1. . Incident Response is the process of:
(A) Compressing files
(B) Installing software updates
(C) Detecting, analyzing, and responding to security incidents
(D) Deleting old data
2. . The main goal of Incident Response is to:
(A) Compress logs
(B) Increase system speed
(C) Delete unnecessary files
(D) Minimize damage and restore normal operations quickly
3. . Which of the following is the correct order of the Incident Response lifecycle?
(A) Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
(B) Detection, Deletion, Encryption, Backup
(C) Monitoring, Logging, Updating, Restarting
(D) Planning, Testing, Deleting, Encrypting
4. . Preparation in incident response involves:
(A) Encrypting all files
(B) Establishing policies, procedures, and tools to handle incidents
(C) Deleting old logs
(D) Compressing data
5. . Identification phase includes:
(A) Installing updates
(B) Encrypting files
(C) Deleting malware
(D) Detecting and confirming security incidents
6. . Containment in incident response aims to:
(A) Increase CPU performance
(B) Delete unnecessary files
(C) Limit the impact of the incident and prevent further damage
(D) Compress logs
7. . Eradication involves:
(A) Deleting backups
(B) Encrypting files
(C) Removing the cause of the incident, such as malware or vulnerabilities
(D) Increasing network speed
8. . Recovery in incident response means:
(A) Compressing files
(B) Encrypting data permanently
(C) Deleting old accounts
(D) Restoring systems and operations to normal while ensuring security
9. . Lessons Learned phase focuses on:
(A) Analyzing the incident to improve future response
(B) Encrypting files
(C) Deleting logs
(D) Increasing system speed
10. . An Incident Response Team (IRT) is responsible for:
(A) Compressing files
(B) Installing applications
(C) Managing and responding to security incidents effectively
(D) Deleting data
11. . A Security Information and Event Management (SIEM) system helps in:
(A) Deleting logs automatically
(B) Detecting, analyzing, and responding to security events
(C) Compressing data
(D) Increasing network speed
12. . Incident classification helps to:
(A) Compress logs
(B) Delete old files
(C) Prioritize response based on severity and impact
(D) Encrypt emails
13. . A common type of security incident is:
(A) All of the above
(B) Phishing attack
(C) Unauthorized access
(D) Malware infection
14. . Indicators of Compromise (IoCs) are:
(A) Encryption keys
(B) Evidence that a security breach has occurred
(C) Backup files
(D) Compressed archives
15. . Communication during an incident is important to:
(A) Notify stakeholders, management, and affected users
(B) Encrypt files
(C) Delete old accounts
(D) Compress logs
16. . Containment strategies can be:
(A) Short-term (isolate systems) and long-term (patch vulnerabilities)
(B) Only encryption
(C) Only file deletion
(D) Only compression
17. . Documentation during incident response is essential for:
(A) Increasing system speed
(B) Legal, regulatory, and future improvement purposes
(C) Compressing logs
(D) Deleting files
18. . Post-incident analysis helps to:
(A) Improve security policies and prevent future incidents
(B) Delete old logs
(C) Compress data
(D) Increase internet speed
19. . Automated tools in incident response can:
(A) Delete backups
(B) Encrypt all files automatically
(C) Detect and respond to incidents faster and more accurately
(D) Increase CPU speed only
20. . The ultimate objective of incident response and management is to:
(A) Delete unnecessary data
(B) Compress files
(C) Minimize damage, recover quickly, and strengthen future security posture
(D) Increase system performance only