Why is it important for the IRT to be integrated with legal and HR departments?

To ensure compliance, handle insider threats, and manage employee-related incidents

To handle budget approvals for new hardware

To train employees in programming

In a typical organization, what is the SOC’s main role in relation to the IRT?

Detect and monitor suspicious activities, then escalate to the IRT when needed

Perform legal review of security incidents

Approve funding for IR processes

Handle physical security breaches

During SOC monitoring, an alert is generated. Before assigning it to the IRT, the SOC should first:

Perform incident validation and classification

Delete the log to avoid confusion

In the IR process, “Containment” aims to:

Stop further damage and limit the spread of the incident

Eliminate the attacker’s identity

Report only to external agencies

If the SOC determines that an alert is NOT classified as a security incident, the next action is to:

Document it as “No Security Incident” and close it

Ignore it completely without logging

The “Eradication” phase in Incident Response involves:

Removing malicious components and closing attack vectors

Testing systems for performance improvement

Training employees on phishing awareness

Disclosing incident details to the public

“Incident Disclosure” should follow which best practice?

Disclose only if required by policy, regulation, or legal requirements

Disclose to everyone in the company immediately

Keep it secret at all times to avoid panic

Only disclose to technical staff

Why is “Post-Incident Activities” critical in the IR process?

It ensures lessons are learned, policies are revised, and gaps are closed

It allows the team to skip documentation to save time

It determines which employees to terminate

It allows management to decide if IR is needed in the future

Which of the following BEST describes an IR Policy?

A high-level document defining the scope, objectives, and authority for incident response activities

A detailed step-by-step guide on how to configure security tools

A technical manual for forensic tools

A marketing statement for the organization

Setting up a Computer Forensics Lab should ensure:

Secure, controlled access, proper evidence storage, and analysis tools

High availability of games and multimedia tools

Multiple internet connections for public access

No backup facilities for collected evidence

Which is a key advantage of establishing structured record-keeping facilities for IR?

Ensures legal admissibility of evidence and supports compliance audits

Allows sharing incident data with competitors

Avoids having to use ticketing systems

Helps reduce hardware purchases

Evaluating the current security posture involves:

Measuring current defenses, vulnerabilities, and risks against best practices and threats

Counting the number of employees in the security department

Reviewing only physical security measures

Replacing all hardware every year

Which statement about cyber insurance is TRUE?

It can help cover financial losses, legal costs, and recovery expenses after a cyber incident

It replaces the need for incident response

It prevents all types of cyberattacks

It is only useful for large multinational corporations

Implementing security controls in the context of IR readiness means:

Installing measures such as firewalls, IDS/IPS, access controls, and encryption to reduce incident likelihood and impact

Writing down passwords for easy access

Giving all employees unrestricted network access

Using only physical locks and ignoring digital threats

In a ticketing system, which of the following fields is MOST important for tracking incident status?

Assignee, Priority, and Current Status

Wallpaper Preference of Analyst

Number of Employees in the Company

A SOC analyst detects unusual outbound traffic from a server. They log the event in the ticketing system and mark it as “Unassigned”. What is the correct next step?

Assign the ticket to the IRT or appropriate responder team

Delete the record to avoid confusion

Forward it to marketing for awareness

An incident ticket is created and assigned to the malware analysis team. The ticket contains incomplete information about the affected system. What should happen first?

Update the ticket with complete, verified details before starting

Proceed with investigation without clarifying

Close the ticket due to insufficient data

Assign it back to SOC without explanation

Your ticketing system shows two open tickets for the same phishing attack, reported by different employees. What should you do?

Merge the tickets to avoid duplication but retain all evidence

Delete one ticket to reduce workload

Ignore one report and focus on the first

SOC receives an alert for multiple failed logins from a single IP, followed by a successful login to an admin account. During triage, the SOC confirms the account was accessed from an unknown country. What should be the classification of this incident?

Valid security incident – possible account compromise

Low priority – harmless behavior

During incident analysis, the SOC finds that a suspicious file was flagged by one AV engine out of 50. What should be done next?

Validate further with sandbox and behavioral analysis before confirming

Ignore because detection is low

A SOC analyst during triage finds an alert from IDS. After log correlation and endpoint inspection, it turns out the alert was caused by a legitimate scheduled update. How should this be documented?

As a severe threat for future tracking

csa module 6-1

Professional Development

•

35 Qs

Similar activities

1-30 Quiz

Professional Development

•

30 Qs

Web Dev MasterClass Day1

6th Grade - Professional Development

•

34 Qs

Part II- Practice Study Guide (ITF+)

Professional Development

•

30 Qs

Trắc nghiệm an toàn thông tin mạng

Professional Development

•

30 Qs

E12

Professional Development

•

30 Qs

Đề tham khảo Tin học - 1

Professional Development

•

30 Qs

City and Guilds Award in Mobile and Operating System

12th Grade - Professional Development

•

30 Qs

Computer Science (The Big Quiz)

Professional Development

•

30 Qs

csa module 6-1

Quiz

•

Computers

•

Professional Development

•

Practice Problem

•

Easy

Leynal L

Used 3+ times

FREE Resource

A group of penetration testers

A set of automated security tools

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

30 questions

Enterprise Resource Planning

Quiz

•

University - Professi...

40 questions

HTML CSS JS Teacher Assessment

Quiz

•

Professional Development

35 questions

Unit 5 CH 3 and 4

Quiz

•

Professional Development

30 questions

CompTIA ITF+ Final Exam

Quiz

•

Professional Development

30 questions

Minecraft Education Edition

Quiz

•

Professional Development

39 questions

CITL3 Review

Quiz

•

Professional Development

30 questions

Google Sheets Toolbar Quiz

Quiz

•

7th Grade - Professio...

40 questions

C&SE PRE-KNOWLEDGE SURVEY (A+ 1102-CORE 2)

Quiz

•

University - Professi...

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

5th Grade

Discover more resources for Computers

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

25 questions

Christmas Movies

Quiz

•

Professional Development

20 questions

Christmas Trivia

Quiz

•

Professional Development

15 questions

Fun Holiday Trivia

Quiz

•

Professional Development

25 questions

Name That Tune - Christmas

Quiz

•

Professional Development

29 questions

Christmas Song Emoji Pictionary

Quiz

•

Professional Development

9 questions

Holiday Movie Trivia

Lesson

•

Professional Development

34 questions

Winter Trivia

Quiz

•

Professional Development

csa module 6-1

35 questions

Which of the following best defines Incident Response?

Which of the following is NOT a typical member of an Incident Response Team (IRT)?

In most organizations, the IRT reports to which department?

Which of these is a key responsibility of the IRT during the “Containment” phase?

The IRT plays a crucial role in __________.

If an IRT is placed too low in the organizational hierarchy, what is a potential risk?

Which of the following best describes a Computer Security Incident Response Team (CSIRT)?

Why is it important for the IRT to be integrated with legal and HR departments?

In a typical organization, what is the SOC’s main role in relation to the IRT?

Which of the following is the FIRST step in the Incident Response process?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers