Quiz Maker LogoCreate a Quiz
Quiz MakerGuides and HelpContact

M6-110: Cyber Incident Handling - IH FRAMEWORK

Create an image that represents cybersecurity incident handling, featuring elements like computer networks, coding, a digital shield, and an illustration of a cyber incident response team in action.

Cyber Incident Handling Quiz

Test your knowledge on the Incident Handling (IH) lifecycle and related concepts with this comprehensive quiz designed for cybersecurity professionals. This quiz covers key phases, methodologies, and analytical techniques pertinent to incident response.

  • 20 multiple-choice questions
  • Covers detection, analysis, response, and recovery phases
  • Great for practitioners and students alike
20 Questions5 MinutesCreated by AnalyzingFox214
Which phases of the IH lifecycle are most directly associated with the "paramedic" analogy put forth by Mr. Fulp?
Detection and Response
Triage and Recovery
Preliminary Analysis and Preliminary Response
Detection and Preliminary Response
Organizing IH agencies/offices/capabilities/etc. By hierarchical "tiers" (or similar term) provides a useful management tool for dealing with incidents from "local" to "national" level in scope. In the CJCSM-based 3-tier system, which tier (#) is usually associated with the "regional" level?
Tier 1
Tier 2
Tier 3
Tier 4
Which statement is true regarding the acronyms I&W and AS&W (as per the CJCSM)?
These two terms are effectively synonymous with one another.
I&W are "offensive" indicators, while AS&W are "defensive" indicators.
I&A is effectively the same thing as IOCs (indicators of compromise).
AS&W refers to locally observed indicators that an attack has occurred or may be about to.
A primary purpose of the Preliminary Analysis and Identification of Cyber Incidents phase is to determine if a/an ___________ is a/an _________________ or not.
IOC reportable cyber event
Incident reportable cyber event
Eventincident or reportable cyber event
Reportable cyber event incident
Which of these is not expected to be done during the Incident Analysis (Phase 4) phase of incident handling?
Contain the incident
Validate the incident
Identify the root cause(s)
Determine system weaknesses
Which of these represents the proper ordering of the four malware analysis techniques/methods, from the least technical (and least time-consuming) to the most technical (and most time-consuming)?
Surface—Static—Runtime—Reverse Engineering
Static—Surface—Runtime— Reverse Engineering
Static—Static— Reverse Engineering —Runtime
Surface—Runtime—Static— Reverse Engineering
Which malware analysis technique/method does this describe: “Focuses on examining and interpreting the malware code directly; without execution or disassembly”?
Static
Surface
Reverse Engineering
Runtime
Which of these are most directly associated with "response" activities, rather than detection or analysis?
AS&W
I&W
COAs
IOCs
Which statement is true regarding information presented in the lectures covering this material?
An event can only be considered an incident, if actual harm/damage is done.
It's better to "suffer" more false-positives, than to "suffer" more false-negatives.
No incident may be considered "closed" (complete) unless/until the root cause is determined.
The root cause of an incident is defined solely by the threat, and its delivery vector.
During which phase of the Incident Life-Cycle is the incident handler supposed to determine the incident or reportable event category?
Phase 1 – Detection
Phase 2 – Preliminary Analysis & Identification of Incidents
Phase 3 – Preliminary Response Actions
Phase 4 – Incident Analysis
Phase 5 – Response & Recovery
Phase 6 – Post Incident Analysis
During which phase of the Incident Life-Cycle is the responder supposed to determine COAs?
Phase 1 – Detection
Phase 2 – Preliminary Analysis & Identification of Incidents
Phase 3 – Preliminary Response Actions
Phase 4 – Incident Analysis
Phase 5 – Response & Recovery
Phase 6 – Post Incident Analysis
The primary means for reporting and recording all cyber incidents within the U.S. DoD is ________; which replaced the Joint Threat Intelligence Database (JTIDS) as the DoD’s central repository for this key intelligence.
JIMS
NVD
CVE
JMC
Finish this sentence that captures the essence of the goal of contingency planning: "Problems, once planned for, cease to be problems, and (instead)
Which of these is not considered one of the four basic network/traffic analysis data types?
Session data
Alert data
Protocol data
Full packet data
Statistical data
Which best characterizes the impact of an event described as: “Exploitation of IS can be conducted remotely, or locally, with the assistance of (inside) user interaction (e.g., getting a trusted insider to click something)” ?
Low impact to confidentiality
Moderate impact to all
High impact to integrity
Low impact to availability
According to your course instructor, which of these medical terms most closely expresses the goal of incident response containment?
Get the patient to the hospital.
Stabilize the patient (i.e., patient is still injured, but breathing and not losing excessive blood).
Diagnose the patient (i.e., figure out exactly what the patient’s problem is).
Operate on the patient to remove/correct the ailment/problem.
What is the term of trade for juxtaposing (i.e., considering several things side-by-side) incident-related intelligence and artifacts so as to create or strengthen leads?
Correlation
Normalization
Cross-referencing
Aggregation
The CJCSM IH Program (and many others) indicates three types of "technical analysis" as it pertains to cyber-related (digital) systems. What are they?
Assume you find that malicious logic has been introduced (installed and/or executed) onto a system you are investigating, and that you later find that the attacker used this logic to enable him/her to remo-tely access the system with regular user privileges. Which is the most appropriate incident category to assign (according the CJCSM): Cat 2 (User Level Intrusion) or Cat 7 (Malicious Logic)?
Cat 2
Cat 7
Which statement is false?
Phase 2 responders should generally collect evidence following the "order-of-volatility".
"Dead disk forensics" is generally relegated to the analysis of non-volatile data.
Lucky for digital forensicators, volatile data remains stable once it is correctly collected.
High volatility incident artifacts are rarely of use to incident analysts.
{"name":"M6-110: Cyber Incident Handling - IH FRAMEWORK", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on the Incident Handling (IH) lifecycle and related concepts with this comprehensive quiz designed for cybersecurity professionals. This quiz covers key phases, methodologies, and analytical techniques pertinent to incident response.20 multiple-choice questionsCovers detection, analysis, response, and recovery phasesGreat for practitioners and students alike","img":"https:/images/course5.png"}

More Quizzes

Monthly SecOPS quiz
11610
Using Threat Intelligence
520
Iconicity Assessment Quiz
10535
La Natura e l'Umanità: Un Quiz di Consapevolezza
5231
Sign Language - 15 ASL Questions (Free)
201021404
4.07: Nationalism in the Middle East - Free Practice
201016977
What Should I Name My Horse? Name Generator
201018886
OB/GYN Surgical Instruments - Identify the Tools
201017485
GMP for Employees - GHP Refresher Training (Free)
201017896
Brain Bowl Questions - Free Practice
201017226
Cuck: Discover Your Secret Role in Relationships
201016679
Schizophrenia Test - Free Online Knowledge
201020334
Powered by
Quiz Maker
Powered by: Quiz Maker