21. Two weeks after an incident involving ransomware, the members of an organization want to review the incident in detail. Which of the following actions should be done during this review? Select all that apply.

  • Determine how to improve future response processes and procedures.
  • Determine the person to blame for the incident.
  • Create a final report.
  • Schedule a lessons learned meeting that includes all parties involved with the security incident.

22. During a lessons learned meeting following an incident, a meeting participant wants to identify actions that the organization can take to prevent similar incidents from occurring in the future. Which section of the final report should they refer to for this information?

  • Timeline
  • Executive summary
  • Detection
  • Recommendations

23. After a ransomware incident, an organization discovers their ransomware playbook needs improvements. A security analyst is tasked with changing the playbook documentation. Which documentation best practice does this scenario highlight?

  • Be accurate
  • Be concise
  • Know your audience
  • Update regularly

24. A member of the forensics department of an organization receives a computer that requires examination. On which part of the chain of custody form should they sign their name and write the date?

  • Description of the evidence
  • Custody log
  • Purpose of transfer
  • Evidence movement

25. A security analyst gets an alert involving a phishing attempt. Which step of the triage process does this scenario outline?

  • Add context
  • Receive and assess
  • Assign priority
  • Collect and analyze

26. After a security incident involving an exploited vulnerability due to outdated software, a security analyst applies patch updates. Which of the following steps does this task relate to?

  • Response
  • Reimaging
  • Prevention
  • Eradication

27. Which step of the NIST Incident Response Lifecycle involves returning affected systems back to normal operations?

  • Recovery
  • Containment
  • Response
  • Eradication

28. What questions can be asked during a lessons learned meeting? Select three answers.

  • What time did the incident happen?
  • Which employee is to blame?
  • What could have been done differently?
  • What were the actions taken for recovery?

Shuffle Q/A 3

29. In the NIST Incident Response Lifecycle, what is the term used to describe the prompt discovery of security events?

  • Preparation
  • Detection
  • Validation
  • Investigation

30. In incident response, documentation provides an established set of guidelines that members of an organization can follow to complete a task. What documentation benefit does this provide?

  • Reliability
  • Integrity
  • Standardization
  • Transparency

Leave a Reply