Maker LogoSuper Survey Maker
Survey MakerSurvey TemplatesContactPrivacy & Security

CSF 3103 - MCQ - CLO3

A CSIRT model in which a single CSIRT handles incidents throughout the organization is called a(n) ____
Employee-based CSIRT
Coordinating team
Central CSIRT
Organizational CSIRT
A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____.
Central CSIRT
Coordinating team
Organizational CSIRT
Distributed CSIRT
The _____ CSIRT model is used when the organization needs a full-time, on-site CSIRT but does not have enough available, qualified employees.
Fully outsourced
Partially outsourced
Employees
24/7
Organizations with limited funding, staffing, or IR needs may have only _____ IR team members
Temporary
Full-time
Contract
Part-time
The CSIRT must have a clear and concise ____ statement that, in a few sentences, unambiguously articulates what it will do.
Objectives
Mission
Philosophy
Requirements
A key step in the ____ approach to incident response is to discover the identity of the intruder while documenting their activity.
Apprehend and prosecute
Proactive security awareness
Security quality management
Protect and forget
The first group or person to communicate the CSIRT’s vision and operational plan is the managerial team or individual serving as the ____
Technical lead
Educational liaison
IT staff leader
Champion
During the AAR, all team members primarily _____.
Review other members of the team during the incident and identify areas for improvement
review the actions of management during the incident and identify areas of excellence
Review their actions during the incident and identify areas for improvement
Review other members of the team during the incident and identify areas of excellence
A feedback mechanism that can be used to measure the effectiveness of a CSIRT is the ____
After-action review
IR plan test
Periodic survey
Help-desk report log
While a security operations center is designed to _____, a CSIRT focuses on _____
Monitor all security operations; responding to incidents
Monitor all security operations; preventing security incidents
Respond to incidents; monitoring all security operations
Prevent security incidents; responding to incidents
A centralized facility where the organization’s security efforts and technologies are monitored by dedicated technicians is known as the _____.
MOC
TOC
SOC
NOC
An example of a _____ indicator is if a business partner or another connected organization reports an attack from your computing systems.
Possible
Probable
Definite
Under way
The CSIRT may not wish to “tip off” attackers that they have been detected, especially if the organization is following a(n) ____ approach.
Acceptable loss
Detect and recover
Contain and eradicate
Apprehend and prosecute
A ____ attack is much more substantial than a DoS attack because of the use of multiple systems to simultaneously attack a single target.
Networked denial-of-service
Targeted denial-of-service
Heartbeat
Distributed denial-of-service
According to NIST, which of the following is an example of an unauthorized access attack?
Asking for large numbers of resources
Modifying Web-based content without permission
Knowingly sending a virus-infected message
Sending large quantities of network traffic in an effort to negatively impact a target's ability to service requests
The CSIRT must document and preserve every action, file, event, and _____.
Item of potential evidentiary value
Identity of the involved employee
Tool used in the response
Reference document used
______ is used both for intrusion analysis and as part of evidence collection and analysis.
Configuration
Loss analysis
Digital forensics
After-action reporting
The objective of an incident resolution announcement is to prevent _____ from causing additional disruption to the operations of the organization.
Panic or confusion
A lack of awareness
Newspaper reports
Follow-on attacks
Which of these is NOT a question that might be useful in a periodic review of the IR plan?
Were any AAR meetings held, and have the minutes of any such meetings been reviewed to note deficiencies that may need attention?
Has the plan been used during the past review period?
Have any other notices of deficiency or related feedback been submitted to the plan owner, and if so, have they been addressed yet?
All of these are useful questions.
{"name":"CSF 3103 - MCQ - CLO3", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"A CSIRT model in which a single CSIRT handles incidents throughout the organization is called a(n) ____, A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____., The _____ CSIRT model is used when the organization needs a full-time, on-site CSIRT but does not have enough available, qualified employees.","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

More Quizzes

What ShockCollar member are you? - take the quiz
840
Admiavr
520
2 vs. 7 - Cabinet Discounters Tournament
100
Next Glmv
210
Do you have any recommendations in new papers today?
100
EWC November STRUT!
1050
Grundlagen Bewegungsapparat
420
4th in Isabella Show
100
Make your own Survey
- it's free to start.
Super Survey Logo
Powered by
Super Survey Maker | Super Templates Make your own Survey