ACTUAL Exam Questions and CORRECT
Answers
Who typically performs root cause analysis? - CORRECT ANSWER - CSIRT incident
analysts
When during the incident response process is root cause analysis most commonly performed? -
CORRECT ANSWER - During detailed incident analysis
What preparations best enable root cause analysis? - CORRECT ANSWER - Having
defined threat vectors and access to data sources that confirm or refute those threat vectors
The cyber kill chain model would be least useful for an incident involving which of the
following threat vectors? - CORRECT ANSWER - Insider attack
Which of the following might be an example of an incident with no attacker? - CORRECT
ANSWER - Lost equipment
What is a cyber kill chain? - CORRECT ANSWER - A systematic process to target and
engage an adversary to create desired effects
What is root cause analysis? - CORRECT ANSWER - A method for understanding the
problems that allowed an attack to occur
The results of root cause analysis are typically used for which of the following? - CORRECT
ANSWER - Developing an appropriate course of action for incident mitigation
Which of the following are among the seven steps in the Lockheed Martin cyber kill chain
model? - CORRECT ANSWER - Reconnaissance, exploitation, and installation