An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosing the incident to external entities should be based on:
An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used. Which of the following commands should the analyst use?
A critical server was compromised by malware, and all functionality was lost. Backups of this server were taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly?
During an investigation, an analyst discovers the following rule in an executive's email client:
IF * TO
SELECT FROM 'sent' THEN DELETE FROM
The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
As part of an organization's information security governance process, a Chief Information Security Officer
(CISO) is working with the compliance officer to update policies to include statements related to new
regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are
appropriately aware of changes to the policies?