2.Question 2What process is used to provide a blueprint for effective incident response?1 pointThe NIST Cybersecurity FrameworkThe incident handler’s journalThe NIST Incident Response LifecycleThe 5 W’s of an incident

Question 2What type of process is the NIST Incident Response Lifecycle?

What is the first step in an incident response process?1 pointA) ContainmentB) EradicationC) RecoveryD) Identification

Question 1Which two (2) key components are part of incident response? (Select 2)1 pointAttackThreatResponse teamInvestigation2.Question 2Which is not part of the Sans Institutes Audit process?1 pointHelp to translate the business needs into technical or operational needs.Deliver a report.Define the audit scope and limitations.Feedback based on the findings.3.Question 3Which key concept to understand incident response is defined as "data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention and backup."1 pointAutomated SystemsPost-IncidentE-DiscoveryBCP & Disaster Recovery4.Question 4Which is not included as part of the IT Governance process?1 pointTactical PlansProceduresPoliciesAudits5.Question 5Trudy reading Alice’s message to Bob is a violation of which aspect of the CIA Triad?1 pointConfidentialityIntegrityAvailability6.Question 6A hash is a mathematical algorithm that helps assure which aspect of the CIA Triad?1 pointConfidentialityIntegrityAvailability7.Question 7A successful DOS attack against your company’s servers is a violation of which aspect of the CIA Triad?1 pointConfidentialityIntegrityAvailability8.Question 8Which of these is an example of the concept of non-repudiation?1 pointAlice sends a message to Bob and Bob knows for a certainty that it came from Alice and no one else.Alice sends a message to Bob and Alice is certain that it was not read by Trudy.Alice sends a message to Bob with certainty that it was not altered while in route by Trudy.Alice sends a message to Bob with certainty that it will be delivered.9.Question 9You have been asked to establish access to corporate documents in such a way that they can be read from anywhere, but only modified while the employees are in the office. Which 2 access criteria types were likely involved in setting this up?1 pointTimeframeTransaction typeGroupsPhysical location10.Question 10In incident management, an observed change to the normal behavior of a system, environment or process is called what?1 pointThreatIncidentEventAttack11.Question 11In incident management, tools like SIEM, SOA and UBA are part of which key concept?1 pointBCP & Disaster RecoveryPost-Incident ActivitiesAutomated systemE-Discovery12.Question 12Which phase of the Incident Response Process do steps like Carry out a post incident review and Communicate and build on lessons learned fall into?1 pointFollow UpRespondPrepare13.Question 13In the context of security standards and compliance, which two (2) of these are considered normative and compliance items?1 pointThey help translate the business needs into technical or operational needs.They seek to improve performance, controls and metrics.They are rules to follow for a specific industry.They serve as an enforcement mechanism for government, industry or clients.14.Question 14A company document that details how an employee should request Internet access for her computer would be which of the following?1 pointProcedureStrategic PlanTactical PlanPolicy15.Question 15Which of these is a methodology by which to conduct audits?1 pointSOXHIPPAPCI/DSSOCTAVE16.Question 16Mile 2 CPTE Training teaches you how to do what?1 pointConstruct a botnetConduct a Ransomware attackConduct a pentestAdvanced network management tasks17.Question 17Which three (3) statements about OWASP are True?1 pointOWASP stands for Open Web Application Security ProjectOWASP provides tools and guidance for mobile applications.OWASP provides guidance and tools to help you address web application vulnerabilities on their Top 10 list.OWASP Top 10 only lists the top 10 web application vulnerabilities but you must engage an OWASP certified partner to learn how to fix them.

A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?1 分Overlap the steps as needed.Skip irrelevant steps.Complete the steps in any order.Only use each step once.

What are the key steps involved in the NIST incident handling process?Assessment, Recovery, Follow-upPreparation, Detection and Analysis, Containment, Eradication, Recovery, Post-Incident ActivityPrevention, Response, ResolutionIsolation, Elimination, Aftermath