31. A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?
- Only use each step once.
- Complete the steps in any order.
- Skip irrelevant steps.
- Overlap the steps as needed.
32. Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.
- computer security incident response team
- forensic investigation team
- threat hunter group
- risk assessment group
33. A cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?
- Aggregate data
- Analyze data
- Collect data
- Normalize data
34. Which of the following is an example of a security incident?
- An unauthorized user successfully changes the password of an account that does not belong to them.
- An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
- A user installs a device on their computer that is allowed by an organization’s policy.
- A software bug causes an application to crash.
35. What are investigative tools used for?
- Managing alerts
- Documenting incidents
- Monitoring activity
- Analyzing events