Chat with AI
Deck 3: Incidence Response: Preparation, Organization, and Prevention
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 3: Incidence Response: Preparation, Organization, and Prevention
1
A team can perform a(n)____ function,which means that it looks for new trends in information security threats.
A)risk analysis
B)technology watch
C)incident handling
D)announcement
A)risk analysis
B)technology watch
C)incident handling
D)announcement
B
2
In CP,an event that threatens the security of the organization's information is called a(n)____.
A)incident
B)problem
C)after-action
D)warning
A)incident
B)problem
C)after-action
D)warning
A
3
Which of the following is a security quality management service?
A)Announcements
B)Risk analysis
C)Incident handling
D)Alerts and warnings
A)Announcements
B)Risk analysis
C)Incident handling
D)Alerts and warnings
B
4
A(n)____ is a detailed set of processes and procedures that anticipate,detect,and mitigate the effects of an unexpected event that might compromise information resources and assets.
A)announcement plan
B)awareness plan
C)risk analysis plan
D)incident response plan
A)announcement plan
B)awareness plan
C)risk analysis plan
D)incident response plan
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
The incident response policy defines the roles and responsibilities for incident response for the SIRT and others who will be mobilized in the activation of the plan.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Proactive services are the core component of CSIRT work.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
Organizing the incident response planning process begins with staffing the disaster recovery committee.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
____ are important when team members are preparing advisories and procedures.
A)Mathematical skills
B)Writing skills
C)Medical skills
D)Forensic skills
A)Mathematical skills
B)Writing skills
C)Medical skills
D)Forensic skills
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
The ____ model is effective for small organizations and for large organizations with minimal geographic diversity in terms of computing resources.
A)proactive
B)reactive
C)technology watch
D)central incident response team
A)proactive
B)reactive
C)technology watch
D)central incident response team
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
A team that performs a(n)____ function should also be better prepared to handle new types of incidents.
A)risk analysis
B)technology watch
C)incident handling
D)announcement
A)risk analysis
B)technology watch
C)incident handling
D)announcement
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
____ services are triggered by an event or request,such as a report of a compromised host,wide-spreading malicious code,software vulnerability,or something that was identified by an intrusion detection or logging system.
A)Proactive
B)Security
C)Reactive
D)Forensic
A)Proactive
B)Security
C)Reactive
D)Forensic
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following is a proactive service?
A)Announcements
B)Risk analysis
C)Incident handling
D)Alerts and warnings
A)Announcements
B)Risk analysis
C)Incident handling
D)Alerts and warnings
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
____ services provide assistance and information to help prepare,protect,and secure constituent systems in anticipation of attacks,problems,or events.
A)Proactive
B)Security
C)Reactive
D)Forensic
A)Proactive
B)Security
C)Reactive
D)Forensic
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
In an organization,unexpected activities occur periodically;these are referred to as ____.
A)warnings
B)events
C)after-action
D)problems
A)warnings
B)events
C)after-action
D)problems
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is a reactive service?
A)Announcements
B)Risk analysis
C)Awareness building
D)Alerts and warnings
A)Announcements
B)Risk analysis
C)Awareness building
D)Alerts and warnings
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
The responsibility for creating an organization's IR plan usually falls to the ____.
A)database administrator
B)project manager
C)forensic expert
D)chief information security officer
A)database administrator
B)project manager
C)forensic expert
D)chief information security officer
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
____ services augment existing and well-established services that are independent of incident handling and traditionally performed by other areas of an organization such as the IT,Audit,or Training departments.
A)Proactive
B)Security quality management
C)Reactive
D)Forensic
A)Proactive
B)Security quality management
C)Reactive
D)Forensic
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
The IR policy must gain the full support of top management and be clearly understood by all affected parties.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Federal civilian agencies are required to report incidents to ____;other organizations can contact other incident-reporting organizations.
A)FedCIRC
B)the incidence response committee
C)forensic committee
D)disaster recovery committee
A)FedCIRC
B)the incidence response committee
C)forensic committee
D)disaster recovery committee
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Giving the incident response team the responsibility for patch management (for example,acquiring,testing,and distributing patches to the appropriate administrators and users throughout the organization)is generally not recommended.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Conversations with ____________________ help identify the skills and abilities of the team,as well as the specific needs of the end users.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
A(n)____ is a detailed examination of the events that occurred from first detection to final recovery.
A)after-action review
B)reactive review
C)proactive review
D)audit review
A)after-action review
B)reactive review
C)proactive review
D)audit review
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
A(n)____________________ occurs when an attack (natural or human made)affects information resources and/or assets,causing actual damage or other disruptions.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
The performance of ____________________ services directly reduces the number of incidents in the future.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Match each statement with an item below.
-Offers network-based challenges,builds skills used in creating server/client applications,and challenges the user to figure out problems with various network protocols.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-Offers network-based challenges,builds skills used in creating server/client applications,and challenges the user to figure out problems with various network protocols.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
A favorite pastime of information security professionals is ____,which is realistic,head-to-head attack and defend information,security attacks,and incident response methods.
A)simulation
B)war gaming
C)parallel testing
D)structured walk-through
A)simulation
B)war gaming
C)parallel testing
D)structured walk-through
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match each statement with an item below.
-Important because cooperation and coordination are necessary for successful incident response.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-Important because cooperation and coordination are necessary for successful incident response.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Match each statement with an item below.
-This war game challenges players with various levels requiring binary object analysis.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-This war game challenges players with various levels requiring binary object analysis.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
The primary responsibility of the IR team is to ensure the ____ is prepared to respond to each incident they may face.
A)IR plan
B)Semtex
C)SIRT
D)Catalyst
A)IR plan
B)Semtex
C)SIRT
D)Catalyst
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
____ is the process of systematically examining information assets for evidentiary material that can provide insight into how the incident transpired.
A)Disaster recovery
B)Incident response
C)War gaming
D)Forensics analysis
A)Disaster recovery
B)Incident response
C)War gaming
D)Forensics analysis
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match each statement with an item below.
-Usually activated when an incident causes minimal damage with little or no disruption to business operations.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-Usually activated when an incident causes minimal damage with little or no disruption to business operations.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
____________________ skills are particularly important because the team interacts with a wide variety of people,including incident victims,managers,system administrators,human resources,public affairs,and law enforcement.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Match each statement with an item below.
-Responsible for handling incidents for a particular logical or physical segment of the organization.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-Responsible for handling incidents for a particular logical or physical segment of the organization.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Match each statement with an item below.
-Resource multipliers.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-Resource multipliers.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Match each statement with an item below.
-Can serve as a training case for future staff.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-Can serve as a training case for future staff.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Match each statement with an item below.
-Too risky for most businesses.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-Too risky for most businesses.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
The term ____ is used to describe the circumstances that cause the IR team to be activated and the IR plan to be initiated.
A)problem
B)after-action
C)trigger
D)war gaming
A)problem
B)after-action
C)trigger
D)war gaming
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
A(n)____ is a SIRT team member,other than the team leader,who is currently performing the responsibilities of the team leader in scanning the organization's information infrastructure for signs of an incident.
A)forensic expert
B)IR duty officer
C)project manager
D)software engineer
A)forensic expert
B)IR duty officer
C)project manager
D)software engineer
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Match each statement with an item below.
-This war game was created to increase its players' ability for remote (and blind)exploitation.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
-This war game was created to increase its players' ability for remote (and blind)exploitation.
A)Distributed incident response teams
B)Teamwork skills
C)Education and awareness
D)IR plan
E)After-action review
F)Full-interruption testing
G)Catalyst
H)Blackhole
I)Semtex
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
A(n)____________________ team should be available for contact by anyone who discovers or suspects that an incident involving the organization has occurred.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Briefly discuss five basic incident response policy attributes.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What is an incident response policy?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
What is the difference between parallel testing and full interruption testing?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
For every attack scenario end case,the IR team creates the incident plan made up of three sets of incident-handling procedures.Briefly discuss these procedures.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What are some of the circumstances that could cause the IR team to be activated and the IR plan to be initiated?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What are the characteristics of an information security incident?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Briefly discuss the following war gaming strategies: capture the flag,king of the hill,and defend the flag.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
List six strategies that can be used to test contingency plans.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What are the advantages and disadvantages of outsourcing the incident response process?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
List five tasks that prevent attacks on the desktop.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
