Beruflich Dokumente
Kultur Dokumente
Escalation time periods, as a function of criticality, are often represented in the form of
what type of agreement?
Select one:
a. MOU
b. SLA
c. MOA
d. ISA
Question 2
Correct
1.00 points out of 1.00
Flag question
Question text
Cyber event false alarms and non-security alerts could include which of the following?
Select one:
a. Human or operational errors
b. Detection
c. Testing
Question 3
Incorrect
0.00 points out of 1.00
Flag question
Question text
Agentless SIEM tools hold the following advantage over Agent-based SIEM tools:
Select one:
a. The lack of filtering and aggregation at the individual server level causes larger
Question 4
Correct
1.00 points out of 1.00
Flag question
Question text
In regard to IT system components, event monitoring and detection are applied to
networks, operating systems, and ________.
Select one:
a. Applications
b. Computer operators
c. Browsers
d. Search engines
Question 5
Incorrect
0.00 points out of 1.00
Flag question
Question text
Which of the following is NOT involved with a security incident's overall effect?
Select one:
a. Current technical effect
Question 6
Incorrect
0.00 points out of 1.00
Flag question
Question text
Which law or regulation requires financial institutions to protect their customers'
information via cyber log management?
Select one:
a. GLBA
b. FISMA
c. HIPPA
d. PCI
Question 7
Correct
1.00 points out of 1.00
Flag question
Question text
Types of cyber event false alarms and non-security alerts would include which of the
following?
Select one:
a. Inaccurate reports
b. Detection
Question 8
Incorrect
0.00 points out of 1.00
Flag question
Question text
Profiling systems involves _________.
Select one:
a. Packet sniffing
b. File integrity checksums
c. Reviewing logs
Question 9
Correct
1.00 points out of 1.00
Flag question
Question text
What is an incident precursor?
Select one:
a. A sign that an incident may occur in the future
Question 10
Correct
1.00 points out of 1.00
Flag question
Question text
To what components of an overall IT system are event monitoring and detection
applied? (Choose the BEST answer)
Select one:
a. Server and client operating systems
Question 11
Correct
1.00 points out of 1.00
Flag question
Question text
What are the two types of cyber event log management tools?
Select one:
a. Network and operating system
(SIEM)
Question 12
Incorrect
0.00 points out of 1.00
Flag question
Question text
In determining scope and characteristics, the cyber incident response team should
examine logs and alerts, as well as look for ________.
Select one:
a. The intruder who initiated the event
d. Anything suspicious
Question 13
Correct
1.00 points out of 1.00
Flag question
Question text
Which of the following activities is NOT part of the investigation activities for incident
analysis?
Select one:
a. Synchronizing server clocks
Question 14
Correct
1.00 points out of 1.00
Flag question
Question text
"Criticality" is considered ________ in a system that is mission critical to multiple
agencies or critical infrastructure.
Select one:
a. Medium
b. Low
c. Critical
d. High
Question 15
Correct
1.00 points out of 1.00
Flag question
Question text
Initial incident data should be obtained by the organization's ________ and ________.
Select one:
a. IT and MIS
b. Director and VP
Question 16
Correct
1.00 points out of 1.00
Flag question
Question text
Regarding a suspected incident, information should be collected about the reporter
(caller), the event(s), the ________, and the systems involved.
Select one:
a. Security Information and Event Management (SIEM) records
b. Risk scenarios
c. Diagnostic matrix
Question 17
Correct
1.00 points out of 1.00
Flag question
Question text
Event ________ is used to relate events reported by different subsystems and possibly
occurring at different times and on different systems.
Select one:
a. Discovery
b. Correlation
c. Containment
d. Mitigation
Question 18
Correct
1.00 points out of 1.00
Flag question
Question text
Which of the following are primary sources for cyber logs and alerts?
Select one:
a. Intrusion detection devices, operating systems, application programs, anti-malware
d. Accounting software
Question 19
Correct
1.00 points out of 1.00
Flag question
Question text
What type of service represents an outsourcing of the CSIRT function?
Select one:
a. Business continuity provider
b. Managed security provider
Question 20
Correct
1.00 points out of 1.00
Flag question
Question text
Which one of the following is NOT a typical automation method for cyber incident
management?
Select one:
a. Software tools installed and managed by the organization
Question 21
Incorrect
0.00 points out of 1.00
Flag question
Question text
A cyber incident response SLA matrix sets escalation times in relation to ________ and
________.
Select one:
a. Incident type / number of users
d. Impact / criticality