Chat with AI
Deck 11: Incident Handling
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/25
Play
Full screen (f)
Deck 11: Incident Handling
1
Organizations typically become aware of incidents through all the following except
A) Visible changes to services
B) Reports from file integrity monitoring tools
C) Periodic review meetings
D) Log analysis
A) Visible changes to services
B) Reports from file integrity monitoring tools
C) Periodic review meetings
D) Log analysis
C
2
Compliance is
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
C) The part of the incident response policy that specifies the targets of the policy
D) Staff designated to respond to incidents
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
C) The part of the incident response policy that specifies the targets of the policy
D) Staff designated to respond to incidents
B
3
During an incident, the IRT is involved with all of the following, except
A) Identifying the threats to the organization from the incident
B) Mitigating risks
C) Communicating with stakeholders
D) Issuing a final report
A) Identifying the threats to the organization from the incident
B) Mitigating risks
C) Communicating with stakeholders
D) Issuing a final report
C
4
During an incident, it is advisable to pull members away from current projects to assist the IRT
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
5
Information about the incident should be disseminated
A) Exhaustively, to all constituents
B) Primarily to end users
C) Primarily to the organization's leadership
D) On a need-to-know basis
A) Exhaustively, to all constituents
B) Primarily to end users
C) Primarily to the organization's leadership
D) On a need-to-know basis
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
6
Since the incident response policy is developed following strict procedures including top management approval, its existence generally is an assurance that the organization will respond satisfactorily to an information security incident
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
7
In the context of monitoring, a false positive is
A) An undetected problem
B) A component that is working intermittently
C) A component that is likely to fail soon
D) An alert that upon further investigation turns out to be not a problem
A) An undetected problem
B) A component that is working intermittently
C) A component that is likely to fail soon
D) An alert that upon further investigation turns out to be not a problem
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
8
According to the need-to-know principle of information management, information provided
A) Is limited to what is necessary to perform the job
B) Satisfies the information seeker's curiosity need-to-know
C) Is guided by state-mandated legal guidelines
D) Information is kept secret by default
A) Is limited to what is necessary to perform the job
B) Satisfies the information seeker's curiosity need-to-know
C) Is guided by state-mandated legal guidelines
D) Information is kept secret by default
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
9
In the context of monitoring, a false negative is
A) An undetected problem
B) A component that is working intermittently
C) A component that is likely to fail soon
D) An alert that upon further investigation turns out to be not a problem
A) An undetected problem
B) A component that is working intermittently
C) A component that is likely to fail soon
D) An alert that upon further investigation turns out to be not a problem
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
10
The IRT is
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The part of the incident response policy that specifies the targets of the policy
C) Staff designated to respond to incidents
D) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The part of the incident response policy that specifies the targets of the policy
C) Staff designated to respond to incidents
D) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
11
Preparation for incident response includes all of the following except
A) Creating an incident response policy
B) Creating an incident response team
C) Containing the harm from an incident
D) Creating a communication plan during incidents
A) Creating an incident response policy
B) Creating an incident response team
C) Containing the harm from an incident
D) Creating a communication plan during incidents
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
12
The leader of the IRT is preferably
A) Someone from the senior leadership of the organization
B) A technically competent professional with high credibility within the organization
C) The functional leader of the business unit affected by the incident
D) The leader of the IT function within the organization
A) Someone from the senior leadership of the organization
B) A technically competent professional with high credibility within the organization
C) The functional leader of the business unit affected by the incident
D) The leader of the IT function within the organization
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
13
The stages of incident handling include
A) Planning, detection, maintenance, retirement
B) Preparation, detection, containment, post-incident analysis
C) Planning, acquisition, deployment, post-incident analysis
D) Preparation, acquisition, deployment, post-incident analysis
A) Planning, detection, maintenance, retirement
B) Preparation, detection, containment, post-incident analysis
C) Planning, acquisition, deployment, post-incident analysis
D) Preparation, acquisition, deployment, post-incident analysis
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
14
Files appropriate to monitor using file integrity monitoring tools include
A) End user data
B) Configuration files
C) Operating system files
D) Database contents
A) End user data
B) Configuration files
C) Operating system files
D) Database contents
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
15
An incident response policy is
A) A description of the standard methods used by an organization to handle information security incidents
B) A description of security policies, acceptable use policies, or standard security practices
C) A specification of the targets of the policy
D) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
A) A description of the standard methods used by an organization to handle information security incidents
B) A description of security policies, acceptable use policies, or standard security practices
C) A specification of the targets of the policy
D) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
16
Performance records of a machine are called
A) Configuration files
B) Sysadmin
C) Logs
D) Debian
A) Configuration files
B) Sysadmin
C) Logs
D) Debian
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
17
An incident is
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The part of the incident response policy that specifies the targets of the policy
C) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
D) Staff designated to respond to incidents
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The part of the incident response policy that specifies the targets of the policy
C) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
D) Staff designated to respond to incidents
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
18
The technical members of the IRT are chosen
A) By rotation from the different departments in the organization
B) From the senior-most members of the IT teams
C) Depending upon the threat action
D) From the fresh entrants in the IT teams
A) By rotation from the different departments in the organization
B) From the senior-most members of the IT teams
C) Depending upon the threat action
D) From the fresh entrants in the IT teams
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
19
The scope of an incident response policy is
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
C) Staff designated to respond to incidents
D) The part of the incident response policy that specifies the targets of the policy
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
C) Staff designated to respond to incidents
D) The part of the incident response policy that specifies the targets of the policy
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
20
Log consolidation refers to
A) Recording the aggregation of credit cards
B) Checking logs from every system daily
C) Logging the system updates applied to the system
D) Gathering logs from multiple systems onto one system
A) Recording the aggregation of credit cards
B) Checking logs from every system daily
C) Logging the system updates applied to the system
D) Gathering logs from multiple systems onto one system
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
21
Log consolidation is useful for
A) Identifying irregularities across multiple systems
B) Lowering hardware costs
C) Eliminating the need for clock-synchronization
D) Serving as a honeypot
A) Identifying irregularities across multiple systems
B) Lowering hardware costs
C) Eliminating the need for clock-synchronization
D) Serving as a honeypot
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
22
Containment is
A) Saving log files in a server container configured specially for this purpose
B) Preventing the expansion of harm
C) Removing the causes of the adverse event
D) Returning systems to owners for normal operations after the incident
A) Saving log files in a server container configured specially for this purpose
B) Preventing the expansion of harm
C) Removing the causes of the adverse event
D) Returning systems to owners for normal operations after the incident
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
23
A disaster is
A) A calamitous event that causes great harm
B) When the dog really eats the assignment
C) A hurricane
D) Returning systems to owners for normal operations after the incident
A) A calamitous event that causes great harm
B) When the dog really eats the assignment
C) A hurricane
D) Returning systems to owners for normal operations after the incident
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
24
Eradication is
A) Saving log files in a server container configured specially for this purpose
B) Preventing the expansion of harm
C) Removing the causes of the adverse event
D) Returning systems to owners for normal operations after the incident
A) Saving log files in a server container configured specially for this purpose
B) Preventing the expansion of harm
C) Removing the causes of the adverse event
D) Returning systems to owners for normal operations after the incident
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
25
Recovery is
A) Saving log files in a server container configured specially for this purpose
B) Preventing the expansion of harm
C) Removing the causes of the adverse event
D) Returning systems to owners for normal operations after the incident
A) Saving log files in a server container configured specially for this purpose
B) Preventing the expansion of harm
C) Removing the causes of the adverse event
D) Returning systems to owners for normal operations after the incident
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
