Computer Security Incident Management Quiz

Questions and Answers

What is the purpose of an incident investigation?

• To handle emergency events
• To create incident tickets
• To assemble the incident response team
• To determine the circumstances of the incident (correct)

Who is responsible for managing the incident response process?

• The help desk
• The security incident coordinator (correct)
• The incident investigation team
• Law enforcement

What is the purpose of a SOAR tool mentioned in the text?

• To create incident tickets
• To automate the investigation of incidents (correct)
• To handle emergency events
• To capture event data

Which of the following best defines computer security incident management?

The development of a well-understood and predictable response to damaging events and computer intrusions (C)

What is the primary purpose of incident management?

To develop a well-understood and predictable response to damaging events and computer intrusions (B)

What is the role of the incident coordinator in computer security incident management?

To manage the response to an emergency security incident (A)

Who determines if a problem is resolved to their satisfaction or escalates the ticket?

The ticket owner (C)

What happens after the escalation report is updated to show that the ticket needs further investigation?

The ticket is assigned a second tier resource (A)

Who is responsible for implementing a change control and notifying IT Management when necessary?

The second tier resource (D)

Under what circumstances may an emergency response be initiated?

When the incident coordinator declares it (D)

Flashcards are hidden until you start studying