Chapter 13: Incident Response Procedures — CompTIA A+ Cyber Companion

📖 Key Topics Covered

▸ Incident Response
▸ Incident Response Overview
▸ The Incident Response Lifecycle (NIST SP 800-61)
▸ KEY ACTIONS
▸ Build IR capability
▸ Identify and validate
▸ Eradication &
▸ Conduct lessons‐learned review, update IR
▸ Incident Severity Classification
▸ Active ransomware, data
▸ High (P2)
▸ Confirmed compromise with
▸ Within 1 hour
▸ Suspicious activity requiring
▸ Within 4

🔑 Key Terms

Incidents RAM (running processes, network connections)

See the full definitions in the Glossary and test yourself with Flashcards.

Assessment Tips

💡 Assessment Tip

Know the four NIST IR phases in order: Preparation → Detection & Analysis → Containment, Eradication & Recovery → Post‐Incident Activity. Also know the order of volatility for evidence collection—start with the most volatile (RAM, running processes)

← Chapter 12 All Chapters Chapter 14 →