Information Security Session # 11

Welcome to your Information Security Session # 11

Name

What happens in the post-incident activity phase?

a) Threat actors are identified

b) Systems are scanned again

c) Lessons are learned and playbooks are updated

d) A ransom is paid

None

What is an Indicator of Compromise (IoC)?

A) Backup data

B) A policy violation

C) Evidence that a system has been breached

D) A performance metric

None

What’s a key output of a “lessons learned” meeting?

a) Server logs

b) New sales leads

c) Improvement recommendations

d) Vendor contracts

None

What should be done after restoring systems in the recovery phase?

a) Turn off the firewall

b) Resume operations without checking

c) Monitor systems for signs of recurrence

d) Delete all logs

None

A proper incident response plan should include:

a) Vendor selection process

b) Employee vacation tracking

c) Roles, responsibilities, and procedures

d) Hardware inventory

None

What is the most overlooked but critical phase in the incident response lifecycle?

a) Recovery

b) Detection

c) Post-Incident Activity

d) Preparation

None

Which phase involves identifying the root cause and removing the threat completely?

a) Containment

b) Detection

c) Eradication

d) Recovery

None

Which one is NOT a goal of the incident response process?

a) Eliminate all future threats

b) Contain the incident

c) Reduce recovery time

d) Restore operations quickly

None

Which tool is commonly used in the detection phase?

A) Load balancer

B) Security Information and Event Management (SIEM)

C) Project management tool

D) ERP system

None

10.

What is the primary goal of security incident management?

A) Prevent all cyber threats

B) Buy new cybersecurity tools

C) Minimize damage and reduce recovery time and cost

D) Accountability the responsible staff

None

11.

Why are backups important during incident response?

a) They slow down malware

b) They make systems faster

c) They allow system restoration if data is lost

d) They are not necessary if firewalls are strong

None

12.

What is the goal of containment during incident response?

A) Prevent recurrence

B) Notify law enforcement

C) Stop the spread of the incident

D) Patch the system

None

13.

What does the Preparation phase primarily focus on?

A) Removing threats

B) Detecting Intrusions

C) Establishing response plans and teams

D) Rebuilding damaged systems

None

14.

What should be validated during the recovery phase?

a) Marketing campaign results

b) System integrity and normal operations

c) Employee satisfaction

d) Application user experience

None

15.

Which is the first phase in the NIST Incident Response Lifecycle?

A) Detection & Analysis

B) Containment

C) Preparation

D) Recovery

None

16.

Which of the following best defines a cybersecurity impact assessment?

a) Planning future attacks

b) Estimating the cost of new tools

c) Evaluating the effect of a security incident on the organization

d) Creating backups

None

17.

What is the role of an Incident Response Team (IRT)?

a) Perform software development

b) Write compliance documents

c) Lead the response to security incidents

d) Block user accounts

None

Thank you for the Quiz, Kindly check your email for the result.
Good Luck!

Information Security Session # 11

Information Security Session # 11

Cybrone Solutions