9.1.6 Practice Questions Flashcards
Question 1.
The computer incident response team (CIRT) has informed the executives of a large financial institution of unusual network activity, indicating a potential breach.
Which phase of the incident response lifecycle involves investigating the reported unusual network activity to determine whether a genuine security incident has occurred and assessing the severity of the situation?
answer
Preparation
Analysis
Containment
Eradication
Correct Answer:
Analysis
Question 2.
What is the primary goal of the containment phase of cybersecurity incident management during an incident response lifecycle? (Select two.)
answer
Notify stakeholders and identify other reporting requirements.
Analyze the incident and responses to identify whether procedures or systems could be improved.
Limit the immediate impact of the incident while securing data and notifying stakeholders.
Remove all traces of the incident from affected systems.
Reintegrate the system into the business process it supports with the cause of the incident eradicated.
Correct Answer:
Notify stakeholders and identify other reporting requirements.
Correct Answer:
Limit the immediate impact of the incident while securing data and notifying stakeholders.
Question 3.
What is the BEST definition of a security incident?
answer
Compromise of the CIA
Violation of a security policy
Criminal activity
Interruption of productivity
Correct Answer:
Violation of a security policy
Question 4.
The leader of the cybersecurity team for a major e-commerce company recently encountered a major data breach that led to the exposure of customer payment details. The team has now contained the breach and is moving toward the final phase of the incident response cycle.
What is the team’s primary objective in this phase?
answer
Restore the affected system to a secure state
Eradicate the cause of the incident
Analyze the incident and improve procedures or systems
Identify stakeholders and reporting requirements
Correct Answer:
Analyze the incident and improve procedures or systems
Question 5.
An organization’s computer incident response team (CIRT) receives an alert that shows possible malicious activity on a critical server within the network, and they initiate the CompTIA incident response process.
The team follows the incident response lifecycle to address the situation, which involves several key steps.
What order must the CIRT follow when performing the CompTIA incident response process?
answer
Preparation, analysis, isolation, containment, recovery
Detection, analysis, containment, eradication, recovery
Isolation, analysis, restoration, eradication,
improvement
Detection, analysis, eradication, restoration, improvement
Correct Answer:
Detection, analysis, containment, eradication, recovery
Question 6.
You would like to enhance your incident-response process and automate as much of it as possible.
Which of the following elements would you need to include? (Select two.)
answer
Quarantining
Playbooks
Whitelisting
Runbooks
Blacklisting
Correct Answer:
Playbooks
Correct Answer:
Runbooks
Question 7.
You have detected and identified a security event. What is the first step you should complete?
answer
Playbook
Segmentation
Containment
Isolation
Correct Answer:
Containment
Question 8.
You need to limit a compromised application from causing harm to other assets in your network.
Which strategy should you employ?
answer
Segmentation
Isolation
Containment
SOAR
Correct Answer:
Isolation
Question 9.
You need to limit the impact of a security breach for a particular file server with sensitive company data.
Which strategy would you employ?
answer
Isolation
Containment
Segmentation
SOAR
Correct Answer:
Segmentation
Question 10.
As a security analyst, you are looking for a platform to compile all your security data generated by different endpoints.
Which tool would you use?
answer
SOAR
GDPR
MDM
MAM
Correct Answer:
SOAR
