M6-110: Cyber Incident Handling - IH FRAMEWORK
Cyber Incident Handling Quiz
Test your knowledge on the Incident Handling (IH) lifecycle and related concepts with this comprehensive quiz designed for cybersecurity professionals. This quiz covers key phases, methodologies, and analytical techniques pertinent to incident response.
- 20 multiple-choice questions
- Covers detection, analysis, response, and recovery phases
- Great for practitioners and students alike
Which phases of the IH lifecycle are most directly associated with the "paramedic" analogy put forth by Mr. Fulp?
Detection and Response
Triage and Recovery
Preliminary Analysis and Preliminary Response
Detection and Preliminary Response
Organizing IH agencies/offices/capabilities/etc. By hierarchical "tiers" (or similar term) provides a useful management tool for dealing with incidents from "local" to "national" level in scope. In the CJCSM-based 3-tier system, which tier (#) is usually associated with the "regional" level?
Tier 1
Tier 2
Tier 3
Tier 4
Which statement is true regarding the acronyms I&W and AS&W (as per the CJCSM)?
These two terms are effectively synonymous with one another.
I&W are "offensive" indicators, while AS&W are "defensive" indicators.
I&A is effectively the same thing as IOCs (indicators of compromise).
AS&W refers to locally observed indicators that an attack has occurred or may be about to.
A primary purpose of the Preliminary Analysis and Identification of Cyber Incidents phase is to determine if a/an ___________ is a/an _________________ or not.
IOC reportable cyber event
Incident reportable cyber event
Eventincident or reportable cyber event
Reportable cyber event incident
Which of these is not expected to be done during the Incident Analysis (Phase 4) phase of incident handling?
Contain the incident
Validate the incident
Identify the root cause(s)
Determine system weaknesses
Which of these represents the proper ordering of the four malware analysis techniques/methods, from the least technical (and least time-consuming) to the most technical (and most time-consuming)?
Surface—Static—Runtime—Reverse Engineering
Static—Surface—Runtime— Reverse Engineering
Static—Static— Reverse Engineering —Runtime
Surface—Runtime—Static— Reverse Engineering
Which malware analysis technique/method does this describe: “Focuses on examining and interpreting the malware code directly; without execution or disassembly”?
Static
Surface
Reverse Engineering
Runtime
Which of these are most directly associated with "response" activities, rather than detection or analysis?
AS&W
I&W
COAs
IOCs
Which statement is true regarding information presented in the lectures covering this material?
An event can only be considered an incident, if actual harm/damage is done.
It's better to "suffer" more false-positives, than to "suffer" more false-negatives.
No incident may be considered "closed" (complete) unless/until the root cause is determined.
The root cause of an incident is defined solely by the threat, and its delivery vector.
During which phase of the Incident Life-Cycle is the incident handler supposed to determine the incident or reportable event category?
Phase 1 – Detection
Phase 2 – Preliminary Analysis & Identification of Incidents
Phase 3 – Preliminary Response Actions
Phase 4 – Incident Analysis
Phase 5 – Response & Recovery
Phase 6 – Post Incident Analysis
During which phase of the Incident Life-Cycle is the responder supposed to determine COAs?
Phase 1 – Detection
Phase 2 – Preliminary Analysis & Identification of Incidents
Phase 3 – Preliminary Response Actions
Phase 4 – Incident Analysis
Phase 5 – Response & Recovery
Phase 6 – Post Incident Analysis
The primary means for reporting and recording all cyber incidents within the U.S. DoD is ________; which replaced the Joint Threat Intelligence Database (JTIDS) as the DoD’s central repository for this key intelligence.
JIMS
NVD
CVE
JMC
Finish this sentence that captures the essence of the goal of contingency planning: "Problems, once planned for, cease to be problems, and (instead)
Which of these is not considered one of the four basic network/traffic analysis data types?
Session data
Alert data
Protocol data
Full packet data
Statistical data
Which best characterizes the impact of an event described as: “Exploitation of IS can be conducted remotely, or locally, with the assistance of (inside) user interaction (e.g., getting a trusted insider to click something)” ?
Low impact to confidentiality
Moderate impact to all
High impact to integrity
Low impact to availability
According to your course instructor, which of these medical terms most closely expresses the goal of incident response containment?
Get the patient to the hospital.
Stabilize the patient (i.e., patient is still injured, but breathing and not losing excessive blood).
Diagnose the patient (i.e., figure out exactly what the patient’s problem is).
Operate on the patient to remove/correct the ailment/problem.
What is the term of trade for juxtaposing (i.e., considering several things side-by-side) incident-related intelligence and artifacts so as to create or strengthen leads?
Correlation
Normalization
Cross-referencing
Aggregation
The CJCSM IH Program (and many others) indicates three types of "technical analysis" as it pertains to cyber-related (digital) systems. What are they?
Assume you find that malicious logic has been introduced (installed and/or executed) onto a system you are investigating, and that you later find that the attacker used this logic to enable him/her to remo-tely access the system with regular user privileges. Which is the most appropriate incident category to assign (according the CJCSM): Cat 2 (User Level Intrusion) or Cat 7 (Malicious Logic)?
Cat 2
Cat 7
Which statement is false?
Phase 2 responders should generally collect evidence following the "order-of-volatility".
"Dead disk forensics" is generally relegated to the analysis of non-volatile data.
Lucky for digital forensicators, volatile data remains stable once it is correctly collected.
High volatility incident artifacts are rarely of use to incident analysts.
{"name":"M6-110: Cyber Incident Handling - IH FRAMEWORK", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on the Incident Handling (IH) lifecycle and related concepts with this comprehensive quiz designed for cybersecurity professionals. This quiz covers key phases, methodologies, and analytical techniques pertinent to incident response.20 multiple-choice questionsCovers detection, analysis, response, and recovery phasesGreat for practitioners and students alike","img":"https:/images/course5.png"}
More Quizzes
Monthly SecOPS quiz
1168
Using Threat Intelligence
520
Seguridad 7
1059
الرشودي صح | خطاء
28140
Cybersecurity Quiz - The art of Exploitation
6317
Cybersecurity Quiz - Who you gonna call
11610
I would like the quiz to test the participants in a workshop about modern Cybersecurity Operation Centers Building blocks, Architecture, Main services, the importance of Cyber Threat Intelligence, CTI lifecycle, CTI types (Strategic, Tactical, technical and operational), CTI protocols, CTI open source feeds, CTI opensource and online platforms - take the quiz
8465
Ransomware Protection
10537
Security Malware
105116
EDR Security
201027
M6 110 PRACTICE QUIZ FOR IR FUNDAMENTALS
191021
Incident Handling Part 2
13610