1. In the context of incident response, what does the term 'root cause
analysis' refer to?
A. Identifying the attacker’s identity
B. Evaluating the success of the recovery efforts
C. Determining the underlying cause of the security incident
D. Monitoring affected systems after the incident
Answer: C) Determining the underlying cause of the security incident
Rationale: Root cause analysis involves identifying the fundamental
issue that led to the security incident, which helps in preventing similar
incidents in the future.
2. What is the primary function of an Intrusion Detection System
(IDS)?
A. To detect unauthorized access attempts and log them for analysis
B. To encrypt traffic between devices on the network
C. To block known malicious traffic automatically
D. To create firewall rules based on traffic analysis
Answer: A) To detect unauthorized access attempts and log them for
analysis
,Rationale: IDS is designed to detect suspicious or unauthorized
activities on a network and log those events for analysis. It does not
typically block traffic like an Intrusion Prevention System (IPS) would.
3. What should be the first step in an incident response plan when a
breach is detected?
A. Contain the incident to prevent further damage
B. Notify the public about the breach
C. Analyze the breach to determine its cause
D. Restore affected systems from backups
Answer: A) Contain the incident to prevent further damage
Rationale: Containing the incident immediately prevents further
damage and limits the spread of the breach, enabling the incident
response team to address the issue effectively.
4. What is the purpose of security awareness training in an
organization?
A. To reduce the number of vulnerabilities in software
B. To ensure that employees follow best practices and recognize
potential threats
C. To monitor employee activities on the network
D. To implement strong encryption for company data
Answer: B) To ensure that employees follow best practices and
recognize potential threats
, Rationale: Security awareness training educates employees on
recognizing and responding to security threats like phishing and social
engineering, promoting a culture of security.
5. What type of attack is most commonly detected by a Security
Information and Event Management (SIEM) system?
A. Zero-day attacks
B. Phishing attacks
C. Distributed Denial-of-Service (DDoS) attacks
D. Brute-force login attempts
Answer: D) Brute-force login attempts
Rationale: SIEM systems are designed to monitor and detect patterns
of activity, such as brute-force login attempts, which involve repeated
attempts to guess user passwords.
6. Which of the following is a key aspect of security awareness training
for employees?
A. Ensuring all employees are granted administrative access
B. Teaching employees how to identify phishing emails
C. Disabling all antivirus software on user systems
D. Allowing unrestricted access to external websites
Answer: B) Teaching employees how to identify phishing emails
analysis' refer to?
A. Identifying the attacker’s identity
B. Evaluating the success of the recovery efforts
C. Determining the underlying cause of the security incident
D. Monitoring affected systems after the incident
Answer: C) Determining the underlying cause of the security incident
Rationale: Root cause analysis involves identifying the fundamental
issue that led to the security incident, which helps in preventing similar
incidents in the future.
2. What is the primary function of an Intrusion Detection System
(IDS)?
A. To detect unauthorized access attempts and log them for analysis
B. To encrypt traffic between devices on the network
C. To block known malicious traffic automatically
D. To create firewall rules based on traffic analysis
Answer: A) To detect unauthorized access attempts and log them for
analysis
,Rationale: IDS is designed to detect suspicious or unauthorized
activities on a network and log those events for analysis. It does not
typically block traffic like an Intrusion Prevention System (IPS) would.
3. What should be the first step in an incident response plan when a
breach is detected?
A. Contain the incident to prevent further damage
B. Notify the public about the breach
C. Analyze the breach to determine its cause
D. Restore affected systems from backups
Answer: A) Contain the incident to prevent further damage
Rationale: Containing the incident immediately prevents further
damage and limits the spread of the breach, enabling the incident
response team to address the issue effectively.
4. What is the purpose of security awareness training in an
organization?
A. To reduce the number of vulnerabilities in software
B. To ensure that employees follow best practices and recognize
potential threats
C. To monitor employee activities on the network
D. To implement strong encryption for company data
Answer: B) To ensure that employees follow best practices and
recognize potential threats
, Rationale: Security awareness training educates employees on
recognizing and responding to security threats like phishing and social
engineering, promoting a culture of security.
5. What type of attack is most commonly detected by a Security
Information and Event Management (SIEM) system?
A. Zero-day attacks
B. Phishing attacks
C. Distributed Denial-of-Service (DDoS) attacks
D. Brute-force login attempts
Answer: D) Brute-force login attempts
Rationale: SIEM systems are designed to monitor and detect patterns
of activity, such as brute-force login attempts, which involve repeated
attempts to guess user passwords.
6. Which of the following is a key aspect of security awareness training
for employees?
A. Ensuring all employees are granted administrative access
B. Teaching employees how to identify phishing emails
C. Disabling all antivirus software on user systems
D. Allowing unrestricted access to external websites
Answer: B) Teaching employees how to identify phishing emails
