Post Test #1

Started on Sunday, January 10, 2016, 9:47 PM

State Finished
Completed on Sunday, January 10, 2016, 9:52 PM
Time taken 5 mins 50 secs
Points 17.00/20.00
Grade 85.00 out of 100.00
Question 1
Incorrect
0.00 points out of 1.00
Flag question

Question text
Based on discussion in the text, which one of the following is NOT true about cyber
security incidents?

Select one:
a. Cyber security incidents are caused by human acts.

b. Cyber security incidents involve IT systems.

c. Cyber security incidents can be caused by natural disasters.

d. A cyber security incident is a cyber event that compromises cyber information

assets.

Question 2
Incorrect
0.00 points out of 1.00
 Flag question

Question text
What does ISO's Code of Practice of Information Security describe?

Select one:
a. Structure and guidelines in regard to forming and operating computer security

response teams

b. How organizations should monitor and detect cyber events

c. An organization's procedures in regard to the effective handling of computer security

incidents
d. A comprehensive set of business practices for information security

Question 3
Correct
1.00 points out of 1.00
Flag question

Question text
Benefits to cyber security incident management include:

Select one:
a. Being informed of all employee activity

b. Knowing how to use evidence as a competitive advantage

c. Using information gained to better prepare for future incidents

d. All of the above

Question 4
Correct
1.00 points out of 1.00
Flag question

Question text
During the protection phase of cyber security incident management, one of the key
activities is:

Select one:
a. Detection of events

b. Definition of services to be performed

c. Creation of incident policies

d. Specification of procedures

Question 5
Correct
1.00 points out of 1.00
Flag question

Question text
The NIST SP 800-61 standard describes:

Select one:
a. A comprehensive set of business practices for information security
b. Structure and guidelines in regard to forming and operating computer security

response teams
c. How organizations should monitor and detect cyber events

d. An organization's procedure in regard to the effective handling of computer security

incidents

Question 6
Correct
1.00 points out of 1.00
Flag question

Question text
What is cyber incident triage?

Select one:
a. Analysis of audit information produced by monitoring

b. Receiving, categorizing, and prioritizing of incidents

c. Examination of data within and between network IP packets

d. Determining the human perpetrator of an incident

Question 7
Correct
1.00 points out of 1.00
Flag question

Question text
Why are preventative measures alone insufficient for effective cyber security?

Select one:
a. Preventative measures are based upon risk analysis of past events.

b. Some types of attacks cannot be prevented.

c. New types of attacks are constantly being developed.

d. All of the above

Question 8
Correct
1.00 points out of 1.00
Flag question

Question text
NIST SP 800-61 describes what organizations should do in regard to the effective
handling of ________.

Select one:
a. Cyber events

b. Computer room security

c. Organizational security

d. Computer security incidents

Question 9
Correct
1.00 points out of 1.00
Flag question
Question text
The preparation phase of cyber security incident management involves the creation of:

Select one:
a. Policies

b. Services

c. Procedures

d. All of the above

Question 10
Correct
1.00 points out of 1.00
Flag question

Question text
Which of the following statements about worms is TRUE?

Select one:
a. A worm is not malicious.

b. A worm cannot be transmitted over a network.

c. A worm does not require a host for transference to other computers.

d. None of the above

Question 11
Correct
1.00 points out of 1.00
 Flag question

Question text
Which one of the following is NOT part of the preparation phase of cyber incident
management?

Select one:
a. Standards

b. Procedures

c. Triage

d. All of the above

Question 12
Correct
1.00 points out of 1.00
Flag question

Question text
________ is only second to viruses in the number of cyber incidents reported in 2008.

Select one:
a. Unauthorized access

b. Insider abuse

c. Financial fraud

d. Sabotage

Question 13
Correct
1.00 points out of 1.00
Flag question

Question text
The CERT Handbook describes:

Select one:
a. An organization's procedure in regard to the effective handling of computer security

incidents
b. Structure and guidelines in regard to forming and operating computer security

response teams

c. A comprehensive set of business practices for information security

d. How organizations should monitor and detect cyber events

Question 14
Correct
1.00 points out of 1.00
Flag question

Question text
What is eradication in cyber security?

Select one:
a. Completely removing the infecting agent or establishing measures to make systems

invulnerable to such an agent

b. Receiving, categorizing, and prioritizing of incident data

c. The restoration of normal operations

d. Determining the human perpetrator of an incident

Question 15
Incorrect
0.00 points out of 1.00
Flag question

Question text
How would a session hijack be described?

Select one:
a. An attempt to trick a web user into entering personal information

b. An attempt to make a computer system unavailable

c. An attempt to turn a user's computer into a zombie

d. An exploitation of a computer session via social engineering

Question 16
Correct
1.00 points out of 1.00
Flag question

Question text
What is the role of the US-CERT?

Select one:
a. US-CERT is the focal point for cyber security incidents in the US.

b. US-CERT has responsibility as the Federal Incident Management Center for the US

Federal Government.
c. US-CERT publishes documents to aid organizations in regard to cyber incident

response management.
d. All of the above

Question 17
Correct
1.00 points out of 1.00
Flag question

Question text
Which one of the following is NOT a key activity in the protection phase of cyber
incident management?

Select one:
a. Detection of events

b. Definition of services to be performed

c. Identification of root causes

d. All of the above

Question 18
Correct
1.00 points out of 1.00
Flag question
Question text
Information availability is compromised when authorized users cannot get proper
________ information in the customary and usable manner.

Select one:
a. Write permission to

b. Access to

c. Credentials of

d. All of the above

Question 19
Correct
1.00 points out of 1.00
Flag question

Question text
What is cyber incident containment?

Select one:
a. Restoring normal operations

b. Receiving, categorizing, and prioritizing of incident

c. Removing the infecting agent or taking measures to make system invulnerable to the

agent
d. Taking measures to limit the damage caused by an incident

Question 20
Correct
1.00 points out of 1.00
 Flag question

Question text
What is cyber security incident management? (Select the BEST answer)

Select one:
a. Cyber security incident management involves the processes to provide for the

organization's business continuity.

b. Cyber security incident management encompasses the identification of incident

perpetrators, the preservation of evidence, and the prosecution of guilty parties.

c. Cyber security incident management encompasses all of the tasks and actions

necessary to secure and protect an organization's critical information assets.

d. Cyber security incident management involves the monitoring and detection of

computer and network security events and the execution of defined repeatable
procedures to effectively handle such events.