INCIDENCE RESPONSE PROCESS
What is the first step in the incident response process?
CyberSecurity Training
Flashcard
•
Information Technology (IT)
•
Professional Development
•
Hard
Christopher Lynch
FREE Resource
Student preview
40 questions
Show all answers
1.
FLASHCARD QUESTION
Front
Back
Identify and confirm the incident by analyzing logs and alerts.
2.
FLASHCARD QUESTION
Front
INCIDENCE RESPONSE PROCESS
Scenario: A company detects unusual outbound network traffic that could indicate data exfiltration.
Question: What is the first step in the incident response proce
Back
Answer: Identify and confirm the incident by analyzing logs and alerts
3.
FLASHCARD QUESTION
Front
INCIDENCE RESPONSE PROCESS
Scenario: Employees report receiving emails from a compromised internal account requesting sensitive data.
Question: Should this be escalated immediately? Why or why not?
Back
Answer: Yes, because it indicates a potential account takeover and requires immediate containment.
4.
FLASHCARD QUESTION
Front
INCIDENCE RESPONSE PROCESS
Scenario: A ransomware infection has locked multiple workstations. The IT team is unsure whether to shut down affected systems.
Question: What should the team do first—shut down systems or isolate them?
Back
Answer: Isolate them from the network to prevent further spread before taking further action.
5.
FLASHCARD QUESTION
Front
Real World Reporting
The Twitter Bitcoin Scam (2020)
📌 Incident: Attackers gained access to Twitter’s internal tools via a phishing attack on employees, leading to a large-scale scam.
Back
Identify: Weak internal security protocols for employee access.
Protect: Lack of multi-factor authentication on internal admin tools.
Detect: Attack detected only after fraudulent tweets went viral.
Respond: Twitter locked down affected accounts and restricted employee access.
Recover: Twitter improved security policies and employee training.
6.
FLASHCARD QUESTION
Front
INCIDENCE RESPONSE PROCESS
Containment & Mitigation
Scenario: A malware outbreak spreads across an organization’s network. IT blocks external traffic from affected machines.
Question: What additional containment steps should be taken?
Back
Answer: Disable compromised accounts, segment the network, and block malicious IP addresses.
7.
FLASHCARD QUESTION
Front
INCIDENCE RESPONSE PROCESS
Containment and Mitigation
Scenario: A phishing attack compromised employee credentials. The attacker is attempting unauthorized access.
Question: What immediate actions should be taken?
Back
Answer: Force password resets, revoke unauthorized sessions, and monitor for further suspicious activity.
Create a free account and access millions of resources
Create resources
Host any resource
Get auto-graded reports
Microsoft
Apple
Others
Similar Resources on Quizizz
32 questions
A+ 1101 Day 7 Understanding Virtualization and Cloud Concepts
Flashcard
•
Professional Development
30 questions
A+ Core2 Day5a manage and configure basic security Windows
Flashcard
•
Professional Development
30 questions
Safety and Security Terms
Flashcard
•
University
36 questions
M2.3 Expressing Preferences - Vocabulary
Flashcard
•
University - Professi...
35 questions
Ethical Hacking & Networking Flashcard
Flashcard
•
KG - University
30 questions
30 Fault Scenarios for Classification
Flashcard
•
KG - University
40 questions
Cybersecurity Essential Training Final Activity
Flashcard
•
KG - University
34 questions
BADM Exam 2
Flashcard
•
University
Popular Resources on Quizizz
15 questions
Multiplication Facts
Quiz
•
4th Grade
20 questions
Math Review - Grade 6
Quiz
•
6th Grade
20 questions
math review
Quiz
•
4th Grade
5 questions
capitalization in sentences
Quiz
•
5th - 8th Grade
10 questions
Juneteenth History and Significance
Interactive video
•
5th - 8th Grade
15 questions
Adding and Subtracting Fractions
Quiz
•
5th Grade
10 questions
R2H Day One Internship Expectation Review Guidelines
Quiz
•
Professional Development
12 questions
Dividing Fractions
Quiz
•
6th Grade