Computer security Question:
Download Questions PDF

Intrusion Detection and Recovery questions

Answer:

* Assume this scenario: The network security staff at the Computer Center just informed me that a computer in our department is infected with the ReallyBig virus. It is disrupting network performance, sending out thousands of infected emails, and serving first run movies to pirate worldwide.

o What do we do immediately? Would we remove the compromised system from the network?
o What sort of investigation would we carry out to determine the nature of the attack, and what vulnerability was exploited, and what data may have been compromised?
o How would you restore this computer to normal operation? .. Do you intend to disinfect it, or format the hard drive and reinstall operating system and software (perhaps from “ghost” image)?

* Do we regularly monitor event logs on servers, other computers, and firewalls to look for patterns of attack? Are the logs available after an attack?

Download Computer security Interview Questions And Answers PDF

Previous QuestionNext Question
Wireless Security questionsCurrent Awareness of Security Issues questions