Resilience & Physical Security
This type of power device keeps systems running briefly during an outage and protects against power fluctuations.
What is an uninterruptible power supply (UPS)?
This type of scan identifies known vulnerabilities and misconfigurations without actively exploiting them
What is a vulnerability scan?
This record documents who had possession of evidence, when, and for what purpose.
What is the chain of custody?
This physical control uses two interlocking doors to prevent tailgating into secure areas
What is a mantrap?
This security testing method uses authorized simulated attacks to exploit weaknesses in systems or networks.
What is penetration testing?
This phase of incident response focuses on stopping the attacker’s activity and limiting further damage.
What is containment?
This backup type copies only data that has changed since the last full backup and marks each file as backed up.
What is an incremental backup?
This document defines the scope, limitations, and authorized methods before a penetration test begins.
What are rules of engagement?
This forensic process creates a bit-for-bit copy of a drive so the original evidence is not altered.
What is disk imaging?
This resilience strategy uses multiple servers or systems so that if one fails, others continue providing the service.
What is fault tolerance (or load balancing)?
This kind of vulnerability scan uses valid credentials to log into systems and provide deeper assessment results.
What is a credentialed scan?
This memory type should be collected first during live forensics because it is the most volatile
What is RAM (volatile memory)
This type of site is fully equipped and can take over operations almost immediately if the primary site fails.
What is a hot site?
This type of assessment compares an organization’s security controls to a standard such as NIST SP 800-53 or ISO 27001.
What is a compliance (or controls) assessment?
This final phase of the incident response process analyzes what happened and updates policies, playbooks, and controls.
What is the lessons-learned (or post-incident review) phase?