Incident Response Activities Quiz

Which part of the incident response process involves establishing and maintaining the incident response capability as well as setting up an incident response team?

Preparation

In the incident response process, the step that involves identifying and understanding potential incidents to determine their scope, impact, and root cause is a part of the:

Detection and analysis stage

Which of the following answers refer(s) to the containment, eradication, and recovery stage of the incident response process? (Select all that apply)

• Restoring normal operations

• Eliminating the threat

• Mitigating the impact of the incident 

Which stage of the incident response process involves updating incident response plans, policies, and procedures?

Post-incident activity

Which of the answers listed below refers to a discussion-based activity where team members walk through different scenarios to evaluate the incident response plan without activating any systems?

Tabletop exercise

Which of the following answers refers to a more in-depth exercise, which can include activating systems and performing real actions to respond to the incident?

Simulation

 During the post-incident activity stage, this step involves analyzing logs, forensics data, and other evidence to prevent incident reoccurrence.

Root cause analysis

The term "Threat hunting" refers to a proactive search for IoC to identify and address potential threats and vulnerabilities before they can escalate into full-blown incidents.

True

The process of maintaining a documented record of the handling and movement of evidence to ensure its integrity and admissibility in court is called:

Chain of custody

The process of identifying, collecting, and producing electronically stored information with the intent of using it in a legal proceeding or investigation is referred to as:

E-discovery