Political motivations and financial interests are the two most common motivations behind current cyber threats.
A. True
B. False
A.
... [Show More] True
Information sharing only aligns with the respond process in incident management activities.
A. True
B. False
B. False
Sensors are defined only as technical or information systems.
A. True
B. False
B. False
Eradication consists of short-term, tactical actions.
A. True
B. False
B. False
Containment strategies may include:
A. Rebuilding systems from original media
B. Remediating vulnerabilities
C. Leaving systems online
D. Shutting down a service
D. Shutting down a service
Which of the following is a decision that might need to be made ahead of time as part of the Prepare process?
A. When and if forensics evidence will be collected
B. When, if, and how law enforcement will be involved
C. What systems can be isolated or shutdown
D. Who to notify when handling certain incidents
E. All of the above
F. None of the above
E. All of the above
What are the three impact attributes described in the course material?
A. Function, Availability, Impact
B. Availability, Information, Confidentiality
C. Function, Information, Recoverability
D. Recoverability, Externality, Impact
C. Function, Information, Recoverability
Which of the following is NOT a method of conducting operational exercises?
A. Table top scenarios
B. Virtual simulations
C. Vulnerability scanning
D. Capture the flag competition
C. Vulnerability scanning
Information sharing protocols include:
A. STIX / CAB
B. IDGEMF
C. OpenSOC
D. CRITS
D. CRITS
Which of the following is NOT an approach for institutionalizing an incident management capability?
A. National CSIRT
B. Network and security operations center (NSOC)
C. Red team
D. Crisis management team
E. Security incident response team
C. Red team
Elements of situational awareness are only technical in nature.
A. True
B. False
B. False
Which of the following are NOT considered indicators of compromise (IOCs)?
A. Domain names
B. Virus signatures
C. Timestamps
D. Registry keys
C. Timestamps
Postmortems can be done after an incident to identify:
A. What went right
B. What went wrong
C. Training needs
D. Tools needed
E. A and B only
F. C and D only
G. B and C only
H. None of the above
I. All of the above
I. All of the above
Incident response only starts once you receive an incident report.
A. True
B. False
B. False
Recovery strategies may include:
A. Isolating the system from the network
B. Improving network and host security
C. Modifying access controls
D. Deleting malware
B. Improving network and host security
Fusion is the correlation and analysis of information collected from an incident report.
A. True
B. False
B. False
Which of the following resources will facilitate incident management activities?
A. A communication plan
B. Data classification schema
C. Network topologies and baselines
D. Points of Contact (POC) lists
E. All of the above
F. None of the above
E. All of the above
Which of the following is NOT considered a type of analysis?
A. Triage
B. Situational analysis
C. Media analysis
D. Mitigation analysis
B. Situational analysis
Which of the following is NOT a response sub-process?
A. Planning the response strategy
B. Performing malware analysis
C. Coordinating response
D. Communicating with stakeholders
B. Performing malware analysis [Show Less]