9.1.6 Practice Questions Flashcards

1
Q

Question 1.
The computer incident response team (CIRT) has informed the executives of a large financial institution of unusual network activity, indicating a potential breach.
Which phase of the incident response lifecycle involves investigating the reported unusual network activity to determine whether a genuine security incident has occurred and assessing the severity of the situation?

answer
Preparation
Analysis
Containment
Eradication

A

Correct Answer:
Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question 2.
What is the primary goal of the containment phase of cybersecurity incident management during an incident response lifecycle? (Select two.)

answer
Notify stakeholders and identify other reporting requirements.

Analyze the incident and responses to identify whether procedures or systems could be improved.

Limit the immediate impact of the incident while securing data and notifying stakeholders.

Remove all traces of the incident from affected systems.

Reintegrate the system into the business process it supports with the cause of the incident eradicated.

A

Correct Answer:
Notify stakeholders and identify other reporting requirements.

Correct Answer:
Limit the immediate impact of the incident while securing data and notifying stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question 3.
What is the BEST definition of a security incident?

answer
Compromise of the CIA
Violation of a security policy
Criminal activity
Interruption of productivity

A

Correct Answer:
Violation of a security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question 4.
The leader of the cybersecurity team for a major e-commerce company recently encountered a major data breach that led to the exposure of customer payment details. The team has now contained the breach and is moving toward the final phase of the incident response cycle.
What is the team’s primary objective in this phase?

answer
Restore the affected system to a secure state

Eradicate the cause of the incident

Analyze the incident and improve procedures or systems

Identify stakeholders and reporting requirements

A

Correct Answer:
Analyze the incident and improve procedures or systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question 5.
An organization’s computer incident response team (CIRT) receives an alert that shows possible malicious activity on a critical server within the network, and they initiate the CompTIA incident response process.
The team follows the incident response lifecycle to address the situation, which involves several key steps.
What order must the CIRT follow when performing the CompTIA incident response process?

answer
Preparation, analysis, isolation, containment, recovery

Detection, analysis, containment, eradication, recovery

Isolation, analysis, restoration, eradication,
improvement

Detection, analysis, eradication, restoration, improvement

A

Correct Answer:
Detection, analysis, containment, eradication, recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question 6.
You would like to enhance your incident-response process and automate as much of it as possible.
Which of the following elements would you need to include? (Select two.)

answer
Quarantining
Playbooks
Whitelisting
Runbooks
Blacklisting

A

Correct Answer:
Playbooks

Correct Answer:
Runbooks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question 7.
You have detected and identified a security event. What is the first step you should complete?

answer
Playbook
Segmentation
Containment
Isolation

A

Correct Answer:
Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question 8.
You need to limit a compromised application from causing harm to other assets in your network.
Which strategy should you employ?

answer
Segmentation
Isolation
Containment
SOAR

A

Correct Answer:
Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question 9.
You need to limit the impact of a security breach for a particular file server with sensitive company data.
Which strategy would you employ?

answer
Isolation
Containment
Segmentation
SOAR

A

Correct Answer:
Segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Question 10.
As a security analyst, you are looking for a platform to compile all your security data generated by different endpoints.
Which tool would you use?

answer
SOAR
GDPR
MDM
MAM

A

Correct Answer:
SOAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly