NIST 800-61 interview questions well
answered graded A+
Front: What is the purpose of NIST 800-61, and how is it used in incident response? - correct
answer ✔✔ Back: NIST 800-61 is a guide for conducting effective incident response within
organizations. It provides a structured process for handling security incidents to minimize
impact and restore services quickly. It's used as a standard practice for planning, executing, and
improving incident response.
Front: What are the six steps of the incident response process, as outlined in NIST 800-61? -
correct answer ✔✔ Back: The six steps are: 1) Preparation, 2) Identification, 3) Containment, 4)
Eradication, 5) Recovery, 6) Lessons Learned.
Front: How would you define an incident, and what types of incidents might a company
experience? - correct answer ✔✔ Back: An incident is an event that adversely affects the
confidentiality, integrity, or availability of an information system. Companies might experience
incidents such as data breaches, malware infections, unauthorized access, and service
disruptions.
Front: What are some common indicators of compromise, and how might you detect them
during an incident? - correct answer ✔✔ Back: Common indicators include unusual outbound
network traffic, anomalies in privileged user account activity, spikes in database read volume,
and files with mismatched extensions. Detection methods include monitoring tools, logs
analysis, and anomaly detection systems.
Front: What is the importance of incident documentation and reporting, and how would you go
about documenting an incident? - correct answer ✔✔ Back: Incident documentation and
reporting are crucial for legal compliance, understanding attack vectors, and improving response
strategies. Documentation should include time of detection, affected systems, steps taken to
respond, and resolution details.
answered graded A+
Front: What is the purpose of NIST 800-61, and how is it used in incident response? - correct
answer ✔✔ Back: NIST 800-61 is a guide for conducting effective incident response within
organizations. It provides a structured process for handling security incidents to minimize
impact and restore services quickly. It's used as a standard practice for planning, executing, and
improving incident response.
Front: What are the six steps of the incident response process, as outlined in NIST 800-61? -
correct answer ✔✔ Back: The six steps are: 1) Preparation, 2) Identification, 3) Containment, 4)
Eradication, 5) Recovery, 6) Lessons Learned.
Front: How would you define an incident, and what types of incidents might a company
experience? - correct answer ✔✔ Back: An incident is an event that adversely affects the
confidentiality, integrity, or availability of an information system. Companies might experience
incidents such as data breaches, malware infections, unauthorized access, and service
disruptions.
Front: What are some common indicators of compromise, and how might you detect them
during an incident? - correct answer ✔✔ Back: Common indicators include unusual outbound
network traffic, anomalies in privileged user account activity, spikes in database read volume,
and files with mismatched extensions. Detection methods include monitoring tools, logs
analysis, and anomaly detection systems.
Front: What is the importance of incident documentation and reporting, and how would you go
about documenting an incident? - correct answer ✔✔ Back: Incident documentation and
reporting are crucial for legal compliance, understanding attack vectors, and improving response
strategies. Documentation should include time of detection, affected systems, steps taken to
respond, and resolution details.
