sound the alarm detection and response coursera weekly challenge 1 answers
Test your knowledge: The incident response lifecycle
1. The first phase of the NIST Incident Response Lifecycle is Preparation. What are the other phases? Select three answers.
- Identify
- Post-Incident Activity
- Detection and Analysis
- Containment, Eradication, and Recovery
2. What type of process is the NIST Incident Response Lifecycle?
- Linear
- Phased
- Observable
- Cyclical
3. Fill in the blank: An _____ is an observable occurrence on a network, system, or device.
- analysis
- incident
- event
- investigation
4. A security professional investigates an incident. Their goal is to gain information about the 5 W's, which include what happened and why. What are the other W's? Select three answers.
- Which type of incident it was
- Who triggered the incident
- Where the incident took place
- When the incident took place
Test your knowledge: Incident response operations
5. What are the goals of a computer security incident response team (CSIRT)? Select three answers.
- To provide services and resources for response and recovery
- To manage incidents
- To handle the public disclosure of an incident
- To prevent future incidents from occurring
6. Which document outlines the procedures to follow after an organization experiences a ransomware attack?
- A network diagram
- A contact list
- A security policy
- An incident response plan
7. Fill in the blank: The job of _____ is to investigate alerts and determine whether an incident has occurred.
- technical leads
- security analysts
- incident coordinators
- public relations representative
8. Which member of a CSIRT is responsible for tracking and managing the activities of all teams involved in the response process?
- Technical lead
- Incident coordinator
- Public relations representative
- Security analyst
Shuffle Q/A 1
Test your knowledge: Detection and documentation tools
9. What are some examples of types of documentation? Select three answers.
- Final reports
- Word processors
- Policies
- Playbooks
10. Fill in the blank: Ticketing systems such as _____ can be used to document and track incidents.
- Cameras
- Evernote
- Jira
- Excel