Security+ 4.2 Incident Response

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

An organization is establishing a Cyber-incident Response Team (CIRT). They want representatives from various positions in the organization. Which of the following positions would be the LEAST helpful to be on the team? A. Senior management B. Business office manager C. Network administrator D. Compliance officer

Business office manager

A Cyber-incident Response Team (CIRT) is writing an Incident Response Plan (IRP) at their organization. One common element of the plan is to document who to contact to report a computer security incident. What is this called? A. Escalation B. Functional exercise C. Tabletop exercise D. Incident category definitions

Escalation

In the incident response process, after identifying a security event, a Cyber-incident Response Team (CIRT) needs to isolate it. What is this step called? A. Prepare incident response policy, plan, and procedures B. Recovery C. Containment D. Eradication

Containment

These are alternate business practices, which are "workaround" activities that can temporarily substitute for normal business activities after a disaster. A. MITRE ATT&CK B. Continuity of Operations Planning (COOP) C. Cyber Kill Chain D. The Diamond Model of Intrusion Analysis

Continuity of Operations Planning (COOP)

These are seven-steps that are used to understand and disrupt attacks. We try to find a way to disrupt the attacker's steps to prevent them from reaching their final objective. A. The Diamond Model of Intrusion Analysis B. MITRE ATT&CK C. Continuity of Operations Planning (COOP) D. Cyber Kill Chain

Cyber Kill Chain

This outlines what to do if a disaster occurs. Part of this outline usually includes what type of disaster recovery sites will be used, such as hot sites, warm sites, and/or cold sites. A. MITRE ATT&CK B. The Diamond Model of Intrusion Analysis C. Cyber Kill Chain D. Disaster recovery plan

Disaster recovery plan

What is the first step in an incident response plan? This helps employees identify whether an event is benign or an actual security incident. A. Roles and responsibilities B. Documented incident types/category definitions C. Escalation D. Cyber-incident response teams

Documented incident types/category definitions

In the incident response process, a Cyber-incident Response Team (CIRT) needs to determine if an event is a legitimate security incident or not. What is this step called? A. Prepare incident response policy, plan, and procedures B. Identification C. Containment D. Eradication

Identification

What provides organizations with a formal, coordinated plan that employees can use when responding to an incident? A. Attack framework B. Incident response policy C. Security incident D. Incident response plan

Incident response plan

What provides organizations with a formal, coordinated plan that employees can use when responding to an incident? A. Incident response plan B. Security incident C. Attack framework D. Incident response policy

Incident response plan

What helps employees identify and respond to security incidents? It needs to be regularly updated. A. Security incident B. Attack framework C. Incident response policy D. NIST (National Institute of Standards and Technology)

Incident response policy

At the end of a training exercise, we need to have a discussion on how to improve the cyber-incident response team's (CIRT) response to the exercise. What is this called? A. Tabletop exercises B. Simulations C. Lessons learned D. Walk-throughs

Lessons learned

What is the LAST step a Cyber-incident Response Team (CIRT) should take in the incident response process? A. Eradication B. Lessons learned C. Recovery D. Containment

Lessons learned

This is a knowledge base of adversary tactics and techniques used in real-world attacks. It has a matrix that can be used to identify the type of attack and now to mitigate it. A. The Diamond Model of Intrusion Analysis B. MITRE ATT&CK C. Continuity of Operations Planning (COOP) D. Cyber Kill Chain

MITRE ATT&CK

What is the FIRST step a Cyber-incident Response Team (CIRT) should take in the incident response process? A. Eradication B. Containment C. Prepare incident response policy, plan, and procedures D. Identification

Prepare incident response policy, plan, and procedures

In the incident response process, after eradicating the security incident, a Cyber-incident Response Team (CIRT) needs to get the systems running normally again. What is this step called? A. Lessons learned B. Containment C. Recovery D. Identification

Recovery

A Cyber-incident Response Team (CIRT) is writing an Incident Response Plan (IRP) at their organization, which is a federal agency. Federal agencies are required to report computer security incidents to the United States Computer Emergency Readiness Team (US-CERT), so this will be included in their plan. What is this called? A. Incident category definitions B. Functional exercise C. Tabletop exercise D. Reporting requirements

Reporting requirements

What is an adverse event that can negatively affect the confidentiality, integrity, or availability (CIA triad) of data or systems within an organization? A. Incident response plan B. Security incident C. Incident response policy D. Attack framework

Security incident

At what type of training exercise do we have functional exercises that test actual responses? A. Simulations B. Lessons learned C. Walk-throughs D. Tabletop exercises

Simulations

At what type of training exercise do we have a discussion about how to respond to an event? A. Tabletop exercises B. Simulations C. Walk-throughs D. Lessons learned

Tabletop exercises

This is a way to understand an attacker by analyzing four key components of the intrusion event, which are adversary, capability, victim, and infrastructure. A. Continuity of Operations Planning (COOP) B. Cyber Kill Chain C. The Diamond Model of Intrusion Analysis D. MITRE ATT&CK

The Diamond Model of Intrusion Analysis

What type of training exercise has workshops that provides training about employee roles and responsibilities, explains business continuity plans, and plans tabletop exercises? A. Tabletop exercises B. Simulations C. Walk-throughs D. Lessons learned

Walk-throughs

A Cyber-incident Response Team (CIRT) wants to establish an Incident Response Plan (IRP) at their organization. One common element of the plan is to document incident category definitions. Which of the following is NOT a potential incident category? A. external/removal media, attrition B. exercises (tabletop, walkthroughs, simulations, lessons learned) C. improper usage, loss or theft of equipment D. web, email

exercises (tabletop, walkthroughs, simulations, lessons learned)


संबंधित स्टडी सेट्स

Chapter 13 Deserts and Wind Action

View Set

Med surg exam 3 ATI practice questions w/ rationales

View Set

MEDSURG TEST #2: CH 43 - Liver Cancer/Transplant, Pancreas and Gallbladder Problems

View Set

CH 18 Cardiovascular System: Blood

View Set

Chapter 8 Vertebral Column Anatomy

View Set

Anatomical Position, Body Planes, Directional Terms

View Set