Week 6 Q's Flashcards
What is the first step in carrying out an incident response?
A. Contacting law enforcement
B. Shutting down affected systems
C. Identifying and containing the incident
D. Assessing the impact of the incident
C
Which of the following is a primary objective of incident response?
A. To prevent all future security incidents
B. To identify and contain the incident
C. To prosecute the attacker
D. To restore all affected systems to their original state
B
What is the purpose of a chain of custody in incident response?
A. To ensure the confidentiality of the investigation
B. To protect evidence from alteration or tampering
C. To identify the root cause of the incident
D. To establish a clear timeline of events leading up to the incident
B
In which phase of the incident response process is evidence collection and preservation performed?
A. Preparation
B. Detection and analysis
C. Containment, eradication, and recovery
D. Post-incident activity
C
Which of the following is an important consideration when creating an incident response plan?
A. The size of the organization
B. The likelihood of a security incident occurring
C. The availability of law enforcement
D. The budget allocated for incident recovery
B
What is the primary goal of containment in the incident response process?
A. To restore systems to their original state
B. To identify the root cause of the incident
C. To prevent the incident from spreading further
D. To gather evidence for prosecution
C
Which of the following is a key component of an effective incident response plan?
A. The ability to identify the perpetrator of the incident
B. The availability of backups for all critical systems
C. The involvement of senior management in the response process
D. The ability to restore all affected systems to their original state
C
Which of the following is an important consideration when selecting an incident response team?
A. The technical skills of the team members
B. The team’s familiarity with the organization’s policies and procedures
C. The team’s ability to work independently
D. The size of the team
B
What is the purpose of a tabletop exercise in incident response planning?
A. To identify weaknesses in the organization’s security posture
B. To test the effectiveness of the incident response plan
C. To train incident response team members
D. To simulate a real-world security incident
B
In which phase of the incident response process is system restoration typically performed?
A. Preparation
B. Detection and analysis
C. Containment, eradication, and recovery
D. Post-incident activity
C
Which of the following is an important consideration when developing an incident response plan?
A. The type of data stored on the organization’s systems
B. The number of employees in the organization
C. The physical location of the organization’s offices
D. The amount of revenue generated by the organization
A
Which of the following is a potential consequence of not having an incident response plan?
A. Reduced employee morale
B. Legal and regulatory penalties
C. Increased system uptime
D. Improved organizational efficiency
B
What is the primary purpose of an incident response team?
A. To prevent security incidents from occurring
B. To identify and contain security incidents
C. To restore systems to their original state
D. To prosecute the attacker
B
Which of the following is NOT a key component of an incident response plan?
A. Incident detection and reporting
B. Containment and eradication
C. Business continuity and disaster recovery
D. Customer service and support
D
What is the first step in the incident response process?
A. Identification
B. Containment
C. Eradication
D. Recovery
A
