SEC815 Incident Response & Digital Forensics: Developing an IR Program Quiz

Questions and Answers

What is the highest maturity level in the CMMC v1.0 framework?

Optimized

Which functional capability involves identifying both IT and Business risks?

Managed

What is the focus of data classification in the maturity levels?

Data management lifecycle

In which maturity level does an organization have formalized asset protection?

Developing

Which maturity level indicates the existence of a subjective-based incident response process that is still immature?

Defined

At which functional capability level are detection tools in place and incidents are classified and categorized?

Managed

What is a common project killer according to the text?

Unclear ROI

Which role is responsible for handling incidents from beginning to end?

Incident Responder

What is a key aspect of Level 1 SOCs according to the text?

Formal IRP plan

Who is responsible for SOC operations?

Chief Information Security Officer

Which type of partners can help prevent frictions according to the text?

Internal & External Partners

What is a characteristic of an Incident Responder role?

Evidence collection and investigation

What is the purpose of categorizing events in a chronological order in an incident report?

To ensure stakeholders can easily follow the sequence of events

Why is it important to use clear and concise language in an incident report?

To ensure stakeholders with different backgrounds can understand the report

What is the main purpose of incorporating indicators of compromise (IOC) into security systems?

To improve threat intelligence capabilities and enhance incident detection

Why should individual names be removed from an incident report?

To protect the identities of those involved in the incident

What is the significance of acknowledging the teams involved in an Incident Response (IR) process?

To show appreciation for their efforts and reinforce teamwork