Incident Response Flashcards

Mock Exam Revision

1
Q

The following refer to the containment, eradication, and recovery stage of the incident response process.

A
  1. Restoring normal operations.
  2. Eliminating the threat.
  3. Mitigating the impact of the incident.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

During the post-incident activity stage, this step involves analysing logs, forensics data, and other evidence to prevent incident reoccurrence.

A. Reporting
B. E-discovery
C. Root cause analysis
D. Threat hunting

A

Root Cause Analysis (RCA)

A structured method for identifying the underlying source of a problem (rather than its symptoms). In cybersecurity, it involves tracing incidents (e.g., breaches, outages) to systemic failures (e.g., misconfigurations, flawed processes) to implement permanent solutions. Common techniques include the 5 Whys, fishbone diagrams, and fault tree analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The process of identifying, collecting, and producing electronically stored information with the intent of using it in a legal proceeding or investigation is referred to as:

A. Litigation hold
B. Evidence management
C. Digital forensics
D. E-discovery

A

E-Discovery

The legal process of identifying, preserving, collecting, and analysing electronically stored information (ESI) for litigation, investigations, or compliance. Governed by rules like the U.S. Federal Rules of Civil Procedure (FRCP), it covers emails, documents, databases, social media, and metadata. Specialised software and forensic experts are often employed to manage vast datasets while maintaining chain-of-custody integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IoC

A

Indicators of Compromise (IoCs)

Forensic artifacts such as IP addresses, file hashes, URLs, or behavioural patterns that suggest unauthorised or malicious activity on a system or network. Used in threat detection, incident response, and threat intelligence sharing (e.g., STIX/TAXII formats).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly