Why is it important for the IRT to be integrated with legal and HR departments?

To ensure compliance, handle insider threats, and manage employee-related incidents

To handle budget approvals for new hardware

To train employees in programming

In a typical organization, what is the SOC’s main role in relation to the IRT?

Detect and monitor suspicious activities, then escalate to the IRT when needed

Perform legal review of security incidents

Approve funding for IR processes

Handle physical security breaches

During SOC monitoring, an alert is generated. Before assigning it to the IRT, the SOC should first:

Perform incident validation and classification

Delete the log to avoid confusion

In the IR process, “Containment” aims to:

Stop further damage and limit the spread of the incident

Eliminate the attacker’s identity

Report only to external agencies

If the SOC determines that an alert is NOT classified as a security incident, the next action is to:

Document it as “No Security Incident” and close it

Ignore it completely without logging

The “Eradication” phase in Incident Response involves:

Removing malicious components and closing attack vectors

Testing systems for performance improvement

Training employees on phishing awareness

Disclosing incident details to the public

“Incident Disclosure” should follow which best practice?

Disclose only if required by policy, regulation, or legal requirements

Disclose to everyone in the company immediately

Keep it secret at all times to avoid panic

Only disclose to technical staff

Why is “Post-Incident Activities” critical in the IR process?

It ensures lessons are learned, policies are revised, and gaps are closed

It allows the team to skip documentation to save time

It determines which employees to terminate

It allows management to decide if IR is needed in the future

Which of the following BEST describes an IR Policy?

A high-level document defining the scope, objectives, and authority for incident response activities

A detailed step-by-step guide on how to configure security tools

A technical manual for forensic tools

A marketing statement for the organization

Setting up a Computer Forensics Lab should ensure:

Secure, controlled access, proper evidence storage, and analysis tools

High availability of games and multimedia tools

Multiple internet connections for public access

No backup facilities for collected evidence

Which is a key advantage of establishing structured record-keeping facilities for IR?

Ensures legal admissibility of evidence and supports compliance audits

Allows sharing incident data with competitors

Avoids having to use ticketing systems

Helps reduce hardware purchases

Evaluating the current security posture involves:

Measuring current defenses, vulnerabilities, and risks against best practices and threats

Counting the number of employees in the security department

Reviewing only physical security measures

Replacing all hardware every year

Which statement about cyber insurance is TRUE?

It can help cover financial losses, legal costs, and recovery expenses after a cyber incident

It replaces the need for incident response

It prevents all types of cyberattacks

It is only useful for large multinational corporations

Implementing security controls in the context of IR readiness means:

Installing measures such as firewalls, IDS/IPS, access controls, and encryption to reduce incident likelihood and impact

Writing down passwords for easy access

Giving all employees unrestricted network access

Using only physical locks and ignoring digital threats

In a ticketing system, which of the following fields is MOST important for tracking incident status?

Assignee, Priority, and Current Status

Wallpaper Preference of Analyst

Number of Employees in the Company

A SOC analyst detects unusual outbound traffic from a server. They log the event in the ticketing system and mark it as “Unassigned”. What is the correct next step?

Assign the ticket to the IRT or appropriate responder team

Delete the record to avoid confusion

Forward it to marketing for awareness

An incident ticket is created and assigned to the malware analysis team. The ticket contains incomplete information about the affected system. What should happen first?

Update the ticket with complete, verified details before starting

Proceed with investigation without clarifying

Close the ticket due to insufficient data

Assign it back to SOC without explanation

Your ticketing system shows two open tickets for the same phishing attack, reported by different employees. What should you do?

Merge the tickets to avoid duplication but retain all evidence

Delete one ticket to reduce workload

Ignore one report and focus on the first

SOC receives an alert for multiple failed logins from a single IP, followed by a successful login to an admin account. During triage, the SOC confirms the account was accessed from an unknown country. What should be the classification of this incident?

Valid security incident – possible account compromise

Low priority – harmless behavior

During incident analysis, the SOC finds that a suspicious file was flagged by one AV engine out of 50. What should be done next?

Validate further with sandbox and behavioral analysis before confirming

Ignore because detection is low

A SOC analyst during triage finds an alert from IDS. After log correlation and endpoint inspection, it turns out the alert was caused by a legitimate scheduled update. How should this be documented?

As a severe threat for future tracking

csa module 6-1

Professional Development

•

35 Qs

Similar activities

Comptia Security+ Understanding Application Attacks and security

Professional Development

•

30 Qs

HTML and CSS

University - Professional Development

•

36 Qs

Modulo 6 - Evaluacion

Professional Development

•

30 Qs

Year 7 Computer Science Baseline

KG - Professional Development

•

31 Qs

QUIZZ KJD - PERAWATAN, PERMASALAHAN DAN PERBAIKAN PC

KG - Professional Development

•

40 Qs

Foundation_Batch_2025

Professional Development

•

40 Qs

Java Script

9th Grade - Professional Development

•

39 Qs

QUIZZ AIJ - BANDWIDTH

KG - Professional Development

•

30 Qs

csa module 6-1

Quiz

•

Computers

•

Professional Development

•

Practice Problem

•

Easy

Leynal L

Used 3+ times

FREE Resource

A group of penetration testers

A set of automated security tools

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

34 questions

Chapter 2 : Requirements Gathering & Analysis

Quiz

•

Professional Development

40 questions

HCI Midterm

Quiz

•

Professional Development

40 questions

420-906-LA

Quiz

•

Professional Development

30 questions

Excel

Quiz

•

University - Professi...

39 questions

HTML quiz

Quiz

•

University - Professi...

40 questions

Applications of DMS in A.I AND GATE/JNTUH/NPTEL/PLACEMENTS probl

Quiz

•

Professional Development

40 questions

AI900-01

Quiz

•

Professional Development

30 questions

Simulasi UJK Desain Grafis LSP P3

Quiz

•

University - Professi...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

10 questions

How to Email your Teacher

Quiz

•

Professional Development

6 questions

3RD GRADE DECLARATION OF INDEPENDENCE EXIT TICKET

Quiz

•

Professional Development

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

22 questions

Multiplying Exponents with the Same Base

Quiz

•

9th Grade - Professio...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

csa module 6-1

35 questions

Which of the following best defines Incident Response?

Which of the following is NOT a typical member of an Incident Response Team (IRT)?

In most organizations, the IRT reports to which department?

Which of these is a key responsibility of the IRT during the “Containment” phase?

The IRT plays a crucial role in __________.

If an IRT is placed too low in the organizational hierarchy, what is a potential risk?

Which of the following best describes a Computer Security Incident Response Team (CSIRT)?

Why is it important for the IRT to be integrated with legal and HR departments?

In a typical organization, what is the SOC’s main role in relation to the IRT?

Which of the following is the FIRST step in the Incident Response process?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers