31. A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?

  • Only use each step once.
  • Complete the steps in any order.
  • Skip irrelevant steps.
  • Overlap the steps as needed.

32. Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.

  • computer security incident response team
  • forensic investigation team
  • threat hunter group
  • risk assessment group

33. A cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?

  • Aggregate data
  • Analyze data
  • Collect data
  • Normalize data

34. Which of the following is an example of a security incident?

  • An unauthorized user successfully changes the password of an account that does not belong to them.
  • An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
  • A user installs a device on their computer that is allowed by an organization’s policy.
  • A software bug causes an application to crash.

35. What are investigative tools used for?

  • Managing alerts
  • Documenting incidents
  • Monitoring activity
  • Analyzing events

Leave a Reply