- Description
CYB 150 Wk 3 – Practice: Quiz
- Question 1
3/3
- Who can prioritize the occurrence of an incident on the amount of loss it caused to the organization?
Hide answer choices
IR custodians
IR officer
IR assessment team
IT staff
- Question 2
3/3
- Which of the following IRT role is responsible for providing legal advice for the organization?
Hide answer choices
IT staff
Attorney
HR representative
Physical security staff
- Question 3
3/3
- Among the following, whose pretext can enable an incident response team (IRT) to work on an incident?
Hide answer choices
Decision maker
Incident analyzer
Evidence examiner/investigator
First responder
- Question 4
3/3
- Which of the following is the first response rule of the first responder?
Hide answer choices
Contain the damage.
Prevent attempts to retrieve data by unqualified individuals.
Make an initial incident assessment.
Restrict himself from doing an investigation.
- Question 5
3/3
- Who among the following is responsible for protecting, integrating, and preserving any evidence obtained from a crime scene?
Hide answer choices
Evidence manager
IR manager
First responder
Evidence examiner/investigator
- Question 6
3/3
- In which of the following types of alerts is an alarm not raised even when an incident occurs because of failure to properly define rules in the alerting system?
Hide answer choices
True negative
False negative
True positive
False positive
- Question 7
3/3
- Which of the following can best describe the impact of a medium-level security incident?
Hide answer choices
It disrupts the normal working of the organization.
It affects a few systems or services in an organization.
It may lead to a financial crisis.
It has no chance of propagating to other systems or services.
- Question 8
3/3
- Which among the following actions should a first responder take when an incident occurs in an organization?
Hide answer choices
Allow users to work on the suspected device.
Disable virus protection on the suspected device.
Change the state of the suspected device.
Start an investigation as soon as possible.
- Question 9
3/3
- Who among the following must decide whether to disconnect a suspected device from the network or let it stay connected after detecting an incident?
Hide answer choices
First responder
IT staff
Forensics examiner
Information security team
- Question 10
3/3
- Which of the following actions taken by a first responder can make evidence invalid in court and land them in legal trouble?
Hide answer choices
Initiating the investigation without approval
Disabling the virus protection on the suspected device
Alerting the management late
Not informing the IR team soon