Quiz
Question 1
If you discover your messaging/email servers have been compromised during a data breach, what should you do as related to communications across the IR team?
Question 2
Who should the final incident report be shared with?
Question 3
Which two things are usually combined to calculate priority in incidents?
Quesiton 4
You are the incident response lead for your organization. Your team has identified a system that's currently compromised. The system is a critical system and shutting it down immediately may cause an adverse impact on the organization. What should your team do first?
Question 5
Which of the following is TRUE concerning containment?
Question 6
What should you NOT do during containment?
Question 7
Which of the following is NOT a common tool used in containment?
Question 8
What is the primary goal of eradication?
Question 9
How will an incident responder know how to clean or wipe a machine properly during eradication?
Question 10
Who should be notified first of the eradication of a threat?
Question 11
What team or practice in the organization is likely to be able to provide the most assistance or guidance during recovery?
Question 12
Which departments or practices are most likely to be impacted by restoration during the recovery phases? (Pick TWO)
Question 13
What traditional forensics/IR practice is usually not possible if the data breach happened in a cloud service provider (CSP) environment using Platform-as-a-Service models such as Amazon EC2 or Microsoft Azure?
Question 14
Why are system monitoring tools useful for the recovery phase in incident response?
Question 15
Why should implementation of improvements after the follow-up step be phased into the process? (Select THREE)
Question 16
Which criteria would MOST likely lead to changes in the IR playbook?
Last updated