The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

A.

An Adware

B.

Mail bomb

C.

A Virus Hoax

D.

Spear Phishing

The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and G.

A.

A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human
Resource, F-Constituency, G-Incident Manager

B.

A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human
Resource, F-Constituency, G-Incident Manager

C.

A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-Incident Analyst, G-Public relations

D.

A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Coordinator

The Malicious code that is installed on the computer without user’s knowledge to acquire information from the
user’s machine and send it to the attacker who can access it remotely is called:

A.

Spyware

B.

Logic Bomb

C.

Trojan

D.

Worm

Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?

A.

Apply the control

B.

Not to apply the control

C.

Use qualitative risk assessment

D.

Use semi-qualitative risk assessment instead

The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by anti-spyware tools is most likely called:

A.

Software Key Grabber

B.

Hardware Keylogger

C.

USB adapter

D.

Anti-Keylogger

The largest number of cyber-attacks are conducted by:

A.

Insiders

B.

Outsiders

C.

Business partners

D.

Suppliers

Which test is conducted to determine the incident recovery procedures effectiveness?

A.

Live walk-throughs of procedures

B.

Scenario testing

C.

Department-level test

D.

Facility-level test

The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

A.

Computer Forensics

B.

Digital Forensic Analysis

C.

Forensic Readiness

D.

Digital Forensic Policy

Incident management team provides support to all users in the organization that are affected by the threat or attack. The organization’s internal auditor is part of the incident response team. Identify one of the responsibilities of the internal auditor as part of the incident response team:

A.

Configure information security controls

B.

Perform necessary action to block the network traffic from suspected intruder

C.

Identify and report security loopholes to the management for necessary actions

D.

Coordinate incident containment activities with the information security officer

The role that applies appropriate technology and tries to eradicate and recover from the incident is known as:

A.

Incident Manager

B.

Incident Analyst

C.

Incident Handler

D.

Incident coordinator

The correct sequence of incident management process is:

A.

Prepare, protect, triage, detect and respond

B.

Prepare, protect, detect, triage and respond

C.

Prepare, detect, protect, triage and respond

D.

Prepare, protect, detect, respond and triage

CERT members can provide critical support services to first responders such as:

A.

Immediate assistance to victims

B.

Consolidated automated service process management platform

C.

Organizing spontaneous volunteers at a disaster site

D.

A + C