Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Question 1
  • Question 2
  • Question 3
  • Quesiton 4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  • Question 11
  • Question 12
  • Question 13
  • Question 14
  • Question 15
  • Question 16
  1. Follow Up / Lessons Learned

Quiz

Question 1

If you discover your messaging/email servers have been compromised during a data breach, what should you do as related to communications across the IR team?

Solution

Utilize an out-of-band or alternate messaging network/environment

Question 2

Who should the final incident report be shared with?

Solution

Only those who have a specific need to know

Question 3

Which two things are usually combined to calculate priority in incidents?

Solution

Urgency and impact

Quesiton 4

You are the incident response lead for your organization. Your team has identified a system that's currently compromised. The system is a critical system and shutting it down immediately may cause an adverse impact on the organization. What should your team do first?

Solution

Perform a memory dump to be used for analysis

Question 5

Which of the following is TRUE concerning containment?

Solution

Containment is more of a strategy than a step

Question 6

What should you NOT do during containment?

Solution

Guarantee things or make such statements

Question 7

Which of the following is NOT a common tool used in containment?

Solution

Password crackers

Question 8

What is the primary goal of eradication?

Solution

To make sure the threat is completely removed per a predefined definition

Question 9

How will an incident responder know how to clean or wipe a machine properly during eradication?

Solution

Using processes defined by the organization via policies and procedures

Question 10

Who should be notified first of the eradication of a threat?

Solution

The rest of the IR team

Question 11

What team or practice in the organization is likely to be able to provide the most assistance or guidance during recovery?

Solution

Business Continuity (BC) and Disaster Recovery (DR) teams

Question 12

Which departments or practices are most likely to be impacted by restoration during the recovery phases? (Pick TWO)

Solution

  • Change management

  • Configuration management

Question 13

What traditional forensics/IR practice is usually not possible if the data breach happened in a cloud service provider (CSP) environment using Platform-as-a-Service models such as Amazon EC2 or Microsoft Azure?

Solution

Take a physical, bit-to-bit, forensically-sound image of the suspected hard drive

Question 14

Why are system monitoring tools useful for the recovery phase in incident response?

Solution

They may be used to monitor systems to ensure abnormal behavior has not returned

Question 15

Why should implementation of improvements after the follow-up step be phased into the process? (Select THREE)

Solution

  • Solutions may impact operations and other critical business functions

  • May require significant resources and input from other teams

  • Will usually require some type of impact assessment

Question 16

Which criteria would MOST likely lead to changes in the IR playbook?

Solution

Team was not able to follow the playbook effectively

PreviousFeedback from other teams in the organizationNextUnderstanding the Incident Response process and tools quiz

Last updated 8 months ago