CyberSecurity Training-Quiz

Preparation

Identification

Containment

Eradication

Identify and confirm the incident by analyzing logs and alerts.

Ignore the traffic as it might be a false alarm.

Immediately shut down all network operations.

Contact the internet service provider to block the traffic.

Yes, because it indicates a potential account takeover and requires immediate containment.

No, because it might be a false alarm and can be ignored.

Yes, because it is a common occurrence and does not require immediate action.

No, because it is not related to cybersecurity threats.

Shut down the affected systems immediately.

Disconnect the affected systems from the network.

Wait for instructions from higher authorities.

Attempt to decrypt the files themselves.

Isolate affected systems and update antivirus software.

Ignore the outbreak and continue normal operations.

Unplug all network cables immediately.

Contact the media to report the outbreak.

Notify the IT department and change all passwords immediately.

Ignore the attack and continue working.

Share credentials with the attacker to monitor their actions.

Wait for the attacker to make the next move.

Investigate the source of access and revoke permissions

Ignore the access as it might be a false alarm

Immediately shut down the server

Notify all users about the breach

Reimage infected systems and update security patches to prevent reinfection.

Document the incident and lessons learned.

Ignore the incident and move on.

Notify the media about the incident.

Patch the vulnerability, enhance monitoring, and update access controls.

Ignore the vulnerability and hope it doesn't happen again.

Only update access controls without patching.

Enhance monitoring but leave the vulnerability unpatched.

Notify affected customers and authorities immediately.

Ignore the breach and continue operations.

Delete all customer records to prevent further issues.

Wait for further instructions from management.