Chat with AI
Deck 11: Cybersecurity Incident Response
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/20
Play
Full screen (f)
Deck 11: Cybersecurity Incident Response
1
Which of the following statements is not true?
A) Employees should report all actual incidents.
B) Employees should report all suspected incidents.
C) Employees should assign a severity level when reporting incidents.
D) Employees should not be reprimanded if they report a perceived incident that ends up being a false positive.
A) Employees should report all actual incidents.
B) Employees should report all suspected incidents.
C) Employees should assign a severity level when reporting incidents.
D) Employees should not be reprimanded if they report a perceived incident that ends up being a false positive.
Employees should assign a severity level when reporting incidents.
2
Which of the following is an example of a Severity Level 2 incident?
A) Malware detected on multiple systems
B) User's excessive use of bandwidth or resources
C) Compromise or suspected compromise of any company website or web presence
D) Compromise or suspected compromise of protected customer information
A) Malware detected on multiple systems
B) User's excessive use of bandwidth or resources
C) Compromise or suspected compromise of any company website or web presence
D) Compromise or suspected compromise of protected customer information
Malware detected on multiple systems
3
Which of the following is an example of a Severity Level 1 incident?
A) Inappropriate access to legally protected or proprietary information
B) Malware detected on multiple systems
C) User access to content or sites restricted by policy
D) Any act that is in direct violation of local, state, or federal law or regulation
A) Inappropriate access to legally protected or proprietary information
B) Malware detected on multiple systems
C) User access to content or sites restricted by policy
D) Any act that is in direct violation of local, state, or federal law or regulation
Any act that is in direct violation of local, state, or federal law or regulation
4
Which of the following is an example of a Severity Level 3 incident?
A) Malware detected on multiple systems
B) User's excessive use of bandwidth or resources
C) Compromise or suspected compromise of any company website or web presence
D) Compromise or suspected compromise of protected customer information
A) Malware detected on multiple systems
B) User's excessive use of bandwidth or resources
C) Compromise or suspected compromise of any company website or web presence
D) Compromise or suspected compromise of protected customer information
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
5
Who must be notified of Severity Level 3 incidents?
A) Chief Executive Officer
B) Chief Operating Officer
C) Chief Information Security Officer
D) Legal counsel
A) Chief Executive Officer
B) Chief Operating Officer
C) Chief Information Security Officer
D) Legal counsel
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following regulations address the protection of personally identifiable information?
A) HITECH
B) FISMA
C) GLBA
D) All of the above
A) HITECH
B) FISMA
C) GLBA
D) All of the above
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
7
Within what time frame does the HITECH Act require covered entities to notify affected individuals of a data breach of personal healthcare information?
A) 30 days
B) 40 days
C) 60 days
D) 1 week
A) 30 days
B) 40 days
C) 60 days
D) 1 week
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following states does not have security breach law?
A) California
B) Massachusetts
C) Texas
D) None of the above
A) California
B) Massachusetts
C) Texas
D) None of the above
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following best describes the preparation phase of the NIST incident response process?
A) Follows a predefined process while documenting each step the analyst takes
B) Includes deploying the necessary tools and resources to successfully investigate and resolve cybersecurity incidents
C) Includes how to use collected incident data and evidence retention
D) Includes choosing a containment strategy to effectively contain and eradicate the attack, as well as to successfully recover from it
A) Follows a predefined process while documenting each step the analyst takes
B) Includes deploying the necessary tools and resources to successfully investigate and resolve cybersecurity incidents
C) Includes how to use collected incident data and evidence retention
D) Includes choosing a containment strategy to effectively contain and eradicate the attack, as well as to successfully recover from it
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
10
A denial-of-service attack is considered which of the following?
A) Severity Level 1 incident
B) Severity Level 2 incident
C) Severity Level 3 incident
D) Internal incident
A) Severity Level 1 incident
B) Severity Level 2 incident
C) Severity Level 3 incident
D) Internal incident
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is an example of an intentional unauthorized access or use?
A) Clicking a link in an e-mail that happens to contain malware
B) Installing a keylogger on a system in an attempt to collect usernames and passwords
C) Flooding a system with ping requests in an attempt to take it down
D) Viewing medical records to satisfy one's curiosity
A) Clicking a link in an e-mail that happens to contain malware
B) Installing a keylogger on a system in an attempt to collect usernames and passwords
C) Flooding a system with ping requests in an attempt to take it down
D) Viewing medical records to satisfy one's curiosity
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following is an example of a denial-of-service attack?
A) Clicking a link in an e-mail that happens to contain malware
B) Installing a keylogger on a system in an attempt to collect usernames and passwords
C) Flooding a system with ping requests in an attempt to take it down
D) Viewing medical records to satisfy one's curiosity
A) Clicking a link in an e-mail that happens to contain malware
B) Installing a keylogger on a system in an attempt to collect usernames and passwords
C) Flooding a system with ping requests in an attempt to take it down
D) Viewing medical records to satisfy one's curiosity
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following best describes the post-incident activity phase of the NIST incident response process?
A) Follows a predefined process while documenting each step the analyst takes
B) Includes deploying the necessary tools and resources to successfully investigate and resolve cybersecurity incidents
C) Includes how to use collected incident data and evidence retention
D) Includes choosing a containment strategy to effectively contain and eradicate the attack, as well as to successfully recover from it
A) Follows a predefined process while documenting each step the analyst takes
B) Includes deploying the necessary tools and resources to successfully investigate and resolve cybersecurity incidents
C) Includes how to use collected incident data and evidence retention
D) Includes choosing a containment strategy to effectively contain and eradicate the attack, as well as to successfully recover from it
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following best describes the detection and analysis phase of the NIST incident response process?
A) Follows a predefined process while documenting each step the analyst takes
B) Includes deploying the necessary tools and resources to successfully investigate and resolve cybersecurity incidents
C) Includes how to use collected incident data and evidence retention
D) Includes choosing a containment strategy to effectively contain and eradicate the attack, as well as to successfully recover from it
A) Follows a predefined process while documenting each step the analyst takes
B) Includes deploying the necessary tools and resources to successfully investigate and resolve cybersecurity incidents
C) Includes how to use collected incident data and evidence retention
D) Includes choosing a containment strategy to effectively contain and eradicate the attack, as well as to successfully recover from it
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following are the steps in a digital forensic analysis according to NIST Special Publication 800-87?
A) Collection, acquisition, security, reporting
B) Collection, examination, analysis, reporting
C) Collection, security, analysis, reporting
D) Collection, analysis, reporting, testifying
A) Collection, acquisition, security, reporting
B) Collection, examination, analysis, reporting
C) Collection, security, analysis, reporting
D) Collection, analysis, reporting, testifying
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
16
Which method of evidence preservation involves using a mesh of conducting material that prevents devices from communicating via Wi-Fi or cellular signals?
A) Forensic image file
B) Chain of custody
C) Encryption
D) Faraday cage
A) Forensic image file
B) Chain of custody
C) Encryption
D) Faraday cage
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is the final step for an incident response tabletop exercise?
A) Execution
B) Preparation
C) Report
D) Analysis
A) Execution
B) Preparation
C) Report
D) Analysis
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
18
During the investigation and resolution of a security incident, you may also need to communicate with outside parties regarding the incident, such as which of the following?
A) CSIRT
B) FS-ISAC
C) PSIRT
D) CERT
A) CSIRT
B) FS-ISAC
C) PSIRT
D) CERT
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
19
CVSS is short for which of the following?
A) Common Vulnerability Security System
B) Computer Vulnerability Scoring System
C) Computer Vulnerability Security System
D) Common Vulnerability Scoring System
A) Common Vulnerability Security System
B) Computer Vulnerability Scoring System
C) Computer Vulnerability Security System
D) Common Vulnerability Scoring System
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
20
Which key incident management personnel represents the central point of contact for all incidents?
A) Incident response coordinators
B) Designated incident handlers
C) Incident response team members
D) External advisors
A) Incident response coordinators
B) Designated incident handlers
C) Incident response team members
D) External advisors
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
