Computer Security Incident Management Quiz

Questions and Answers

What is the purpose of an incident investigation?

To handle emergency events

To create incident tickets

To assemble the incident response team

To determine the circumstances of the incident (correct)

Who is responsible for managing the incident response process?

The help desk

The security incident coordinator (correct)

The incident investigation team

Law enforcement

What is the purpose of a SOAR tool mentioned in the text?

To create incident tickets

To automate the investigation of incidents (correct)

To handle emergency events

To capture event data

Which of the following best defines computer security incident management?

The development of a well-understood and predictable response to damaging events and computer intrusions

What is the primary purpose of incident management?

To develop a well-understood and predictable response to damaging events and computer intrusions

What is the role of the incident coordinator in computer security incident management?

To manage the response to an emergency security incident

Who determines if a problem is resolved to their satisfaction or escalates the ticket?

The ticket owner

What happens after the escalation report is updated to show that the ticket needs further investigation?

The ticket is assigned a second tier resource

Who is responsible for implementing a change control and notifying IT Management when necessary?

The second tier resource

Under what circumstances may an emergency response be initiated?

When the incident coordinator declares it