Quiz: Module 09 Incident Response Planning and Procedures
Anabelle needs to eradicate malware from a hard drive. Which should she NOT do? a. Delete the files from the hard drive by using the Quick Format option. b. Overwrite the data using sanitization. c. Use secure disposal as a last resort. d. Use the Schneier sanitation method.
A
Kaitlyn is creating an incident response plan. Who should first be notified in the event of a cyber incident? a. Cyber incident response team b. CEO c. Law enforcement d. Local media
A
Viola is examining data that was compromised during a recent attack. Into which category would a password number be classified? a. PII b. PHI c. SPI d. PUI
A
Which of the following is NOT a communications best practice strategy? a. Contact local news media before the word leaks out. b. Use a secure method of communication. c. Be transparent but be careful. d. Provide a context.
A
Which of the following is false regarding state legislative mandates about communication in a cyber incident? a. Only California has a state security breach notification law. b. No two state laws are identical. c. Some states have a broader definition of personal information. d. Providing notice to the State Attorney General is required in some states.
A
Why is financial information data considered to have a high value? a. The loss of accounting data prevents an organization from providing stakeholders an accurate picture of its financial health. b. Federal laws prohibit backing up corporate accounting data, so the loss cannot be replaced. c. Corporate accounting data has a high value only if it is part of a merger and acquisition. d. Accounting data is very detailed and would require a significant effort to restore it.
A
For internal communications, which two categories are often used? a. Senior-level and junior-level b. Technical and management c. Security and networking d. Communication and cyber
B
Isabella has been asked to research HIPAA requirements for her employer. Which of the following is false regarding HIPAA? a. Healthcare enterprises must guard protected healthcare information. b. HIPAA only applies to information in electronic format. c. HIPAA includes any third-party business associate that handles protected healthcare information. d. Healthcare enterprises must implement policies and procedures to safeguard information.
B
Pat is researching requirements for communicating with affected parties in a cyber incident. What requirement would Pat find that is in place in the European Union (EU)? a. PIPEDA b. GDPR c. PI d. ICO
B
What is the act of violating an explicit or implied security policy that may or may not be successful? a. Cyber breach b. Cyber incident c. Security event d. Adverse security event
B
What is the best way for an organization to limit adverse public reactions to a cyber incident? a. By keeping the news of a cyber incident secret b. By controlling the conversation c. By communicating only with stakeholders d. By responding defensively
B
Which of the following is NOT a reason for communications in a cyber incident? a. To limit adverse reactions b. To allow for unplanned release of information c. To satisfy state legislative mandates d. To meet federal regulatory requirements
B
Which of the following is NOT an example of intellectual property? a. Trademark b. Brand image c. Copyright d. Patent
B
Which of the following scopes of impact describes the length of time needed for IT systems to return to their normal functions? a. Downtime b. Recovery time c. Response time d. Recapture time
B
Eva is researching which law enforcement agency to contact in the event of different types of cyber incidents. Which law enforcement agency should be contacted no matter the type of incident? a. CIA b. NSA c. FBI d. Secret Service
C
Kristin is reviewing the impact of a recent attack and found that it only caused a seldom-used test server to be taken offline for short period of time. She has decided that this incident does not deserve a high priority ranking. What scope of impact has she used in making this determination? a. Network importance measure (NIM) b. System evaluation c. System process criticality d. Structural impact
C
What is the first step in determining the detection and analysis phase of incident response? a. Deciding how many systems were impacted b. Determining who launched the attack c. Deciding if what occurred was a cybersecurity incident d. Examining the type of data that was compromised
C
Which of the following is a reason for contacting law enforcement agencies in the event of a cyber incident? a. They can work with foreign counterparts to stop organized cybercrime. b. They have many resources and experience. c. Identifying threat actors often leads to no arrests or convictions. d. Companies providing information can assist in intelligence sharing efforts.
C
Adamo has been asked to create a new cyber incident response plan. What will be the final phase in the plan? a. Reporting b. Eradication c. Recovery d. Post-Incident
D
Rico is developing a list of personnel who may be asked to serve on a cyber incident response team. Who will have the responsibility of helping the team to focus on minimizing damage and recovering quickly from a cyber incident? a. Associate director b. Coordinator c. Lead investigator d. Team leader
D
