Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
Ravila, an unused CISO in a healthcare organization, is reviewing occurrence reaction records from the past several long time. Ravila has decided that minor incidents were overseen with as well much meticulousness and complexity, whereas major episodes weren’t dealt with altogether sufficient. What could be the cause of this?
Correct
This organization has an occurrence response to the plan that has one way of reaction for incidents of all severities. The result is this: occurrences of high seriousness are treated as well gently, and incidents of moo seriousness are treated with too much meticulousness.
Incorrect
This organization has an occurrence response to the plan that has one way of reaction for incidents of all severities. The result is this: occurrences of high seriousness are treated as well gently, and incidents of moo seriousness are treated with too much meticulousness.
-
Question 2 of 10
2. Question
Which of the taking after isn’t a substantial protest for using occurrence reaction arrange “templates” to serve as an organization’s security occurrence reaction arrange?
Correct
This complaint, that the formats will lack the names of particular directions that the organization is committed to complying with, is the weakest protest to the utilize of formats and is, therefore, the proper reply.
Incorrect
This complaint, that the formats will lack the names of particular directions that the organization is committed to complying with, is the weakest protest to the utilize of formats and is, therefore, the proper reply.
-
Question 3 of 10
3. Question
Why would an organization consider developing alerts on its security data and event management framework, as restricted to utilizing its existing everyday log audit strategy?
Correct
The most excellent reason for creating cautions in security data and occasion management system (SIEM) is the near-instantaneous alerting of staff of a security matter requiring examination and potential remediation. Day by day log survey is time-consuming and infeasible in all but the smallest organizations due to the tall volume of log data that is created in data frameworks.
Incorrect
The most excellent reason for creating cautions in security data and occasion management system (SIEM) is the near-instantaneous alerting of staff of a security matter requiring examination and potential remediation. Day by day log survey is time-consuming and infeasible in all but the smallest organizations due to the tall volume of log data that is created in data frameworks.
-
Question 4 of 10
4. Question
The reason for recording the steps taken during the reaction to a real security incident includes all of the taking after but which one?
Correct
Archiving the steps taken after during response to a genuine occurrence likely does little to assist the organization to understand whether it really recouped from the incident. The key workforce within the organization will know whether recuperation was total and successful and whether reaction steps were recorded or not.
Incorrect
Archiving the steps taken after during response to a genuine occurrence likely does little to assist the organization to understand whether it really recouped from the incident. The key workforce within the organization will know whether recuperation was total and successful and whether reaction steps were recorded or not.
-
Question 5 of 10
5. Question
Whereas reacting to a security occurrence, the person acting as the occurrence commander is incapable of notify a specific official in an escalation procedure. What ought the occurrence responder do next?
Correct
The leading choice among those available here is for the occurrence commander to inform the next the most elevated official within the acceleration chain. This is not a perfect circumstance, but in a security incident the reaction does not continuously continue as anticipated.
Incorrect
The leading choice among those available here is for the occurrence commander to inform the next the most elevated official within the acceleration chain. This is not a perfect circumstance, but in a security incident the reaction does not continuously continue as anticipated.
-
Question 6 of 10
6. Question
Why ought to occurrence responders take an interest in incident reaction tabletop works out?
Correct
Cooperation in occurrence reaction tabletop exercises makes a difference occurrence responders become more recognizable with occurrence response procedures. Talking through a simulated incident and considering almost every step in the incident reaction makes a difference responders better understand each step—how to perform it and why it is required.
Incorrect
Cooperation in occurrence reaction tabletop exercises makes a difference occurrence responders become more recognizable with occurrence response procedures. Talking through a simulated incident and considering almost every step in the incident reaction makes a difference responders better understand each step—how to perform it and why it is required.
-
Question 7 of 10
7. Question
The reason for a post-incident audit of a security incident incorporates all of the taking after but which one?
Correct
Assurance of the inspiration of an attacker isn’t one of the targets of a review of the reaction to a security occurrence.
Incorrect
Assurance of the inspiration of an attacker isn’t one of the targets of a review of the reaction to a security occurrence.
-
Question 8 of 10
8. Question
Which term in security occurrence response represents the ultimate movement that takes put during a reaction to an occurrence?
Correct
A post-incident audit, some of the time casually called an after death, maybe an audit of the entire incident aiming to assist commentators to understand the incident’s cause, the part of preventive and detective capabilities, and the viability of incident responders. The reason for the after- action survey is to distinguish enhancements in defenses and reaction strategies to diminish the probability and/or effect of a comparable future incident and to guarantee a more successful response should one happen?
Incorrect
A post-incident audit, some of the time casually called an after death, maybe an audit of the entire incident aiming to assist commentators to understand the incident’s cause, the part of preventive and detective capabilities, and the viability of incident responders. The reason for the after- action survey is to distinguish enhancements in defenses and reaction strategies to diminish the probability and/or effect of a comparable future incident and to guarantee a more successful response should one happen?
-
Question 9 of 10
9. Question
Which of the taking after criteria would likely not be used to classify a security occurrence?
Correct
The area of a framework is the slightest likely factor to be utilized to classify a security incident unless the occurrence constitutes a breach of privacy of people, in which case there may be appropriate laws such as GDPR or CCPA. Further, one impact of the area of a framework can be the selection of staff to respond to an occurrence, but usually not a portion of incident classification.
Incorrect
The area of a framework is the slightest likely factor to be utilized to classify a security incident unless the occurrence constitutes a breach of privacy of people, in which case there may be appropriate laws such as GDPR or CCPA. Further, one impact of the area of a framework can be the selection of staff to respond to an occurrence, but usually not a portion of incident classification.
-
Question 10 of 10
10. Question
An occurrence reaction group is reacting to a situation in which a gatecrasher has successfully logged on to a framework utilizing stolen nonprivileged credentials. Which steps are most viable at containing this occurrence?
Correct
Locking the compromised client account and blocking gets to from the intruder’s originating IP addresses are the finest accessible steps here. Other steps ought to moreover be taken, including killing all forms running beneath the compromised client account.
Incorrect
Locking the compromised client account and blocking gets to from the intruder’s originating IP addresses are the finest accessible steps here. Other steps ought to moreover be taken, including killing all forms running beneath the compromised client account.