to prevent recurrence
PICERLPreparation, Identification, Containment, Eradication, Recovery, Lessons Learned

The six phases of incident response per NIST SP 800-61. Memory aid: 'Please Identify, Contain, Eradicate, Recover, Learn.'

Practice These Topics(100 questions)