NEW QUESTION 1
Which of the following is an appropriate flow of the incident recovery steps?

• A. System Operation-System Restoration-System Validation-System Monitoring
• B. System Validation-System Operation-System Restoration-System Monitoring
• C. System Restoration-System Monitoring-System Validation-System Operations
• D. System Restoration-System Validation-System Operations-System Monitoring

Answer: D

NEW QUESTION 2
The main difference between viruses and worms is:

• A. Worms require a host file to propagate while viruses don’t
• B. Viruses require a host file to propagate while Worms don’t
• C. Viruses don’t require user interaction; they are self-replicating malware
• D. Viruses and worms are common names for the same malware

Answer: B

NEW QUESTION 3
The largest number of cyber-attacks are conducted by:

• A. Insiders
• B. Outsiders
• C. Business partners
• D. Suppliers

Answer: B

NEW QUESTION 4
A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim’s system is called:

• A. Trojan
• B. Worm
• C. Virus
• D. RootKit

Answer: A

NEW QUESTION 5
An assault on system security that is derived from an intelligent threat is called:

• A. Threat Agent
• B. Vulnerability
• C. Attack
• D. Risk

Answer: C

NEW QUESTION 6
Which of the following is an incident tracking, reporting and handling tool:

• A. CRAMM
• B. RTIR
• C. NETSTAT
• D. EAR/ Pilar

Answer: B

NEW QUESTION 7
The region where the CSIRT is bound to serve and what does it and give service to is known as:

• A. Consistency
• B. Confidentiality
• C. Constituency
• D. None of the above

Answer: C

NEW QUESTION 8
______ attach(es) to files

• A. adware
• B. Spyware
• C. Viruses
• D. Worms

Answer: C

NEW QUESTION 9
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?

• A. Full-level authority
• B. Mid-level authority
• C. Half-level authority
• D. Shared-level authority

Answer: A

NEW QUESTION 10
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?

• A. Inappropriate usage incident
• B. Unauthorized access incident
• C. Network intrusion incident
• D. Denial of Service incident

Answer: A

NEW QUESTION 11
Computer viruses are malicious software programs that infect computers and corrupt or delete the data on them. Identify the virus type that specifically infects Microsoft Word files?

• A. Micro Virus
• B. File Infector
• C. Macro Virus
• D. Boot Sector virus

Answer: C

NEW QUESTION 12
Incident management team provides support to all users in the organization that are affected by the threat or attack. The organization’s internal auditor is part of the incident response team. Identify one of the responsibilities of the internal auditor as part of the incident response team:

• A. Configure information security controls
• B. Perform necessary action to block the network traffic from suspected intruder
• C. Identify and report security loopholes to the management for necessary actions
• D. Coordinate incident containment activities with the information security officer

Answer: C

NEW QUESTION 13
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network
resources.

• A. URL Manipulation
• B. XSS Attack
• C. SQL Injection
• D. Denial of Service Attack

Answer: D

NEW QUESTION 14
The correct sequence of incident management process is:

• A. Prepare, protect, triage, detect and respond
• B. Prepare, protect, detect, triage and respond
• C. Prepare, detect, protect, triage and respond
• D. Prepare, protect, detect, respond and triage

Answer: B

NEW QUESTION 15
The role that applies appropriate technology and tries to eradicate and recover from the incident is known as:

• A. Incident Manager
• B. Incident Analyst
• C. Incident Handler
• D. Incident coordinator

Answer: B

NEW QUESTION 16
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?

• A. Weekly
• B. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to successfully mitigate activity
• C. Within two (2) hours of discovery/detection
• D. Monthly

Answer: A

NEW QUESTION 17
Common name(s) for CSIRT is(are)

• A. Incident Handling Team (IHT)
• B. Incident Response Team (IRT)
• C. Security Incident Response Team (SIRT)
• D. All the above

Answer: D

NEW QUESTION 18
Which of the following incidents are reported under CAT -5 federal agency category?

• A. Exercise/ Network Defense Testing
• B. Malicious code
• C. Scans/ probes/ Attempted Access
• D. Denial of Service DoS

Answer: C

NEW QUESTION 19
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

• A. Eradication
• B. Containment
• C. Identification
• D. Data collection

Answer: B

NEW QUESTION 20
The steps followed to recover computer systems after an incident are:

• A. System restoration, validation, operation and monitoring
• B. System restoration, operation, validation, and monitoring
• C. System monitoring, validation, operation and restoration
• D. System validation, restoration, operation and monitoring

Answer: A

NEW QUESTION 21
Removing or eliminating the root cause of the incident is called:

• A. Incident Eradication
• B. Incident Protection
• C. Incident Containment
• D. Incident Classification

Answer: A

NEW QUESTION 22
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?

• A. Dealing with human resources department and various employee conflict behaviors.
• B. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data.
• C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.
• D. Dealing properly with legal issues that may arise during incidents.

Answer: A

NEW QUESTION 23
Based on the some statistics; what is the typical number one top incident?

• A. Phishing
• B. Policy violation
• C. Un-authorized access
• D. Malware

Answer: A

NEW QUESTION 24
......