Incident Management Knowledge Check ( Practice Quiz )
Q1) In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions are included on that list? (Select 3)
- 'Create an incident response policy
- 'Develop an incident response plan based on the incident response policy
- Establish a formal incident response capability
Q2) Which incident response team model would best fit the needs of a small company that runs its business out of a single office building or campus ?
- Central incident response team
Q3) True or False. An incident response team needs a blend of members with strong technical and strong soft skills ?
- True
Q4) Assuring systems, networks, and applications are sufficiently secure to resist an attack is part of which phase of the incident response lifecycle ?
- Preparation
Cyberattack Frameworks Knowledge Check ( Practice Quiz )
Q1) According to the IRIS Framework, during which stage of an attack would the attacker conduct external reconnaissance, alight tactics, techniques and procedures to target and prepare his attack infrastructure ?
- Attack beginnings
Q2) According to the IRIS Framework, during which stage of an attack would the attacker escalate evasion tactics to evade detection ?
- Launch and execute the attack
Q3) According to the IRIS framework, during the third phase of an attack when the attackers are attempting to escalate privileges, what should the IR team be doing as a countermeasure ?
- Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
Q4) According to the IRIS framework, during the fifth phase of an attack, the attackers will attempt execute their final objective. What should the IR team be doing as a countermeasure ?
- Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies
Q5) True or False. A data breach only has to be reported to law enforcement if external customer data was compromised ?
- False
Incident Management Response and Cyberattack Frameworks Graded Assessment ( Main Quiz )
Q1) In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions that are a included on that list ? (Select 3)
- Considering the relevant factors when selecting an incident response team model
- Establish policies and procedures regarding incident-related information sharing
- Develop incident response procedures
Q2) Which incident response team model would best fit the needs of a the field offices of a large distributed organizations ?
- Distributed incident response team
Q3) Which incident response team staffing model would be appropriate for a small retail store that has just launched an online selling platform and finds it is now under attack? The platform was put together by its very small IT department who has no experience in managing incident response.
- Completely outsource the incident response work to an onsite contractor with expertise in monitoring and responding to incidents
Q4) Which three (3) technical skills are important to have in an organization's incident response team ? (Select 3)
- System administration
- Programming
- Network administration
Q5) Identifying incident precursors and indicators is part of which phase of the incident response lifecycle ?
- Detection & Analysis
Q6) Automatically isolating a system from the network when malware is detected on that system is part of which phase of the incident response lifecycle ?
- Containment, Eradication & Recovery
Q7) According to the IRIS Framework, during which stage of an attack would the attacker send phishing email, steal credentials and establish a foothold in the target network ?
- Launch and execute the attack
Q8) According to the IRIS Framework, during which stage of an attack would the attacker execute their final objectives ?
- Attack objective execution
Q9) According to the IRIS framework, during the first stage of an attack, when the bad actors are conducting external reconnaissance and aligning their tactics, techniques and procedures, what should the IR team be doing as a countermeasure ?
- Build a threat profile of adversarial actors who are likely to target the company
Q10) According to the IRIS framework, during the fourth phase of an attack, the attackers will attempt to evade detection. What should the IR team be doing as a countermeasure ?
- Analyze all network traffic and endpoints, searching for anomalous behavior
Q11) True or False. A data breach always has to be reported to law enforcement agencies.
- False
2 Comments
Question 2: According to the IRIS Framework, during which stage of an attack would the attacker escalate evasion tactics to evade detection?
ReplyDeleteShould be "Continuous phases occur"
Wonderful Article. Thanks for sharing this post
ReplyDeleteSite Reliability Engineering Training
SRE Training in Hyderabad
Site Reliability Engineering Training in Hyderabad
Site Reliability Engineering Online Training
Site Reliability Engineering Training Institute in Hyderabad
SRE Training Course in Hyderabad
SRE Online Training in Hyderabad