Cybersecurity Capstone: Breach Response Case Studies All Quiz Answer | Incident Management Response and Cyberattack Frameworks Graded Assessment | Week 1

Cybersecurity Capstone Breach Response Case Studies All Quiz Answer  Incident Management Response and Cyberattack Frameworks Graded Assessment  Week 1


Incident Management Knowledge Check ( Practice Quiz )


Q1)  In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions are included on that list? (Select 3)

  • 'Create an incident response policy
  • 'Develop an incident response plan based on the incident response policy
  • Establish a formal incident response capability



Q2) Which incident response team model would best fit the needs of a small company that runs its business out of a single office building or campus ?

  • Central incident response team



Q3) True or False. An incident response team needs a blend of members with strong technical and strong soft skills ?

  • True



Q4) Assuring systems, networks, and applications are sufficiently secure to resist an attack is part of which phase of the incident response lifecycle ?

  • Preparation





Cyberattack Frameworks Knowledge Check ( Practice Quiz )


Q1) According to the IRIS Framework, during which stage of an attack would the attacker conduct external reconnaissance, alight tactics, techniques and procedures to target and prepare his attack infrastructure ?

  • Attack beginnings



Q2) According to the IRIS Framework, during which stage of an attack would the attacker escalate evasion tactics to evade detection ?

  • Launch and execute the attack



Q3) According to the IRIS framework, during the third phase of an attack when the attackers are attempting to escalate privileges, what should the IR team be doing as a countermeasure ?

  • Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems



Q4) According to the IRIS framework, during the fifth phase of an attack, the attackers will attempt execute their final objective. What should the IR team be doing as a countermeasure ?

  • Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies



Q5) True or False. A data breach only has to be reported to law enforcement if external customer data was compromised ?

  • False




Incident Management Response and Cyberattack Frameworks Graded Assessment ( Main Quiz )



Q1) In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions that are a included on that list ? (Select 3)

  • Considering the relevant factors when selecting an incident response team model
  • Establish policies and procedures regarding incident-related information sharing
  • Develop incident response procedures



Q2) Which incident response team model would best fit the needs of a the field offices of a large distributed organizations ?

  • Distributed incident response team



Q3) Which incident response team staffing model would be appropriate for a small retail store that has just launched an online selling platform and finds it is now under attack? The platform was put together by its very small IT department who has no experience in managing incident response.

  • Completely outsource the incident response work to an onsite contractor with expertise in monitoring and responding to incidents



Q4) Which three (3) technical skills are important to have in an organization's incident response team ? (Select 3)

  • System administration
  • Programming
  • Network administration



Q5) Identifying incident precursors and indicators is part of which phase of the incident response lifecycle ?

  • Detection & Analysis



Q6) Automatically isolating a system from the network when malware is detected on that system is part of which phase of the incident response lifecycle ?

  • Containment, Eradication & Recovery



Q7) According to the IRIS Framework, during which stage of an attack would the attacker send phishing email, steal credentials and establish a foothold in the target network ?

  • Launch and execute the attack



Q8) According to the IRIS Framework, during which stage of an attack would the attacker execute their final objectives ?

  • Attack objective execution



Q9) According to the IRIS framework, during the first stage of an attack, when the bad actors are conducting external reconnaissance and aligning their tactics, techniques and procedures, what should the IR team be doing as a countermeasure ?

  • Build a threat profile of adversarial actors who are likely to target the company



Q10) According to the IRIS framework, during the fourth phase of an attack, the attackers will attempt to evade detection. What should the IR team be doing as a countermeasure ?

  • Analyze all network traffic and endpoints, searching for anomalous behavior



Q11) True or False. A data breach always has to be reported to law enforcement agencies.

  • False









Post a Comment

2 Comments

  1. Question 2: According to the IRIS Framework, during which stage of an attack would the attacker escalate evasion tactics to evade detection?

    Should be "Continuous phases occur"

    ReplyDelete
  2. Wonderful Article. Thanks for sharing this post

    Site Reliability Engineering Training
    SRE Training in Hyderabad
    Site Reliability Engineering Training in Hyderabad
    Site Reliability Engineering Online Training
    Site Reliability Engineering Training Institute in Hyderabad
    SRE Training Course in Hyderabad
    SRE Online Training in Hyderabad

    ReplyDelete