Chapter 6. Incident Response Teams

7. Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a security operations center (SOC)? a. Cisco CloudLock b. Cisco's Active Threat Analytics (ATA) c. Cisco Managed Firepower Service d. Cisco Jasper

B. The Cisco ATA service offers customers 24-hour continuous monitoring and advanced-analytics capabilities, combined with threat intelligence and security analysts and investigators to detect security threats in the customer networks.

1. Which of the following aim to protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information? a. National CERTs b. PSIRT c. ATA d. Global CERTs

A. National CERTs aim to protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information. PSIRTs are vendor Product Security Incident Response Teams. ATA is a Cisco-managed security service, and global CERTs do not exist.

1. Which of the following are examples of some of the responsibilities of a corporate CSIRT and the policies it helps create? (Select all that apply.) a. Scanning vendor customer networks b. Incident classification and handling c. Information classification and protection d. Information dissemination e. Record retentions and destruction

B, C, D, and E. Incident classification and handling, information classification and protection, information dissemination, and record retentions and destruction are the responsibilities of a CSIRT or policies it helps create. Typically, corporate CSIRTs do not scan the network of vendors or their customers.

5. Which of the following are core responsibilities of a national CSIRT and CERT? a. Provide solutions for bug bounties b. Protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information c. Provide vulnerability brokering to vendors within a country d. Create regulations around cybersecurity within the country

B. National CSIRTs and CERTs aim to protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information.

3. Which of the following are the three metrics, or "scores," of the Common Vulnerability Scoring System (CVSS)? (Select all that apply.) a. Baseline score b. Base score c. Environmental score d. Temporal score

B, C, and D. The base, temporal, and environmental scores are the three main components of the CVSS.

4. Which of the following is the most widely adopted standard to calculate the severity of a given security vulnerability? a. VSS b. CVSS c. VCSS d. CVSC

B. The Common Vulnerability Scoring System (CVSS) is the most widely adopted standard to calculate the severity of a given security vulnerability.

5. The CVSS base score defines Exploitability metrics that measure how a vulnerability can be exploited as well as Impact metrics that measure the impact on which of the following? (Choose three.) a. Repudiation b. Non-repudiation c. Confidentiality d. Integrity e. Availability

C, D, E. Confidentiality, integrity, and availability (CIA) are part of the CVSS base score metrics.

3. Which of the following is an example of a coordination center? a. PSIRT b. FIRST c. The CERT/CC division of the Software Engineering Institute (SEI) d. USIRP from ICASI

C. CERT/CC is an example of a coordination center.

2. Which of the following is one of the main goals of the CSIRT? a. To configure the organization's firewalls b. To monitor the organization's IPS devices c. To minimize and control the damage associated with incidents, provide guidance for mitigation, and work to prevent future incidents d. To hire security professionals who will be part of the InfoSec team of the organization.

C. One of the main goals of a CSIRT is to minimize risk, contain cyber damage, and save money by preventing incidents from happening—and if they do occur, to mitigate them efficiently.

6. Which of the following is an example of a coordination center? a. Cisco PSIRT b. Microsoft MSRC c. CERT division of the Software Engineering Institute (SEI) d. FIRST

C. The CERT division of the Software Engineering Institute (SEI) is an example of a coordination center. Both Cisco PSIRT and Microsoft MSRC are PSIRTs, and FIRST is a forum for incident response teams.

4. Which of the following is typically a responsibility of a PSIRT? a. Configure the organization's firewall b. Monitor security logs c. Investigate security incidents in a security operations center (SOC) d. Disclose vulnerabilities in the organization's products and services

D. PSIRTs are typically responsible for disclosing vulnerabilities in products and services sold by the organization to its customers.

2. Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services? a. CSIRT b. ICASI c. USIRP d. PSIRT

D. Product Security Incident Response Teams (PSIRTs) are the ones that handle the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services.