1. Network segregation and isolation procedures should be part of the CSIRT expertiences to:? Pick two reasons
a. Whether to reset password or rapidly recreate account
b. Procedures and criteria for when to clean vs. rebuild
c. Host OS (and Application) rebuild procedures
d. Isolate HVAs from other end points in the production environment (such as compromised workstations and servers), if feasible
e.Block attacker C2 channels at internet egress points
2. Of of five core functions defined in NIST CSF, where would security monitoring fall?
a.Detect
b.Identify
c.Protect
d.Respond
3. To successfully respond to incidents, you must: (Choose two)
a.Minimize risks
b.Notify your legal department
c.Fire the CISO
d.Minimize the number and severity of security incidents
4. When documenting a security incident it is recommended to: (Choose two)
a.Wait till the incident is being reviewed to document it
b.Write up the report by hand in a note book
c.move fast to stop the intruder
d.Make sure to include dates and times
5. If you do not have a robust incident response plan, you should what?
a.Set firm plans to update your incident response plan
b.Treat each event as an incident
c.Search the Internet for a plan you can use
d.Panic
6. An what is a system occurrence that could happen regularly or due to hardware or software malfunction, not necessarily caused by a security compromise
a.Bug
b.Event
c.Activity
d.Incident
7. Performing password resets and C2 channel blocking alone is ineffective without also detecting and removing attacker malware from hosts True or Flase?
a.True
b.False
8. It is possible to stop a hacker attack by removing your systems from the network. You have stopped the attack, but you have essentially done a denial of service attack on yourself. In this case you have taken the wrong steps. what prinicple have you violated?
a.Be Accurate
b.Do no harm
c.Keep calm
d.Implement the response plan
9. A successful CSIRT team consists of several key members Pick three
a.Incident Lead
b.Lead from Legal
c.Sales team
d.External partners
e.Departmental managers
10. In NIST SP 800-61 it recommends four caegories of Incident Serverity(Choose two)
a.Very Low
b.Low
c.Very High
d.None
11. Your companies security incident has been mitigated, to prevent it from happening again, you need to understand what actually happened.
a.The best process to investigate the how, what, when, and why of th eincident is what?
b.Implement Azrue Security Center
c.Post-incident review
d.Review the Pre-incident system status
e.Wait for the security consultants to share their report
12. It is NOT recommendedto try to determine who attacked. NIST in their Computer Security Incident Handling Guide states “Identifying and attacking host can be a time-consuming and futile process that can prevent a team from achieving its primary goal". What should be your primary goal?
a.Notify the government
b.Minimizing the business impact
c.Restoring from backups
d.Enabling two factor authentication
13. Two-thirds of survey respondents ranked cybersecurity as a top five risk management priority, but only x% expressed high confidence in their organization’s ability to manage and respond to a cyber event.What percentage of the surveyed companies had high confidence in their ability to response to a cyber event?
a.35
b.19
c.10
d.3
14. Of of five core functions defined in NIST CSF, where would managment of GDPR fall?
a.Respond
b.Protect
c.Detect
d.Identify
