A CSIRT has completed restoration procedures related to a breach of sensitive data is creating documentation used to improve the organization's security posture. The team has been specifically tasked to address logical controls in their suggestions. Which of the following would be MOST beneficial to include in lessons learned documentation? (Choose two.)
A) A list of policies, which should be revised to provide better clarity to employees regarding acceptable use
B) Recommendations relating to improved log correlation and alerting tools
C) Data from the organization's IDS/IPS tools, which show the timeline of the breach and the activities executed by the attacker
D) A list of potential improvements to the organization's NAC capabilities, which would improve AAA within the environment
E) A summary of the activities performed during each phase of the incident response activity
F) A list of topics that should be added to the organization's security awareness training program based on weaknesses exploited during the attack
Correct Answer:
Verified
Q783: A user needs to send sensitive information
Q784: A software developer is concerned about DLL
Q785: When attackers use a compromised host as
Q786: A stock trading company had the budget
Q787: As part of a new BYOD rollout,
Q789: A company is allowing a BYOD policy
Q790: The Chief Information Security Officer (CISO) is
Q791: An in-house penetration tester has been asked
Q792: A Chief Information Security Officer (CISO) has
Q793: Upon entering an incorrect password, the logon
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents