Network Flashcards
What is the first step in assessing security threats?
Identifying potential threats and vulnerabilities.
True or False: All security incidents should be treated with the same level of severity.
False.
Fill in the blank: The process of determining the impact of an incident is known as ______.
impact assessment.
What is a common framework used for incident response?
The NIST Cybersecurity Framework.
Which term describes the likelihood of a threat exploiting a vulnerability?
Risk.
What does the acronym CVSS stand for?
Common Vulnerability Scoring System.
Multiple Choice: Which of the following is NOT a phase in the incident response lifecycle? A) Preparation B) Detection C) Reaction D) Recovery
C) Reaction.
What is the purpose of a risk assessment?
To evaluate potential risks and determine how to mitigate them.
True or False: Mitigation strategies should only be implemented after a security incident occurs.
False.
What is a security incident?
An event that compromises the confidentiality, integrity, or availability of information.
Fill in the blank: ______ analysis helps organizations understand the consequences of incidents.
Threat.
What does ‘vulnerability’ refer to in cybersecurity?
A weakness in a system that can be exploited by threats.
Multiple Choice: Which factor is NOT typically considered when assessing the severity of an incident? A) Data sensitivity B) Financial impact C) Time of day D) Compliance requirements
C) Time of day.
What role does communication play in incident response?
Effective communication ensures all stakeholders are informed and coordinated.
True or False: Documentation is unimportant during the incident response process.
False.
What is the difference between a threat and a vulnerability?
A threat is a potential danger, while a vulnerability is a weakness that can be exploited.
Fill in the blank: A ______ is a documented plan for responding to different types of incidents.
incident response plan.
What is the main goal of incident mitigation?
To reduce the impact of security incidents on the organization.
Multiple Choice: Which of the following is considered a proactive security measure? A) Incident reporting B) Security training C) Post-incident review D) None of the above
B) Security training.
What is the function of an incident severity matrix?
To categorize incidents based on their impact and urgency.
True or False: All security incidents require immediate escalation.
False.
What should be included in an incident report?
Details of the incident, response actions taken, and lessons learned.
Fill in the blank: After an incident, organizations should conduct a ______ to identify improvements.
post-mortem analysis.
What is a common tool used for tracking incidents?
Incident management software.
Multiple Choice: Which of the following is a common indicator of a security incident? A) Unusual network traffic B) Routine system updates C) Scheduled maintenance D) None of the above
A) Unusual network traffic.
What is the importance of training employees in security awareness?
To reduce the likelihood of human error leading to security incidents.
