Incident Response and Management Review Questions
Course Introduction
This course provides a comprehensive overview of incident response and management, equipping students with the knowledge and skills needed to effectively address and mitigate cybersecurity incidents. It covers the phases of incident response, including preparation, detection, containment, eradication, recovery, and lessons learned. Students will explore best practices for developing incident response plans, roles and responsibilities within response teams, legal and ethical considerations, and communication strategies. Practical exercises and case studies help students apply frameworks and tools used in real-world scenarios, preparing them to respond swiftly to security breaches and minimize organizational impact.
Recommended Textbook
Information Security and IT Risk Management 1st Edition by Manish Agrawal
Available Study Resources on Quizplus
14 Chapters 349 Verified Questions 349 Flashcards
Source URL: https://quizplus.com/study-set/3541
2
Chapter 1: Introduction
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70324
Sample Questions
Q1) Of the measures you can take to improve your personal security, the least important is
A) Spending lot of money
B) Using end-point virus) protection
C) Automating software updates
D) Using appropriate passwords
Answer: A
Q2) Integrity is
A) Protecting information and information systems from unauthorized use
B) Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information Choices
C) Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity
D) Ensuring timely and reliable access to and use of information
Answer: C
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: System Administration
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70325
Sample Questions
Q1) Common functions of Linux System Administration utilities include
A) Automated customer service
B) Automated business processing
C) Automated installation
D) Automated marketing
Answer: C
Q2) Writing the necessary data in the appropriate locations on a computer 's hard drive for running a software program is called
A) Configuration
B) Access control
C) Installation
D) User management
Answer: C
Q3) A cold spare is a
A) Single point of failure
B) Redundant component that can replace a failed component with no downtime
C) Spare components used to replace failed components as quickly as possible
D) Popular component purchased when it is on sale
Answer: C
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: System Administration 2
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70326
Sample Questions
Q1) Vi is a
A) Graphical editor
B) Text editor
C) Game on Linux systems
D) Substitute for MS Word
Answer: B
Q2) When using a shell program, command options also called flags or switches are
A) Debates between users on which command to use
B) Data provided to a command to use as input
C) Single letters of full words that modify the behavior of the command in a pre-determined way
D) Debates among system administrators on which commands to use
Answer: C
Q3) Common shell programs include
A) Bourne shell, C shell, D shell
B) Born shell, C shell, Born again shell
C) Korn shell, Born shell, C shell
D) Bourne shell, C shell, Bourne-again shell
Answer: D
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: Basic Information Security Model
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70327
Sample Questions
Q1) Physical controls
A) Use non-technical methods of preventing harm
B) Are the security measures built into the information system itself
C) Perform malicious tasks at the direction of a remote controller
D) Manipulate people into performing desired actions
Q2) A SQL injection vulnerability is an example of a
A) Unrestricted uploads vulnerability
B) Cross-site scripting vulnerability
C) Buffer overflow vulnerability
D) Lack of input validation vulnerability
Q3) The NVD database
A) Describes likely impacts and measures to remove vulnerabilities
B) A list of all known viruses
C) A list of all known information security firms
D) An inventory of known software vulnerabilities
Q4) A lack of input validation vulnerability refers to a situation where
A) Files are accepted as input without verifying their specifications
B) Input from other users is supplied as output to other users
C) A program puts more data into a storage location than it can hold
D) User input is used without confirming its validity
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Asset Identification and Characterization
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70328
Sample Questions
Q1) The parameters used to characterize assets are
A) Asset sensitivity and asset criticality
B) Asset confidentiality and asset restrictions
C) Restricted and unrestricted assets
D) Essential, required and deferrable assets
Q2) Information assets are
A) Software tools needed to accomplish the organization's mission
B) Digitally stored content owned by an individual or organization
C) Employees whose departure could adversely affect the organization
D) Machinery involved in supporting the business
Q3) Required assets are those whose loss of availability
A) Could be tolerated for a short period of time
B) Could be acceptable
C) Is not acceptable even for a short period of time
D) Would cause immediate severe repercussions to the organization
Q4) RFPs, ITNs, ITBs are associated with the
A) Acquiring stage
B) Deployment stage
C) Management stage
D) Planning stage
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Threats and Vulnerabilities
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70329
Sample Questions
Q1) Help desk staff can be a threat due to
A) Abuse of privileges
B) Human errors
C) Lack of training
D) All of the above
Q2) Threat agents are typically classified as
A) External agents, internal agents and partners
B) Essentiality, and deferability
C) Internal auditors and help desk
D) Consultants, cloud service providers and suppliers
Q3) Partner threat agents include
A) Activist groups and competitors
B) Consultants, cloud service providers and suppliers
C) Internal auditors and help desk
D) Competitors, organized groups and former employees
Q4) The goal of agents running a 419 Nigerian scam is to
A) Damage the reputations of end users
B) Damage end user computers
C) Steal money
D) Steal intellectual property
Page 8
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Encryption Controls
Available Study Resources on Quizplus for this Chatper
24 Verified Questions
24 Flashcards
Source URL: https://quizplus.com/quiz/70330
Sample Questions
Q1) Hash functions are used primarily for
A) Sharing a secret key prior to network transmission
B) Storing data on hard drives
C) Encrypting data during transmission over a network
D) Saving passwords
Q2) In using public key encryption, messages are deciphered using
A) A public key
B) A shared secret key
C) Any key
D) A private key
Q3) The most common technologies used for secure network communication are
A) VPN and SSL
B) AES and DES
C) PKI and RSA
D) Diffusion and confusion
Q4) Hash functions use
A) 2 keys
B) 1 key
C) 0 keys
D) Any of the above, depending upon the specific hash algorithm
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Identity and Access Management
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70331
Sample Questions
Q1) An individual's affiliation with the organization is called their A) Access
B) Role
C) Account
D) Password
Q2) Identity discovery involves
A) Locating all new and updated identities in the organization
B) Comparing each discovered identity to a master record of all individuals in the organization
C) Collecting data about each individual's relationship to the organization
D) Making decisions about granting users access to resources
Q3) Kerberos is
A) The process of proving that a user is the owner of the identity being used
B) A secret series of characters known only to the user
C) The use of minute differences in physical traits to prove identity
D) A protocol that allows nodes in an insecure network to securely identify themselves to each other using tokens
Q4) Kerberos has been very useful in securing web applications
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Hardware and Software Controls
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70332
Sample Questions
Q1) Assessing the safety of a file using scores calculated from its observable attributes is called
A) Reputation based end-point protection
B) Protocol-based end-point protection
C) Anomaly-based end-point protection
D) Signature-based end-point protection
Q2) The merits of firewalls include all the following except A) Costs
B) Complexity
C) Wide availability
D) Vulnerability to poor configuration
Q3) An IDS that compares observed activity with defined patterns is a A) Firewall
B) Signature-based IDS
C) Anomaly-based IDS
D) Protocol-state IDS
Q4) Patches should always be installed as soon as they become available
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Shell Scripting
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70333
Sample Questions
Q1) Consider the following script. The output will be newlines replaced by spaces for brevity): #! /bin/bash counter=1 while [ $counter -le 2] do echo $counter done
Q2) A specific set of commands is to be executed 10 times. The most appropriate loop construct to accomplish this is A) for B) while C) do D) if
To view all questions and flashcards with answers, click on the resource link above.
Page 12
Chapter 11: Incident Handling
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70334
Sample Questions
Q1) Containment is
A) Saving log files in a server container configured specially for this purpose
B) Preventing the expansion of harm
C) Removing the causes of the adverse event
D) Returning systems to owners for normal operations after the incident
Q2) Information about the incident should be disseminated
A) Exhaustively, to all constituents
B) Primarily to end users
C) Primarily to the organization's leadership
D) On a need-to-know basis
Q3) During an incident, the IRT is involved with all of the following, except
A) Identifying the threats to the organization from the incident
B) Mitigating risks
C) Communicating with stakeholders
D) Issuing a final report
Q4) Log consolidation refers to
A) Recording the aggregation of credit cards
B) Checking logs from every system daily
C) Logging the system updates applied to the system
D) Gathering logs from multiple systems onto one system
13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Incident Analysis
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70335
Sample Questions
Q1) Syslog facilities include all of the following except
A) auth
B) cron
C) kern
D) debug
Q2) When investigating an incident on a Unix/ Linux system, generally the first file to be examined is
A) wtmp
B) utmp
C) authlog
D) messages
Q3) Syslog.conf line mail.crit /tmp/messages is interpreted to mean
A) Send all log messages from the mail service to the /tmp/messages file
B) Send critical log messages from the mail service to the /tmp/messages file
C) Send all log messages from the mail service to the /tmp/messages file.
D) Send critical log messages from the mail service to the default log file location
Q4) Cloud storage adds complexity to the work of security administrators
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Policies, Standards and Guidelines
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70336
Sample Questions
Q1) It is generally advised to consolidate all policy issues into one policy document
A)True
B)False
Q2) If an organization specifies that all laptops in the organization will use whole-disk encryption, the specific encryption technology will be specified in a
A) Guideline
B) Standard
C) Policy
D) Law
Q3) Compliance is
A) Procedures that tell units when it would be nice if things were operated a certain way, but it is not a requirement to do so
B) Guidelines to users and customers on what is appropriate and what is not appropriate to do with information technology resources
C) Following specifications put forth by policies or legal requirements
D) A defined set of rules, accepted and adopted by several organizations
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: It Risk Analysis and Risk Management
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70337
Sample Questions
Q1) In the NIST 800-39 framework, risk response
A) Addresses how organizations respond to risks
B) Identifies and aggregates the risks facing the organization
C) Describes the environment in which risk-based decisions are made
D) Evaluates the effectiveness of the organization's risk-management plan
Q2) The motivation for the passage of the Sarbanes-Oxley act was
A) Failure of Internet technologies
B) Denial of culpability by senior executives for falsification of records
C) To prevent stock market crashes
D) To recover retiree savings
Q3) As described in the text, a statement of a risk includes
A) Agent, threat, asset, damage
B) Agent, action, damage, threat
C) Agent, action, asset, damage
D) Threat, asset, action, damage
Q4) Section 906 of the Sarbanes-Oxley act of 2002 specifies
A) Penalties for non-compliance with the law
B) That the signing officer has reviewed financial statements
C) Privacy requirements for healthcare records have been followed
D) That attestations are made in accordance with PCAOB standards
Page 16
To view all questions and flashcards with answers, click on the resource link above.