NSCT – Incident Response & Management MCQs 20 min Score: 0 Attempted: 0/20 Subscribe 1. . Incident Response is the process of: (A) Compressing files (B) Installing software updates (C) Detecting, analyzing, and responding to security incidents (D) Deleting old dataShow All AnswersShow All Answers 2. . The main goal of Incident Response is to: (A) Compress logs (B) Increase system speed (C) Delete unnecessary files (D) Minimize damage and restore normal operations quicklyShow All Answers 3. . Which of the following is the correct order of the Incident Response lifecycle? (A) Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned (B) Detection, Deletion, Encryption, Backup (C) Monitoring, Logging, Updating, Restarting (D) Planning, Testing, Deleting, EncryptingShow All Answers 4. . Preparation in incident response involves: (A) Encrypting all files (B) Establishing policies, procedures, and tools to handle incidents (C) Deleting old logs (D) Compressing dataShow All Answers 5. . Identification phase includes: (A) Installing updates (B) Encrypting files (C) Deleting malware (D) Detecting and confirming security incidentsShow All Answers 6. . Containment in incident response aims to: (A) Increase CPU performance (B) Delete unnecessary files (C) Limit the impact of the incident and prevent further damage (D) Compress logsShow All Answers 7. . Eradication involves: (A) Deleting backups (B) Encrypting files (C) Removing the cause of the incident, such as malware or vulnerabilities (D) Increasing network speedShow All Answers 8. . Recovery in incident response means: (A) Compressing files (B) Encrypting data permanently (C) Deleting old accounts (D) Restoring systems and operations to normal while ensuring securityShow All Answers 9. . Lessons Learned phase focuses on: (A) Analyzing the incident to improve future response (B) Encrypting files (C) Deleting logs (D) Increasing system speedShow All Answers 10. . An Incident Response Team (IRT) is responsible for: (A) Compressing files (B) Installing applications (C) Managing and responding to security incidents effectively (D) Deleting dataShow All Answers 11. . A Security Information and Event Management (SIEM) system helps in: (A) Deleting logs automatically (B) Detecting, analyzing, and responding to security events (C) Compressing data (D) Increasing network speedShow All Answers 12. . Incident classification helps to: (A) Compress logs (B) Delete old files (C) Prioritize response based on severity and impact (D) Encrypt emailsShow All Answers 13. . A common type of security incident is: (A) All of the above (B) Phishing attack (C) Unauthorized access (D) Malware infectionShow All Answers 14. . Indicators of Compromise (IoCs) are: (A) Encryption keys (B) Evidence that a security breach has occurred (C) Backup files (D) Compressed archivesShow All Answers 15. . Communication during an incident is important to: (A) Notify stakeholders, management, and affected users (B) Encrypt files (C) Delete old accounts (D) Compress logsShow All Answers 16. . Containment strategies can be: (A) Short-term (isolate systems) and long-term (patch vulnerabilities) (B) Only encryption (C) Only file deletion (D) Only compressionShow All Answers 17. . Documentation during incident response is essential for: (A) Increasing system speed (B) Legal, regulatory, and future improvement purposes (C) Compressing logs (D) Deleting filesShow All Answers 18. . Post-incident analysis helps to: (A) Improve security policies and prevent future incidents (B) Delete old logs (C) Compress data (D) Increase internet speedShow All Answers 19. . Automated tools in incident response can: (A) Delete backups (B) Encrypt all files automatically (C) Detect and respond to incidents faster and more accurately (D) Increase CPU speed onlyShow All Answers 20. . The ultimate objective of incident response and management is to: (A) Delete unnecessary data (B) Compress files (C) Minimize damage, recover quickly, and strengthen future security posture (D) Increase system performance onlyShow All Answers
