Computer security Question:
Download Job Interview Questions and Answers PDF
Intrusion Detection and Recovery questions
Answer:
* Assume this scenario: The network security staff at the Computer Center just informed me that a computer in our department is infected with the ReallyBig virus. It is disrupting network performance, sending out thousands of infected emails, and serving first run movies to pirate worldwide.
o What do we do immediately? Would we remove the compromised system from the network?
o What sort of investigation would we carry out to determine the nature of the attack, and what vulnerability was exploited, and what data may have been compromised?
o How would you restore this computer to normal operation? .. Do you intend to disinfect it, or format the hard drive and reinstall operating system and software (perhaps from “ghost” image)?
* Do we regularly monitor event logs on servers, other computers, and firewalls to look for patterns of attack? Are the logs available after an attack?
o What do we do immediately? Would we remove the compromised system from the network?
o What sort of investigation would we carry out to determine the nature of the attack, and what vulnerability was exploited, and what data may have been compromised?
o How would you restore this computer to normal operation? .. Do you intend to disinfect it, or format the hard drive and reinstall operating system and software (perhaps from “ghost” image)?
* Do we regularly monitor event logs on servers, other computers, and firewalls to look for patterns of attack? Are the logs available after an attack?
Download Computer security Interview Questions And Answers
PDF
Previous Question | Next Question |
Wireless Security questions | Current Awareness of Security Issues questions |