Mastering Incident Response

Questions and Answers

Which phase of the incident response process involves attempting to remove the effects of the issue from the environment?

Detection and analysis

Recovery

Preparation

Eradication (correct)

What type of controls are based on rules, laws, policies, procedures, and guidelines?

Physical controls

Technical controls

Detective controls

Administrative controls (correct)

In the incident response process, which phase involves restoring devices or data from backup media and rebuilding systems?

Eradication

Preparation

Detection and analysis

Recovery (correct)

Which of the following is not one of the three common identification and authentication methods discussed in the text?

Smart Cards

Which characteristic of biometric factors measures how easy it is to acquire a characteristic?

Collectability

What is EER used as a measure of in biometric systems?

Accuracy

Which of the following is a key concept in information security?

Identification and authentication

What is the purpose of defense in depth in information security?

To prevent attacks by implementing multiple layers of security

Which of the following factors is based on the physical attributes of an individual?

Something you are

What is the purpose of multifactor authentication?

To use multiple authentication factors for enhanced security

What is the basic concept of defense in depth in information security?

Formulating a multilayered strategy to defend assets

Which model consists of the CIA triad?

Confidentiality, integrity, and availability

What is the purpose of identification in information security?

To make a claim about what someone or something is

Which factor of authentication is based on the physical attributes of an individual?

Something you are

What is multifactor authentication?

Using two or more factors for authentication

What is the purpose of mutual authentication in information security?

To verify the identity of the client and the server

What is a man-in-the-middle attack?

An attack where the attacker falsifies authentication only from the client to the server

What is the impact of gaps in security on email traffic?

An increase in spam traffic

Which of the following is NOT one of the characteristics of biometric factors?

Collectability

What is the main purpose of hardware tokens?

To enhance the security of biometric systems

Which of the following is NOT one of the tasks carried out by access controls?

Revoking access

What is the difference between authentication and verification?

Authentication involves testing someone's identity

What is the purpose of EER in biometric systems?

To measure the accuracy of biometric systems

What are more complex hardware tokens often called?

Dongles

What is the term used to describe the ease of acquiring a biometric characteristic?

Collectability

What factors can more sophisticated hardware tokens represent?

All of the above

What is the main purpose of access controls?

To limit access to certain devices

Which phase of the incident response process involves isolating the system and cutting it off from its command-and-control network?

Containment

What is the purpose of the Eradication phase in the incident response process?

To remove the effects of the issue from the environment

During the Recovery phase of the incident response process, what tasks might be involved?

Restoring devices or data from backup media

What type of controls are based on rules, laws, policies, procedures, and guidelines?

Administrative controls

In the incident response process, what phase involves analyzing and detecting the incident?

Detection and analysis

What is the purpose of multifactor authentication?

To prevent unauthorized access to systems

Which phase of the incident response process involves preparing for future incidents?

Post-incident activity

What tasks are involved in the Preparation phase of the incident response process?

Developing incident response plans