Module 6: Incident Response Quiz Answers

Cybersecurity Essentials Module 6 Quiz Answers

Module 6: Incident Response Quiz Question Answers

1. What describes the immediate action taken to isolate a system in the event of a breach?

  • Containment
  • Eradication
  • Recovery
  • Containment: Isolate the infected system

Explanation: Containment is the immediate action taken to isolate a system in order to prevent further spread of the issue. For example, disconnecting a system from the local network to stop the information leak.

2. Is the following statement true or false?
‘Incident response is a structured methodology for handling security incidents, breaches and cyber threats.’

  • True
  • False

3. Which type of controls restore the system after a disaster or an event?

  • Preventive controls
  • Detective controls
  • Corrective controls

Explanation: Corrective measures include controls that restore the system after a disaster or an event.

4. Which type of controls help uncover new potential threats?

  • Preventive controls
  • Detective controls
  • Corrective controls

Explanation: Detective measures include controls that discover unwanted events. These measures uncover new potential threats.

5. What type of exercise interrupts services to verify that all aspects of a business continuity plan are able to respond to a certain type of incident?

  • Tabletop exercise
  • Functional test
  • Operational exercise

Explanation: Operational exercises: At the most extreme are full operational exercises, or simulations. These are designed to interrupt services to verify that all aspects of a plan are in place and sufficient to respond to the type of incident that is being simulated.

6. Under which plan does personnel perform business processes in an alternate manner until normal operations resume?

  • Disaster recovery plan (DRP)
  • Business continuity plan (BCP)
  • Business impact analysis (BIA)

Explanation: Business continuity is one of the most important concepts in computer security. Having plans in place will ensure business continuity regardless of what may occur.
A business continuity plan (BCP) is a broader plan than a disaster recovery plan (DRP) because it can include getting critical systems to another location while the repair of the original facility is underway. In such a scenario, personnel continues to perform all business processes in an alternate manner until normal operations resume.

7. When gathering evidence as part of a forensic investigation, what does the chain of custody show? (Choose five correct answers)

  • Who obtained the evidence
  • Where the evidence was obtained from
  • Why the evidence was obtained
  • When the evidence was obtained
  • Where the evidence was stored
  • How the evidence was obtained
  • Who had control of the evidence since it was obtained

Explanation: The chain of custody shows who obtained the evidence, where the evidence was obtained, when the evidence was obtained, where it was stored and who has had control of the evidence since the time it was obtained. The steps in the chain of custody must be carefully followed to avoid allegations of tampering.

8. Which of the following should you not use to pack media that includes digital evidence gathered as part of a forensic investigation?

  • A wooden crate
  • A cardboard box
  • A plastic container

Explanation: Media containing digital evidence should not be stored in plastic containers, because plastic can produce or convey static electricity.

9. Is the following statement true or false?
‘You should always follow the order of volatility when collecting evidence, proceeding from the least volatile evidence to the most volatile.’

  • True
  • False

Explanation: You should always follow the order of volatility during the collection process, by proceeding from the most volatile evidence to the least volatile.

10. When acquiring evidence, what can you use to validate that data and applications were not modified after analysis?

  • Network and traffic logs
  • Hashes or checksums of data
  • Time offset data

Explanation: Hashes or checksums of all data and applications before and after any analysis, to validate that they were not modified.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments