Incident Response Preparation

Question 1

Preparation
Detection and Analysis
Containment
Eradication and Recovery
Post-incident Activity

Answer 1

Incident Response Phases

Question 2

The act of violating an explicit or implied security policy

Answer 2

Incident

Question 3

Procedures and guidelines covering appropriate priorities, actions, and
responsibilities in the event of security incidents, divided into preparation,
detection/analysis, containment, eradication/recovery, and post-incident stages

Answer 3

Incident Response Procedures

Question 4

Preparing for an incident response involves documenting your procedures,
putting resources and procedures in place, and conducting training
Make the system resilient to attack by hardening systems, writing policies and
procedures, and setting up confidential lines of communication

Answer 4

Preparation

Question 5

Determine if an incident has place, triage it, and notify relevant stakeholders

Answer 5

Detection and Analysis

Question 6

Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers

Answer 6

Containment

Question 7

Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers

Answer 7

Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers

Question 8

Analyze the incident and responses to identify whether procedures or systems
could be improved

Answer 8

Post-incident Activity

Question 9

Data breaches involved private or confidential data usually take priority over other
incidents

Answer 9

Data Criticality

Question 10

Data that can be used to identify, contact, or impersonate an individual

Answer 10

Personally Identifiable Information (PII)

Question 11

Information about a subject’s opinions, beliefs, and nature that is afforded
specially protected status by privacy legislation

Answer 11

Sensitive Personal Information (SPI)

Question 12

Information that identifies someone as the subject of medical records, insurance
records, hospital results, or laboratory test result

Answer 12

Personal Health Information (PHI)

Question 13

Data stored about bank accounts, investment accounts, payroll, tax returns, credit
card data, and other data about commercial transactions
Payment Card Industry Data Security Standard (PCI DSS) defines the safe handling
and storage of payment card data

Answer 13

Financial Information

Question 14

Information created by an organization, usually about the products or services
that it makes or provides

Answer 14

Intellectual Property

Question 15

Confidential data owned by a company like product, sales, marketing, legal, and
contract information

Answer 15

Corporate Information

Question 16

An information system that processes data critical to a mission essential function

Answer 16

High Value Assets

Question 17

The team must have a secure method of communication for managing incidents

Answer 17

Communication Plan

Question 18

Signals that are sent between two parties or two devices that are sent via a path
or method different from that of the primary communication between the two
parties or devices

Answer 18

Out-of-band Communication

Question 19

Notifications that must be made to affected parties in the event of a data breach,
as required by legislation or regulation

Answer 19

Reporting Requirements

Question 20

There are 5 distinct types of breaches

Answer 20

Data Exfiltration
Insider Data Exfiltration
Device Theft/Loss
Accidental Data Breach
Integrity/Availability Breach

Question 21

An attacker breaks into the system and transfers data to another
system

Answer 21

Data Exfiltration

Question 22

An employee or ex-employee with privileges on the system transfers
data to another system

Answer 22

Insider Data Exfiltration

Question 23

A device, such as a smartphone or laptop, containing data is lost or
stolen

Answer 23

Device Theft/Loss

Question 24

Public disclosure of information or unauthorized transfer caused by
human error or a misconfiguration

Answer 24

Accidental Data Breach

Question 25

Corruption of data or destruction of a system processing data

Answer 25

Integrity/Availability Breach

Question 26

An incident response will require coordination between different internal departments
and external agencies

Answer 26

Response Coordination

Question 27

Executives and managers who are responsible for business operations and
functional areas

Answer 27

Senior Leadership

Question 28

Governmental organizations that oversee the compliance with specific regulations
and laws

Answer 28

Regulatory Bodies

Question 29

The business or organization’s legal counsel is responsible for mitigating risk from
civil lawsuits

Answer 29

Legal

Question 30

May provide services to assist in your incident handling efforts or to prepare for
legal action against the attacker in the future

Answer 30

Law Enforcement

Question 31

Used to ensure no breaches of employment law or employee contracts is made
during an incident response

Answer 31

Human Resources (HR)

Question 32

Used to manage negative publicity from a serious incident

Answer 32

Public Relations (PR)

Question 33

Education to ensure employees and staff understand processes, procedures, and
priorities during an incident response

Answer 33

Training

Question 34

Practical exercising of incident response procedures

Answer 34

Testing

Question 35

Exercise that uses an incident scenario against a framework of controls or a red
team

Answer 35

Tabletop Exercise (TTX)

Question 36

A red team attempts to conduct an intrusion of the network using a specific
scenario based on threat modeling

Answer 36

Penetration Test