Cybersecurity Essentials Module 6 Quiz Answers
Module 6: Incident Response Quiz Question Answers
1. What describes the immediate action taken to isolate a system in the event of a breach?
- Containment
- Eradication
- Recovery
- Containment: Isolate the infected system
2. Is the following statement true or false?
‘Incident response is a structured methodology for handling security incidents, breaches and cyber threats.’
- True
- False
3. Which type of controls restore the system after a disaster or an event?
- Preventive controls
- Detective controls
- Corrective controls
4. Which type of controls help uncover new potential threats?
- Preventive controls
- Detective controls
- Corrective controls
5. What type of exercise interrupts services to verify that all aspects of a business continuity plan are able to respond to a certain type of incident?
- Tabletop exercise
- Functional test
- Operational exercise
6. Under which plan does personnel perform business processes in an alternate manner until normal operations resume?
- Disaster recovery plan (DRP)
- Business continuity plan (BCP)
- Business impact analysis (BIA)
7. When gathering evidence as part of a forensic investigation, what does the chain of custody show? (Choose five correct answers)
- Who obtained the evidence
- Where the evidence was obtained from
- Why the evidence was obtained
- When the evidence was obtained
- Where the evidence was stored
- How the evidence was obtained
- Who had control of the evidence since it was obtained
8. Which of the following should you not use to pack media that includes digital evidence gathered as part of a forensic investigation?
- A wooden crate
- A cardboard box
- A plastic container
9. Is the following statement true or false?
‘You should always follow the order of volatility when collecting evidence, proceeding from the least volatile evidence to the most volatile.’
- True
- False
10. When acquiring evidence, what can you use to validate that data and applications were not modified after analysis?
- Network and traffic logs
- Hashes or checksums of data
- Time offset data