Givon, a skilled technician with extensive knowledge of a company's network, is reviewing a recovery procedure in detail. What is the most likely reason why Givon is doing this?

He is walking through a testing exercise to see if there are any errors or false assumptions.

He is walking through a testing exercise to confirm there are no omissions or gaps.

He is walking through a testing exercise to confirm failover processes are fully spelled out.

He is walking through a testing exercise to confirm the specified simulation will be successful.

He is walking through a testing exercise just before he physically implements it to prevent issues.

An organization is researching a series of documents that spell out the process that should be used to define policies and procedures that relate to security. What is the organization most likely trying to accomplish?

They want to adopt a security framework.

They are getting ready for a security audit.

They failed an audit and are addressing deficiencies.

They want government contracts but need to comply with certain security requirements.

A series of security students are analyzing entries in a knowledge base of attacker techniques used against systems. They would like to replicate some of the attacks, but the database makes no reference to the tools used during the attacks. Which of the following statements is most likely to be true?

The database focuses on how attackers interact with systems and not on attack tools.

The students need to access the Diamond Model of Intrusion Analysis database instead.

The information is available, but the students need privileged credentials to access it.

The intention is to help protect against attacks, not provide information to malicious actors.

Which of the following are true statements regarding the MITRE ATT&CK and the Diamond Model of Intrusion Analysis frameworks? Select two.

Victims and capabilities are elements associated with the Diamond Model of Intrusion Analysis.

The Diamond Model of Intrusion Analysis uses a variety of interconnected elements.

Adversary and infrastructure are elements associated with the MITRE ATT&CK framework.

MITRE ATT&CK pieces together information to understand the threat in its full context.

MITRE ATT&CK focuses on network intrusion events but not the tools used.

A software tester is using a system in a computer lab. The computer lab has internet access but is not connected to the corporate network. The tester clicks on a link in an email that renders the computer inoperable. The tester then sits idle for 30 minutes waiting for the IT staff to replace the computer. What preventive measure should have been put in place?

None, computers can be quickly replaced.

The computer should have been clustered.

A backup computer next to the original.

More comprehensive technology capacity planning.

A company is in the process of transitioning from having physical on-premises servers to the cloud. A particular database server is clustered and has both a public cluster connection and a private cluster connection. Which of the following best explains these connections?

The private connection allows the servers in a cluster to communicate with each other.

The private connection is used by technicians and administrators for remote management.

The private connection is for internal users and the public connection is for external users.

To ensure all traffic flowing through the private connection is protected with encryption.

A storage company sells large data storage systems each containing thousands of SSDs. They calculated the MTBF rating of the SSDs to be about 2 million hours. What does this mean?

It means 10,000 SSDs running for 1000 hours can expect to see about 5 failures.

It means most SSDs are expected to fail after about 2 million hours of operation.

It means that if 2 million SSDs are running, one SSD is expected to fail each hour.

It means that after 2 million hours of operation, only one drive is expected to fail.

A company decides to use an online UPS instead of an offline UPS for a particular set of systems. Although they both essentially perform the same fundamental function, why would they opt to use an online UPS?

The online UPS protects from spikes.

The online UPS is more energy efficient.

The offline UPS is easier to breach.

The offline UPS is more expensive.

A small business has decided to use the services of a small and recently established cloud provider. Unfortunately, the cloud provider suffers a severe breach that corrupts their data. If you had been hired as a consultant beforehand, which of the following recommendations would you have made?

Spread cloud computing across multiple cloud providers.

Do not use small and recently established cloud providers.

Ensure the cloud provider uses RAID level 1 or RAID level 5.

Keep a backup of the data onsite and another copy offsite.

Which of the following are true statements regarding backups and replication? Select two.

A backup uses snapshots and replication uses journaling.

Backups require fewer financial resources than replication.

An individual stores all passwords in cleartext format in the notes area of a free online email system and in a piece of paper in their wallet. They also use a weak password to access their email. The individual loses their wallet at a theme park, and a system at work ends up being compromised as a result. An RCA is likely to yield which of the following at the top of the list?

The individual stored passwords on a piece of paper.

The individual lost their wallet at a theme park.

The individual uses a weak password to access email.

The individual stored passwords in cleartext format.

The individual needs to attend security training.

Zabrina is the team leader for the group responsible for managing logs when a security incident occurs. They have a relatively small budget so a significant portion of their activity lacks automation. Which of the following is most likely to represent the most significant challenge?

Combining logs generated using different formats.

The amount of data that needs to be analyzed.

The large number of devices that generate logs.

Correlating the time stamps between all the devices.

A judge sternly warns a prosecutor and a defense attorney, both of whom are suspected of being a bit deviant, to not violate the e-discovery protocols that have been established. What message is the judge most likely trying to convey to the attorneys?

To ensure incriminating or exonerating electronic documents are not intentionally suppressed.

To ensure any electronic evidence obtained by either of the parties is not intentionally altered.

When preparing for trial, both the prosecution and the defense engage in what is called discovery. This is the formal process of exchanging information between the two parties about witnesses and evidence that will be presented at a trial. E-discovery is the electronic counterpart of manually sifting through documents in discovery.

To ensure the order of volatility as it applies to electronic data is strictly followed.

To ensure digital forensics tools used to discover electronic data are properly calibrated.

A tech-savvy banker is suspected of money laundering using an unauthorized app. When the banker is called into the branch manager's office, the banker is immediately locked out of the office. A digital forensics incident response team goes into the office, documents the surroundings, and takes custody of the computer as well as other devices. What is the response team doing?

They are documenting the chain of custody.

They are preparing to generate a report.

A digital forensics incident response team seizes a series of computers. Which of the following represents the order in which the specified artifact should be preserved? Select two.

CPU, RAM, temporary files, hard drive, network topology, archival media

Registers, ARP cache, temporary files, hard drive, remote logging data, physical configuration

Hard drive, RAM, CPU, archival media, remote monitoring data, temporary files

Routing tables, registers, CPU, hard drive, remote logging data, physical configuration

Mod 13 Incident Preparation and Investigation

Authored by willie reynolds

Instructional Technology

Vocational training

Mod 13 Incident Preparation and Investigation

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

34 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company has been involved in a three-month project to ensure they do not suffer downtime due to threats that could hamper their operations. They are now ready to test some of the elements in the project. Which of the following most likely represents what the company is doing?

They are implementing mission-essential backup functions to ensure high availability.

They are implementing and testing systems that provide redundancy.

They are in the process of developing a BCP.

They are verifying their hot site availability.

Answer explanation

The company is developing a Business Continuity Plan (BCP) to ensure operations can continue during disruptions. Testing elements of the project aligns with BCP development, making this the most appropriate choice.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Three members of a larger task force at an enterprise are responsible for ensuring a variety of technologies, diverse vendors, and encryption capabilities are part of the company's networking infrastructure. Which of the following is most likely to be a true statement regarding their activities?

This is part of a plan to ensure their operations are not disrupted if a major disaster occurs.

To ensure their infrastructure is scalable and able to meet growth demands of the future.

They are locking down their network to make it more difficult for threat actors to break in.

They are exploring different cloud technology options that encompass the stated requirements.

Answer explanation

The correct choice highlights that the task force's activities are aimed at disaster recovery, ensuring operations remain uninterrupted during major incidents by integrating diverse technologies and encryption.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which of the following events could hamper a mission-essential function? Select two.

The antenna used to broadcast a rocket ship launch on TV takes a tumble.

An attacker compromises the email server at an academic institution.

The reservation system for an airline is affected by ransomware.

A cyberattack on a SCADA system shuts down a water treatment plant.

The tracking system for a package delivery company experiences a failover event.

Answer explanation

The ransomware affecting the airline's reservation system and the cyberattack on the SCADA system disrupting the water treatment plant are critical events that can severely impact mission-essential functions.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A data center suffered damage due to a natural disaster. The IT staff is in the process of restoring service, but they need to follow a specific series of steps due to critical dependencies. The content of which document are they most likely to follow?

BIA

BCP

DRP

COOP

Answer explanation

The IT staff will follow the Disaster Recovery Plan (DRP) to restore services after a natural disaster, as it outlines the specific steps and dependencies necessary for recovery.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the process of responding to a security event, Fram identifies the cause of the event and temporarily disconnects the system that may be causing damage from the network. What action did Fram take in terms of response?

Containment

Eradication

Quarantine

Isolation

Answer explanation

Fram's action of disconnecting the system from the network to prevent further damage is best described as 'Containment'. 'Eradication' refers to removing the threat entirely, which is not what was done here.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

An organization suffers what appears to be a security breach. However, upon further analysis, they quickly determine it is not a significant event and no further action is taken. Which of the following most likely allowed them to make this determination?

Incident classification

Triage process

Security monitoring tools

Incident response plan

Answer explanation

Incident classification and the triage process allowed the organization to assess the severity of the security breach quickly, determining it was not significant and requiring no further action.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What should an incident response plan provide?

The lessons learned documented from previous incidents.

The collective experience of the incident response team.

The definitions spelled out in the incident response plan.

Their ability to contain the threat quickly and automatically.

Answer explanation

An incident response plan should clearly define roles, procedures, and responsibilities. This ensures that all team members understand their tasks during an incident, making the definitions in the plan crucial for effective response.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Mod 13 Incident Preparation and Investigation

A company has been involved in a three-month project to ensure they do not suffer downtime due to threats that could hamper their operations. They are now ready to test some of the elements in the project. Which of the following most likely represents what the company is doing?

The company is developing a Business Continuity Plan (BCP) to ensure operations can continue during disruptions. Testing elements of the project aligns with BCP development, making this the most appropriate choice.

Three members of a larger task force at an enterprise are responsible for ensuring a variety of technologies, diverse vendors, and encryption capabilities are part of the company's networking infrastructure. Which of the following is most likely to be a true statement regarding their activities?

The correct choice highlights that the task force's activities are aimed at disaster recovery, ensuring operations remain uninterrupted during major incidents by integrating diverse technologies and encryption.

Which of the following events could hamper a mission-essential function? Select two.

The ransomware affecting the airline's reservation system and the cyberattack on the SCADA system disrupting the water treatment plant are critical events that can severely impact mission-essential functions.

A data center suffered damage due to a natural disaster. The IT staff is in the process of restoring service, but they need to follow a specific series of steps due to critical dependencies. The content of which document are they most likely to follow?

The IT staff will follow the Disaster Recovery Plan (DRP) to restore services after a natural disaster, as it outlines the specific steps and dependencies necessary for recovery.

In the process of responding to a security event, Fram identifies the cause of the event and temporarily disconnects the system that may be causing damage from the network. What action did Fram take in terms of response?

Fram's action of disconnecting the system from the network to prevent further damage is best described as 'Containment'. 'Eradication' refers to removing the threat entirely, which is not what was done here.

An organization suffers what appears to be a security breach. However, upon further analysis, they quickly determine it is not a significant event and no further action is taken. Which of the following most likely allowed them to make this determination?

Incident classification and the triage process allowed the organization to assess the severity of the security breach quickly, determining it was not significant and requiring no further action.

What should an incident response plan provide?

An incident response plan should clearly define roles, procedures, and responsibilities. This ensures that all team members understand their tasks during an incident, making the definitions in the plan crucial for effective response.

Givon, a skilled technician with extensive knowledge of a company's network, is reviewing a recovery procedure in detail. What is the most likely reason why Givon is doing this?

Givon is reviewing the recovery procedure to identify any errors or false assumptions, as well as to ensure there are no omissions or gaps. This thorough review is crucial for a successful recovery process.

A company has a central office and two satellite branches. The security team simultaneously renders the DNS servers at the three satellite sites inoperable. The goal is to test how effective the same incident response will be at the branch sites. Which term best describes this exercise?

The exercise tests the incident response effectiveness at multiple sites simultaneously, which is best described as 'Parallel processing'. This term indicates that the same action is being executed concurrently across different locations.

An organization is researching a series of documents that spell out the process that should be used to define policies and procedures that relate to security. What is the organization most likely trying to accomplish?

The organization is likely looking to adopt a security framework, as they are researching documents that outline processes for defining security policies and procedures, which is a key step in establishing such a framework.

Access all questions and much more by creating a free account

Popular Resources on Wayground