Recommends Incident Response Solutions: The learner recommends solutions to resp
Recommends Incident Response Solutions: The learner recommends solutions to respond to a detected cybersecurity incident.
Introduction: Throughout your career in security operations, you will be asked to investigate incidents and recommend responses to those incidents. You will need to analyze logs when investigating affected hardware, diagnose an attack and its impact, and recommend next steps in an incident response report.
In this task, you are given the attached “Background Information” reference document containing a security operations scenario and associated helpdesk ticket artifacts. You will access a virtual lab environment to investigate and interact with the affected hardware discussed in the “Background Information” document. Additional details for interacting with the virtual lab environment, including the use of its available tools and the screenshot evidence document, can be found in the attached “Virtual Lab Supplementary Instructions” document. Next, you will create an incident response report using the attached “Incident Reporting Template” document to identify the steps taken in detecting, investigating, and remediating the issues within the virtual lab and to recommend next steps.
Your submission will include both your completed incident response report and a screenshot evidence document generated by the virtual lab environment.
SCENARIO: Refer to the scenario and artifacts in the attached “Background Information” document. Additionally, details for interacting with the virtual lab environment can be found in the attached “Virtual Lab Supplementary Instructions” document.
REQUIREMENTS: Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
Note: Additional information can be found in the attached “Virtual Lab Supplementary Instructions” supporting document.
A. Using the attached “Incident Reporting Template” supporting document, provide the details of the incident from the attached “Background Information” document by identifying the following:
incident numbers
incident dates
report author (i.e., WGU student ID)
report date
summary of the incident
impacted system
primary function of the impacted system
impacted users
incident timeline
functional impact classification
incident priority classification
incident type classification
B. Using the “Incident Reporting Template” supporting document, provide the details of the impacted system by identifying the following:
hostname
IP address
operating system
C. Using the “Incident Reporting Template” supporting document, determine the details of the malicious traffic by identifying the following:
destination port
additional notes and observations gained from the malicious traffic search metadata
Note: The additional notes and observations should include details relevant to the stakeholders at the fictional organization.
D. Using the “Incident Reporting Template” supporting document, summarize the incident remediation process by identifying the following points:
actions taken to restore impacted system functionality
actions taken to restore network security
additional notes and observations relevant to the summary
Note: The additional notes and observations should include details relevant to the stakeholders at the fictional organization.
E. Using the “Incident Reporting Template” supporting document, recommend 2–4 planned relevant actions to prevent similar incidents from occurring in the future. For each planned action, identify the following:
which negative impact from the incident is addressed
how that action will prevent reoccurrence of the negative impact
F. Provide the screenshot evidence document, in .docx format, generated by the virtual lab. For each of the five challenge questions, both the information requested by that challenge question and the unaltered watermark displaying the student ID must be clearly visible in the screenshot.
G. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
H. Demonstrate professional communication in the content and presentation of your submission.
File Restrictions
File name may contain only letters, numbers, spaces, and these symbols: ! – _ . * ‘ ( )
File size limit: 200 MB
File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, csv, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z
Rubric :
INCIDENT DETAILS: COMPETENT,The submission accurately identifies the details of the incident by addressing each of the 12 given points related to the “Background Information” document, and the response is recorded in Section A of the “Incident Reporting Template.”
DETECT: COMPETENT,The submission accurately identifies the details of the impacted system by addressing each of the 3 given points related to the Detect phase, and the response is recorded in Section B of the “Incident Reporting Template.”
INVESTIGATE: COMPETENT, The submission accurately determines the details of the malicious traffic by identifying each of the 2 given points related to the Investigate phase, and the response is recorded in Section C of the “Incident Reporting Template.”
REMEDIATE: COMPETENT, The submission accurately summarizes the incident remediation process by identifying each of the 3 given points related to the Remediate phase, and the response is recorded in Section D of the “Incident Reporting Template.”
LESSONS LEARNED: COMPETENT, The submission recommends 2–4 planned relevant actions to prevent similar incidents from occurring in the future, the 2 points are accurately addressed for each planned action, and the response is recorded in Section E of the “Incident Reporting Template.”
SCREENSHOT EVIDENCE DOCUMENT: COMPETENT, The submission accurately provides the screenshot evidence document, in .docx format, generated by the virtual lab. For each of the 5 challenge questions, both the requested information and unaltered watermark are clearly visible in the associated screenshot, and the student ID is accurate.
SOURCE: COMPETENT, The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available.
PROFESSIONAL COMMUNICATION: COMPETENT, Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.
Note: disregard the computing Languge. You might need a virtual lab, let me know if you can not get a work around for the virtual lab.