CompTIA Security+ SY0-601 Exam Cram, 6th Edition

Chapter 28 Incident Investigation

This chapter covers the following official Security+ exam objective:

▶ 4.3 Given an incident, utilize appropriate data sources to support an investigation.

Essential Terms and Components

▶ SIEM dashboard
▶ log file
▶ syslog
▶ journalctl
▶ nxlog
▶ bandwidth monitoring
▶ metadata
▶ NetFlow/sFlow

Suspected incidents or indicators require analysis and validation. When the response team has determined that an incident has occurred, the next step is to take a comprehensive look at the incident activity to determine its scope. A proper determination of the scope of the incident helps the team prioritize potential needs for deeper analysis, as well as the next step in the process for containment. To help with ...

Get CompTIA Security+ SY0-601 Exam Cram, 6th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA Security+ SY0-601 Exam Cram, 6th Edition by Diane Barrett, Martin M. Weiss

Chapter 28

Incident Investigation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly