To whom should an information security incident be reported?

A.

It should not be reported at all and it is better to resolve it internally

B.

Human resources and Legal Department

C.

It should be reported according to the incident reporting & handling policy

D.

Chief Information Security Officer

Which of the following is NOT one of the common techniques used to detect Insider threats:

A.

Spotting an increase in their performance

B.

Observing employee tardiness and unexplained absenteeism

C.

Observing employee sick leaves

D.

Spotting conflicts with supervisors and coworkers

Incident response team must adhere to the following:

A.

Stay calm and document everything

B.

Assess the situation

C.

Notify appropriate personnel

D.

All the above

What is the best staffing model for an incident response team if current employees’ expertise is very low?

A.

Fully outsourced

B.

Partially outsourced

C.

Fully insourced

D.

All the above

An access control policy authorized a group of users to perform a set of actions on a set of resources. Access
to resources is based on necessity and if a particular job role requires the use of those resources. Which of the
following is NOT a fundamental element of access control policy

A.

Action group: group of actions performed by the users on resources

B.

Development group: group of persons who develop the policy

C.

Resource group: resources controlled by the policy

D.

Access group: group of users to which the policy applies

A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is
targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect
multiple systems which are known as:

A.

Trojans

B.

Zombies

C.

Spyware

D.

Worms

A computer forensic investigator must perform a proper investigation to protect digital evidence. During the
investigation, an investigator needs to process large amounts of data using a combination of automated and
manual methods. Identify the computer forensic process involved:

A.

Analysis

B.

Preparation

C.

Examination

D.

Collection

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of
the following steps focus on limiting the scope and extent of an incident?

A.

Eradication

B.

Containment

C.

Identification

D.

Data collection

Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any
digital media device. Of the following, who is responsible for examining the evidence acquired and separating
the useful evidence?

A.

Evidence Supervisor

B.

Evidence Documenter

C.

Evidence Manager

D.

Evidence Examiner/ Investigator

The process of rebuilding and restoring the computer systems affected by an incident to normal operational
stage including all the processes, policies and tools is known as:

A.

Incident Management

B.

Incident Response

C.

Incident Recovery

D.

Incident Handling

Incident Response Plan requires

A.

Financial and Management support

B.

Expert team composition

C.

Resources

D.

All the above

The typical correct sequence of activities used by CSIRT when handling a case is:

A.

Log, inform, maintain contacts, release information, follow up and reporting

B.

Log, inform, release information, maintain contacts, follow up and reporting

C.

Log, maintain contacts, inform, release information, follow up and reporting

D.

Log, maintain contacts, release information, inform, follow up and reporting