4_2_2 Section 4 – Operations and Incident Response - 4.2 – Incident Response - Incident Response Planning

Questions and Answers

What is the primary focus of security incident planning?

• Analyzing past incidents to identify root causes
• Preparing for potential incidents before they occur (correct)
• Responding to incidents after they occur
• Developing emergency response teams

What is the purpose of performing exercises in security incident planning?

• To test the organization's response to an incident (correct)
• To identify vulnerabilities in the production network
• To develop a budget for incident response
• To train employees on new security protocols

How often should security exercises be conducted?

• Monthly, to ensure constant readiness
• At least twice a year, to maintain a state of preparedness (correct)
• Only once a year
• Only when a new security threat is identified

What is a key consideration when conducting security exercises?

Minimizing the impact on production networks (B)

What is a characteristic of security exercises?

They have a narrow focus and are completed within a specified timeframe (A)

What is the purpose of reviewing documentation after a security exercise?

To identify areas for improvement in the incident response plan (C)

What is the main challenge associated with full-scale security incident drills?

Logistical issues and process-related problems (D)

What is the purpose of a tabletop exercise in security incident response?

To identify and resolve process and procedure problems (A)

What is the primary difference between a tabletop exercise and a walkthrough?

The scope of processes and procedures tested (C)

What is the purpose of ongoing simulations in security incident response?

To identify vulnerabilities in the incident response plan (C)

What is an example of an ongoing simulation used in security incident response?

A phishing attack (C)

What is the outcome of a phishing simulation exercise?

A list of users who provided credentials (D)

What is the benefit of using a walkthrough in security incident response?

It provides a more comprehensive test of processes and procedures (C)

What is the primary advantage of a tabletop exercise over a full-scale drill?

It is less costly and time-consuming (D)

What is the goal of security incident response training?

To educate users on security best practices (B)

Why is it important for an IT department to coordinate with other departments in incident response?

To ensure a comprehensive response to an incident (C)

Who are the stakeholders in an organization that are affected when something is not working properly?

Customers of IT who have applications, data, and other technical resources (C)

When should IT departments involve stakeholders in the planning process for security events?

During the planning process, prior to the event (C)

What is the main purpose of having a good line of communication during a security event?

To mitigate problems during high-stress events (D)

Who should be involved in the planning process for a security event, in addition to the IT department?

Human resources, PR, and legal teams (D)

What type of security incident requires a comprehensive disaster recovery plan?

Disaster (D)

What is an example of a human-caused disaster that could affect a data center?

Accidentally cutting through a water line (A)

What is continuity of operations planning (COOP) used for?

To find alternative ways to perform job functions during a disaster (D)

Why is it important to have a comprehensive disaster recovery plan?

To ensure that uptime and availability are maintained (A)

What is a key aspect of maintaining a good relationship with stakeholders?

Having ongoing communication with them (B)

Who might be contacted during a security event, in addition to internal teams?

External resources, such as the owner of the data or federal authorities (C)

What would be used instead of automated transaction approvals in the event of a security incident?

Paper receipts and phone calls (A)

What is the primary role of an Incident Response Team?

To respond to and resolve security incidents (C)

What is the purpose of having a backup of data in an organization?

To ensure that data is not lost or deleted (A)

What determines the order of data restoration in an organization?

The priority or criticality of the data (B)

What is the purpose of the Incident Response Team's analysis?

To determine the response to the security incident (B)

Why is it important to know where data is located in an organization?

To ensure that data is not lost or deleted (A)

What is the purpose of regulatory compliance in data storage?

To ensure that data is stored for a certain amount of time (D)

What is the role of the Incident Response Team in an organization?

To respond to security incidents (C)

What is the purpose of having different life cycles of data storage?

To ensure that data is stored in different locations (B)

Why is it important to have a clear understanding of what applications are used in an organization?

To ensure that data is restored correctly (A)