Domain 4, Quiz 3 Flashcards

1
Q

During an incident response, what is the first stage to consider?

a. Eradication
b. Analysis
c. Preparation
d. Recovery

A

Preparation

Preparation is correct because it is the initial stage in the incident response, where teams ensure they have the right tools, skills, and procedures in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the “Tabletop exercise” relate to within the context of incident response?

a. Software used in threat hunting
b. Digital forensics tool
c. Testing an incident response plan
d. Automated report

A

Testing an incident response plan

Tabletop exercise is correct because it is a form of testing where team members walk through scenarios to see how they would respond.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In digital forensics, what ensures that evidence has remained untouched from acquisition to court presentation?

a. Metadata
b. Digital signature
c. E-discovery
d. Chain of custody

A

Chain of custody

Chain of custody is correct because it tracks the evidence’s possession, handling, and storage, ensuring it remains unaltered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which data source is best suited to provide information on potential malicious activity across an organization’s network traffic?

a. IPS/IDS logs
b. Vulnerability scans
c. Endpoint logs
d. OS-specific security logs

A

IPS/IDS logs

IPS/IDS logs are correct because Intrusion Prevention Systems and Intrusion Detection Systems specifically monitor and log network traffic for potential threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a primary concern when introducing automation and orchestration in security operations?

a. Complexity
b. Workforce multiplier
c. Enabling/disabling services and access
d. Continuous integration and testing

A

Complexity

Complexity is correct because introducing automation can make systems and processes more complex, necessitating proper management and understanding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What step in the incident response process involves taking actions to limit the damage of an incident and prevent further damage?

a. Containment
b. Analysis
c. Detection
d. Recovery

A

Containment

Containment is correct because it focuses on limiting the damage and spread of an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the context of using data sources to support an investigation, which of the following would give insights into vulnerabilities present in an organization’s systems?

a. Packet captures
b. Vulnerability scans
c. Firewall logs
d. Network logs

A

Vulnerability scans

Vulnerability scans are correct because they are specifically designed to identify and report on system vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which term refers to proactive identification and mitigation of threats before they become incidents?

a. E-discovery
b. Root cause analysis
c. Legal hold
d. Threat hunting

A

Threat hunting

Threat hunting is correct because it involves actively searching for signs of malicious activity to prevent potential threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When considering automation in security operations, what describes the scenario where automated processes create more problems than they solve, necessitating additional work?

a. Reaction time
b. Guard rails
c. Scaling in a secure manner
d. Technical debt

A

Technical debt

Technical debt is correct because it refers to the future costs (in terms of time, effort, or money) incurred due to choosing a quick but potentially problematic solution now.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In the realm of security operations automation, which term best describes pre-defined configurations that are applied to ensure consistency across systems?

a. Escalation
b. Continuous integration
c. Ticket creation
d. Standard infrastructure configurations

A

Standard infrastructure configurations

Standard infrastructure configurations are correct because they pertain to applying a consistent set of configurations across systems for uniformity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

After an incident has been resolved, which phase of incident response focuses on identifying what went wrong and how to prevent similar incidents in the future?

a. Containment
b. Eradication
c. Recovery
d. Lessons learned

A

Lessons learned

Lessons learned are correct because they emphasize understanding the incident and devising strategies to prevent similar occurrences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If an organization wants to understand the original cause of a security breach, which activity should they prioritize?

a. Digital forensics reporting
b. Threat hunting
c. Tabletop exercise
d. Root cause analysis

A

Root cause analysis

Root cause analysis is correct because it investigates the primary cause of an issue or incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which type of log would most likely provide detailed insights into system-level events and potential security breaches on a Windows operating system?

a. Vulnerability scans
b. Firewall logs
c. OS-specific security logs
d. Application logs

A

OS-specific security logs

OS-specific security logs are correct because they capture events specifically related to the operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following best describes a proactive approach to discovering threats in an environment before they can cause harm?

a. Threat hunting
b. Simulation
c. Root cause analysis
d. Digital forensics

A

Threat hunting

Threat hunting is correct because it involves actively searching for threats in an environment before they can escalate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When capturing data packets moving across a network for analysis, which of the following is the primary data source?

a. Firewall logs
b. Dashboards
c. Automated reports
d. Packet captures

A

Packet captures

Packet captures are correct because they record raw data packets moving across a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly