Quiz: Incident Response and Disaster Recovery Post-Assessment Quiz

Question 1

The selection of a strategy to address residual risk is referred to as risk _____.
a. assessment
b. management
c. treatment
d. governance

Answer 1

c. treatment

Question 2

Information assets that are maintained such that the information is whole, complete, and uncorrupted is considered to have _____________.
a. Reliability
b. Integrity
c. Availability
d. Stability

Answer 2

b. Integrity

Question 3

The investigation and assessment of the effects that various events or incidents can have on the organization is referred to as _____________________.
a. Contingency Planning
b. Business Impact Analysis
c. Risk Assessment
d. Business Process Management

Answer 3

b. Business Impact Analysis

Question 4

Which of the following is not one of the categories of unethical behavior that organizations typically try to eliminate?
a. Collusion
b. Ignorance
c. Malicious intent
d. Accident

Answer 4

a. Collusion

Question 5

Which of the following is not one of the main strategies for data backup and recovery?
a. Tape backup
b. Hypervisors
c. Mirrored systems and disk replication
d. Cloud backup technologies

Answer 5

b. Hypervisors

Question 6

A resumption strategy that frequently includes computing equipment and peripherals with servers, but not client workstations, and applications are typically not included, not installed, or not configured is called a ______________.
a. Warm site
b. Shared site
c. Cold site
d. Hot site

Answer 6

a. Warm site

Question 7

The process to review, analyze, and document the activities of an incident response is called the _____________.
a. “right of bang” phase
b. after-action review
c. forensic analysis report
d. “left of bang” phase

Answer 7

b. after-action review

Question 8

Incident response plan testing can be accomplished by which of the following approaches?
a. Desk check
b. Full-interruption testing
c. Table-top exercise
d. All of the above.

Answer 8

d. All of the above.

Question 9

An organization that needs to bring in security expertise from an outside vendor might choose to utilize a(n) _____________________.
a. managed security service provider
b. cloud security provider
c. managed security source provider
d. external incident manager

Answer 9

a. managed security service provider

Question 10

A clear and succinct statement that makes all involved aware of the CSIRT’s purpose and provides a path to obtaining its goals is called its ________________________.
a. vision statement
b. incident response plan
c. project plan
d. mission statement

Answer 10

d. mission statement

Question 11

Which of the following is not a key part of the cyber kill chain?
a. Actions on the objective
b. Social engineering
c. Weaponization
d. Command and control

Answer 11

b. Social engineering

Question 12

An event that does not rise to the level of an incident is referred to as ______________.
a. a false negative
b. an alert
c. distraction
d. noise

Answer 12

d. noise

Question 13

Which of the following is not a part of a typical SIEM?
a. Advanced threat detection and analytics
b. User monitoring
c. Log file monitoring
d. Threat intelligence

Answer 13

c. Log file monitoring

Question 14

Which of the following is an example of a valid IDPS location choice?
a. Host
b. Network
c. Wireless
d. All of the above

Answer 14

d. All of the above

Question 15

The phase of the incident response that seeks to clean up the contamination that inevitably results after an unauthorized access to a system is called _________________.
a. System sweep
b. Analysis
c. Recovery
d. Eradication

Answer 15

d. Eradication

Question 16

An attack that is designed to prevent the legitimate users of a system or network from using it is called _____________________.
a. social engineering
b. unauthorized access
c. a DOS attack
d. malware

Answer 16

c. a DOS attack

Question 17

The determination of the initial flaw or vulnerability that allowed an incident to occur is called _____________.
a. system and network analysis
b. log file analysis
c. source problem analysis
d. root cause analysis

Answer 17

d. root cause analysis

Question 18

The first phase of the recovery process is to:
a. identify and resolve vulnerabilities
b. restore processes and services
c. restore confidence in the organization
d. restore data

Answer 18

a. identify and resolve vulnerabilities

Question 19

A disaster that occurs over time and gradually deteriorates the organization’s capacity to withstand its effects is known as a ____________________.
a. slow-onset disaster.
b. natural disaster.
c. man-made disaster.
d. communication disaster.

Answer 19

a. slow-onset disaster.

Question 20

The point at which management responds to a notification of an impending or ongoing disaster, such as a weather report or an activity report from IT indicating the escalation of an incident, is called the _______________.
a. launch.
b. trigger.
c. activation.
d. disaster initiation.

Answer 20

b. trigger.

Question 21

Immediately after the BC planning policy statement, the next document the BC plan development team should review is the _________________.
a. BIA
b. CIA
c. DRP
d. BCP

Answer 21

a. BIA

Question 22

Potential shortfalls from the original BC planning process might include which of the following?
a. Prioritization issues.
b. Security issues.
c. Ownership changes.
d. All of the above.

Answer 22

d. All of the above.

Question 23

The position of the executive-in-charge of a crisis response is defined by the _______________.
a. succession plan.
b. organization chart.
c. chain of command.
d. management structure.

Answer 23

c. chain of command.

Question 24

Which of the following is not a method for training employees to handle a wide range of roles in the organization after a crisis?
a. Personnel redundancy
b. Vertical job rotation
c. Vendor rotation
d. Horizontal job rotation

Answer 24

c. Vendor rotation

Question 25

All of the following agencies publish well-respected standards and guidelines for incident response and disaster recovery except:
a. ISO
b. FFIEC
c. NSA
d. NIST

Answer 25

c. NSA