Incident Response

Question 1

After eradicating threats using the IRP, which step is done next?

• Patch vulnerable systems
• Verify that the threat has been eradicated
• Update the IRP
• Generate an incident summary report

Answer 1

Verify that the threat has been eradicated

Question 2

You are updating the incident response plan (IRP) for an automated assembly line process. Which IRP component will facilitate speedy escalations when needed?

• Definition of terms
• Communication plan
• Revision history
• Eradication procedures

Answer 2

Communication plan

Question 3

After eradicating and verifying a malware outbreak on the network, you perform a post-incident analysis to determine how quickly the IRP was applied. Which metric should you analyse?

• Disk read bytes
• Mean time to respond
• Recovery time objective
• Disk write bytes

Answer 3

Mean time to respond

Question 4

What are incident response plans that strive to return disrupted systems to a functional state quickly said to adhere to?

• SLA
• RTO
• GDPR
• RPO

Answer 4

RTO

Question 5

What is the primary purpose of incident containment?

• Eradication
• Patching
• Report generation
• Prevent spread

Answer 5

Prevent spread

Question 6

Which type of Microsoft Azure resource can automate incident response without writing code?

• Logic app
• Workspace
• Virtual machine
• Function app

Answer 6

Logic app