The virtual address space for a Windows process is the set of virtual memory addresses that can be used by the process. Each process has its own virtual address space that is isolated from other processes. The virtual address space is divided into regions that have different attributes, such as read-only, read-write, execute, and so on. The virtual address space is mapped to the physical memory by the operating system using a data structure called a page table. References:
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 4: Host-Based Analysis, Lesson 4.1: Windows Operating System
Virtual Address Space
Questions # 122:
What is an incident response plan?
Options:
A.
an organizational approach to events that could lead to asset loss or disruption of operations
B.
an organizational approach to security management to ensure a service lifecycle and continuous improvements
C.
an organizational approach to disaster recovery and timely restoration of operational services
D.
an organizational approach to system backup and data archiving aligned to regulations
An incident response plan is a document that defines the roles and responsibilities, procedures, and processes for detecting, analyzing, containing, eradicating, recovering, and learning from security incidents. The purpose of an incident response plan is to minimize the impact of incidents on the organization’s assets, operations, and reputation, and to restore normal operations as quickly as possible. An incident response plan is not the same as a security management plan, a disaster recovery plan, or a backup and archiving plan, although they may be related or complementary. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 92; NIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide, page 2-3
