Penetration Testing, Incident Response and Forensics All Quiz Answer | Incident Response Graded Quiz | Week 2

Incident Response Knowledge Check ( Practice Quiz )

Q1) Which three (3) of the following are phases of an incident response ?

• Detection & Analysis
• Containment, Eradication & Recovery
• Preparation

Q2) Which statement is true about an event ?

• An event may be totally benign, like receiving an email.

Q3) True or False: A robust automated incident response system should be able to detect and prevent loss from all incidents.

• False

Q4)Which three (3) are common Incident Response Team models?

• Central
• Coordinating
• Distributed

Q5) A good automated Incident Response system should be able to detect which three (3) of these common attack vectors ?

• An unauthorized removable drive being attached to the network.
• A brute force hacking attack.
• An email phishing attack.

Q6) Which three (3) of the following are components of an Incident Response Policy ?

• IR Policy testing responsibility.
• Means, tools and resources available.
• Identity of IR team members.

Q7) Contact information, Smart phones, and Secure storage facilities all belong to which Incident Response resource category ?

• Incident Handler Communications and Facilities.

Q8) Which three (3) of the following would be considered an incident detection precursor ?

• An announced threat against your organization from an activist group.
• A vendor notice of a vulnerability to a product you own.
• Detecting the use of a vulnerability scanner

Q9) Which type of monitoring system detects anomalous network traffic but typically does not take action beyond sending an alert to an administrator ?

• IDS

Q10) True or False: The Incident Response team should keep their documentation as concise as possible so only the most important facts take up the attention of the team leadership.

• False

Q11) What is the proper classification for a data breach that resulted in the exposure of sensitive personally identifiable information (PII) ?

• Privacy Breach

Q12) What is the proper classification for the recovery effort from a breach if you can estimate the total effort required but it will require bringing in additional resources ?

• Supplemented

Q13) During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Potential damange to and theft of resources, Need for evidence preservation, and Service availability ?

• Containment

Q14) Which Post Incident activity would include ascertaining exactly what happened and at what times ?

• Lessons learned meeting 

Incident Response Graded Quiz ( Main Quiz )

Q1) Select the missing phase of Incident Response: Preparation, _____, Containment, Eradication & Recovery, Post Incident Activity.

• Detection and Analysis

Q2) Which statement is true about an incident?

• An incident is an event that negatively affects IT systems.

Q3) True or False: A Coordinating Incidents Response Team provides advice and guidance to the Distributed IR teams in each department, but generally does not have specific authority over those teams.

• True

Q4) Which Incident Response Team model describes a team that has authority over all aspects of IR within the entire organization ?

• Central

Q5) In what way will having a set of predefined baseline questions will help you in the event of an incident ?

• Coordinate with other teams and the media.

Q6) Incident Response team resources can be divided into which three (3) of the following categories ?

• Incident Handler Communications and Facilities
• Incident Analysis Resources
• Incident Analysis Hardware and Software

Q7) Port lists, Documentation, and Cryptographic hashes all belong to which Incident Response resource category ?

• Incident Analysis Resources

Q8) Which three (3) of the following would be considered an incident detection indicator ?

• An application log showing numerous failed login attempts from an unknown remote system.
• A significant deviation from typical network traffic flow patterns.
• The discovery of a file containing unusual characters by a system administrator.

Q9) Which type of monitoring system analyzes logs and events in real time ?

• SIEM

Q10) True or False: Highly detailed and thorough documentation is needed to support the analysis of current and future incidents.

• True
• False

Q11) What is the proper classification for a breach that results in sensitive or proprietary information being changed or deleted.

• Integrity Loss

Q12) What is the proper classification for the recovery effort from a breach if sensitive data was stolen and posted on a public web site ?

• Not Recoverable

Q13) During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Eliminate components of the incident, Disable compromised accounts, and Identify and mitigate vulnerabilities ?

• Eradication

Q14) Which Post Incident activity would include reviewing response times, which systems were impacted and other metrics associated with the incident ?

• Utilizing collected data

*****************************************************************************

Penetration Testing, Incident Response and Forensics

• Penetration Testing, Incident Response and Forensics All Quiz Answer | Penetration Test Graded Quiz | Week 1

• Penetration Testing, Incident Response and Forensics All Quiz Answer | Incident Response Graded Quiz | Week 2

• Penetration Testing, Incident Response and Forensics All Quiz Answer | Digital Forensics Assessment | Week 3

• Penetration Testing, Incident Response and Forensics All Quiz Answer | Introduction to Scripting Assessment | Week 4

**************************************************************************************************