(CPIA) Crest Practitioner Intrusion Analyst Practice Exam
1. Which phase of the incident response lifecycle focuses on establishing a timeline by
documenting events as they occur?
A. Detection
B. Incident Chronology
C. Containment
D. Recovery
Answer: B
Explanation: Incident chronology involves recording the sequence of events to build a detailed
timeline of the incident.
2. In the context of engagement lifecycle management, which stage typically occurs
immediately after an incident is detected?
A. Containment
B. Initial Notification
C. Resolution
D. Post-Incident Review
Answer: B
Explanation: Initial notification follows detection to alert relevant stakeholders about the
incident.
3. What is the primary purpose of maintaining interim reporting during incident handling?
A. To finalize the investigation
B. To inform management about ongoing developments
C. To delete unnecessary records
D. To immediately restore services
Answer: B
Explanation: Interim reporting keeps management and stakeholders updated on the evolving
situation.
4. Which of the following best describes the term “threat assessment” in incident handling?
A. Measuring network speed
B. Evaluating potential risks and their impact
C. Analyzing file permissions
D. Developing software patches
,Answer: B
Explanation: Threat assessment evaluates risks and determines the severity and potential
impact of an incident.
5. During incident handling, why is legal compliance important?
A. It speeds up data deletion
B. It ensures that response actions adhere to laws and regulations
C. It minimizes hardware damage
D. It increases network throughput
Answer: B
Explanation: Legal compliance ensures that the incident response process meets regulatory and
legal requirements.
6. Which skill is essential for effective communication during the incident response process?
A. Coding proficiency
B. Soft skills
C. Hardware repair
D. Graphic design
Answer: B
Explanation: Soft skills facilitate clear communication, coordination, and stakeholder
engagement during incidents.
7. When documenting the chronology of an incident, which detail is most critical?
A. Employee personal details
B. Sequence of events with timestamps
C. Marketing strategies
D. Software version numbers
Answer: B
Explanation: Timestamps and event sequences provide a clear, chronological record that is vital
for analysis.
8. What does “engagement lifecycle management” primarily emphasize in incident response?
A. Financial budgeting
B. System performance optimization
C. Managing interactions from detection through resolution
D. Marketing outreach
,Answer: C
Explanation: Engagement lifecycle management is about overseeing the entire incident
response process from start to finish.
9. Which of the following is most critical for record keeping during incident handling?
A. Vague summaries
B. Detailed and accurate documentation
C. Minimal data logging
D. Irregular updates
Answer: B
Explanation: Detailed documentation is essential to understand the incident and support legal
or forensic investigations.
10. In incident handling, what is the purpose of a final results report?
A. To hide investigation details
B. To summarize findings and lessons learned
C. To increase the incident’s severity
D. To allocate new hardware
Answer: B
Explanation: The final report encapsulates the incident’s analysis, findings, and
recommendations for future improvements.
11. What is the primary function of IPv4 in networking?
A. To enable wireless charging
B. To route data packets between devices
C. To encrypt data on disk
D. To monitor system logs
Answer: B
Explanation: IPv4 is responsible for routing data packets across networks using a 32-bit
addressing scheme.
12. How does IPv6 differ from IPv4?
A. It uses a 32-bit address scheme
B. It eliminates the need for DNS
C. It provides a vastly larger address space
D. It only works with wireless networks
, Answer: C
Explanation: IPv6 uses a 128-bit addressing scheme, significantly expanding the available
address space.
13. Which network architecture design is primarily focused on reducing single points of
failure?
A. Flat network design
B. Star topology
C. Mesh network
D. Ring topology
Answer: C
Explanation: Mesh networks allow multiple paths for data, reducing reliance on a single
connection.
14. What is the primary advantage of using a hierarchical network architecture?
A. It increases network complexity
B. It simplifies troubleshooting and management
C. It reduces bandwidth
D. It removes all security measures
Answer: B
Explanation: Hierarchical architectures organize the network in layers, making it easier to
manage and troubleshoot issues.
15. Which tool category is typically used for monitoring network traffic in intrusion analysis?
A. Word processors
B. Packet sniffers
C. Spreadsheet software
D. Image editors
Answer: B
Explanation: Packet sniffers capture and analyze network traffic, making them essential for
intrusion detection.
16. OS fingerprinting is a technique used to:
A. Install operating systems remotely
B. Identify the operating system of a target host based on network traffic
C. Encrypt data on a disk
D. Backup system configurations
1. Which phase of the incident response lifecycle focuses on establishing a timeline by
documenting events as they occur?
A. Detection
B. Incident Chronology
C. Containment
D. Recovery
Answer: B
Explanation: Incident chronology involves recording the sequence of events to build a detailed
timeline of the incident.
2. In the context of engagement lifecycle management, which stage typically occurs
immediately after an incident is detected?
A. Containment
B. Initial Notification
C. Resolution
D. Post-Incident Review
Answer: B
Explanation: Initial notification follows detection to alert relevant stakeholders about the
incident.
3. What is the primary purpose of maintaining interim reporting during incident handling?
A. To finalize the investigation
B. To inform management about ongoing developments
C. To delete unnecessary records
D. To immediately restore services
Answer: B
Explanation: Interim reporting keeps management and stakeholders updated on the evolving
situation.
4. Which of the following best describes the term “threat assessment” in incident handling?
A. Measuring network speed
B. Evaluating potential risks and their impact
C. Analyzing file permissions
D. Developing software patches
,Answer: B
Explanation: Threat assessment evaluates risks and determines the severity and potential
impact of an incident.
5. During incident handling, why is legal compliance important?
A. It speeds up data deletion
B. It ensures that response actions adhere to laws and regulations
C. It minimizes hardware damage
D. It increases network throughput
Answer: B
Explanation: Legal compliance ensures that the incident response process meets regulatory and
legal requirements.
6. Which skill is essential for effective communication during the incident response process?
A. Coding proficiency
B. Soft skills
C. Hardware repair
D. Graphic design
Answer: B
Explanation: Soft skills facilitate clear communication, coordination, and stakeholder
engagement during incidents.
7. When documenting the chronology of an incident, which detail is most critical?
A. Employee personal details
B. Sequence of events with timestamps
C. Marketing strategies
D. Software version numbers
Answer: B
Explanation: Timestamps and event sequences provide a clear, chronological record that is vital
for analysis.
8. What does “engagement lifecycle management” primarily emphasize in incident response?
A. Financial budgeting
B. System performance optimization
C. Managing interactions from detection through resolution
D. Marketing outreach
,Answer: C
Explanation: Engagement lifecycle management is about overseeing the entire incident
response process from start to finish.
9. Which of the following is most critical for record keeping during incident handling?
A. Vague summaries
B. Detailed and accurate documentation
C. Minimal data logging
D. Irregular updates
Answer: B
Explanation: Detailed documentation is essential to understand the incident and support legal
or forensic investigations.
10. In incident handling, what is the purpose of a final results report?
A. To hide investigation details
B. To summarize findings and lessons learned
C. To increase the incident’s severity
D. To allocate new hardware
Answer: B
Explanation: The final report encapsulates the incident’s analysis, findings, and
recommendations for future improvements.
11. What is the primary function of IPv4 in networking?
A. To enable wireless charging
B. To route data packets between devices
C. To encrypt data on disk
D. To monitor system logs
Answer: B
Explanation: IPv4 is responsible for routing data packets across networks using a 32-bit
addressing scheme.
12. How does IPv6 differ from IPv4?
A. It uses a 32-bit address scheme
B. It eliminates the need for DNS
C. It provides a vastly larger address space
D. It only works with wireless networks
, Answer: C
Explanation: IPv6 uses a 128-bit addressing scheme, significantly expanding the available
address space.
13. Which network architecture design is primarily focused on reducing single points of
failure?
A. Flat network design
B. Star topology
C. Mesh network
D. Ring topology
Answer: C
Explanation: Mesh networks allow multiple paths for data, reducing reliance on a single
connection.
14. What is the primary advantage of using a hierarchical network architecture?
A. It increases network complexity
B. It simplifies troubleshooting and management
C. It reduces bandwidth
D. It removes all security measures
Answer: B
Explanation: Hierarchical architectures organize the network in layers, making it easier to
manage and troubleshoot issues.
15. Which tool category is typically used for monitoring network traffic in intrusion analysis?
A. Word processors
B. Packet sniffers
C. Spreadsheet software
D. Image editors
Answer: B
Explanation: Packet sniffers capture and analyze network traffic, making them essential for
intrusion detection.
16. OS fingerprinting is a technique used to:
A. Install operating systems remotely
B. Identify the operating system of a target host based on network traffic
C. Encrypt data on a disk
D. Backup system configurations
