Business > EXAM > FEDVTE Foundations of Incident Management 51 Questions with Verified Answers,100% CORRECT (All)

FEDVTE Foundations of Incident Management 51 Questions with Verified Answers,100% CORRECT

Document Content and Description Below

FEDVTE Foundations of Incident Management 51 Questions with Verified Answers Political motivations and financial interests are the two most common motivations behind current cyber threats. A. Tr... ue B. False - CORRECT ANSWER A. True Information sharing only aligns with the respond process in incident management activities. A. True B. False - CORRECT ANSWER B. False Sensors are defined only as technical or information systems. A. True B. False - CORRECT ANSWER B. False Eradication consists of short-term, tactical actions. A. True B. False - CORRECT ANSWER B. False Containment strategies may include: A. Rebuilding systems from original media B. Remediating vulnerabilities C. Leaving systems online D. Shutting down a service - CORRECT ANSWER D. Shutting down a service Which of the following is a decision that might need to be made ahead of time as part of the Prepare process? A. When and if forensics evidence will be collected B. When, if, and how law enforcement will be involved C. What systems can be isolated or shutdown D. Who to notify when handling certain incidents E. All of the above F. None of the above - CORRECT ANSWER E. All of the above What are the three impact attributes described in the course material? A. Function, Availability, Impact B. Availability, Information, Confidentiality C. Function, Information, Recoverability D. Recoverability, Externality, Impact - CORRECT ANSWER C. Function, Information, Recoverability Which of the following is NOT a method of conducting operational exercises? A. Table top scenarios B. Virtual simulations C. Vulnerability scanning D. Capture the flag competition - CORRECT ANSWER C. Vulnerability scanning Information sharing protocols include: A. STIX / CAB B. IDGEMF C. OpenSOC D. CRITS - CORRECT ANSWER D. CRITS Which of the following is NOT an approach for institutionalizing an incident management capability? A. National CSIRT B. Network and security operations center (NSOC) C. Red team D. Crisis management team E. Security incident response team - CORRECT ANSWER C. Red team Elements of situational awareness are only technical in nature. A. True B. False - CORRECT ANSWER B. False Which of the following are NOT considered indicators of compromise (IOCs)? A. Domain names B. Virus signatures C. Timestamps D. Registry keys - CORRECT ANSWER C. Timestamps Postmortems can be done after an incident to identify: A. What went right B. What went wrong C. Training needs D. Tools needed E. A and B only F. C and D only G. B and C only H. None of the above I. All of the above - CORRECT ANSWER I. All of the above Incident response only starts once you receive an incident report. A. True B. False - CORRECT ANSWER B. False Recovery strategies may include: A. Isolating the system from the network B. Improving network and host security C. Modifying access controls D. Deleting malware - CORRECT ANSWER B. Improving network and host security Fusion is the correlation and analysis of information collected from an incident report. A. True B. False - CORRECT ANSWER B. False Which of the following resources will facilitate incident management activities? A. A communication plan B. Data classification schema C. Network topologies and baselines D. Points of Contact (POC) lists E. All of the above F. None of the above - CORRECT ANSWER E. All of the above Which of the following is NOT considered a type of analysis? A. Triage B. Situational analysis C. Media analysis D. Mitigation analysis - CORRECT ANSWER B. Situational analysis Which of the following is NOT a response sub-process? A. Planning the response strategy B. Performing malware analysis C. Coordinating response D. Communicating with stakeholders - CORRECT ANSWER B. Performing malware analysis Which of the following staff would NOT be involved in performing incident management functions? A. Human resources (HR) staff B. Public relations (PR) staff C. Internet service providers D. Law enforcement E. Managed service providers F. None of the above G. All of the above - CORRECT ANSWER G. All of the above Three key activities that should be performed throughout all the phases of the incident handling lifecycle are: A. Analysis, detection, and eradication B. Collaboration, containment, and analysis C. Documentation, coordination, and notification D. Communication, collaboration, and containment - CORRECT ANSWER C. Documentation, coordination, and notification Which of the following is true regarding impact analysis and its role in incident management? A. Impact is the sole attribute for assessing risk to an organization B. Impact should always be assessed as a monetary value C. Determining impact and likelihood of an incident assesses the risk a particular situation presents to an organization D. Impact analysis is not important in the context of incident management - CORRECT ANSWER C. Determining impact and likelihood of an incident assesses the risk a particular situation presents to an organization What is a botnet? A. A server controlled by a malicious actor B. A network of computers vulnerable due to poor access controls C. Malicious code infecting an industrial control system D. A collection of compromised computers controlled remotely - CORRECT ANSWER D. A collection of compromised computers controlled remotely Situational awareness should be viewed as a real-time, short-term function. A. True B. False - CORRECT ANSWER A. True If an organization follows key practices for computer network defense it can guarantee that intrusions and other malicious acts will not happen. A. True B. False - CORRECT ANSWER B. False Which of the following are a well-known type of malware? A. Heartbleed B. Shellshock C. Conficker D. Ubuntu - CORRECT ANSWER C. Conficker All of the following are steps organizations should take to respond to incidents with impacts to external actors EXCEPT? A. Organizations should have supply chain plans-of-action ready for when and if an incident impacts their supply chain B. Organizations should create contact information databases in order to contact external actors identified with a potential impact scenario C. Organizations should provide supply chain partners with detailed data on their past and current incident impacts D. Organizations should put in place agreements detailing requirements for supply chain partner notification and responsivity - CORRECT ANSWER C. Organizations should provide supply chain partners with detailed data on their past and current incident impacts Which of the following is NOT considered a sensor? A. A blog B. A motion detector C. An employee resume D. An employee reporting a problem - CORRECT ANSWER C. An employee resume Situational awareness applies to which disciplines? A. Aviation B. Information security C. Self defense D. Emergency response E. All of the above F. None of the above - CORRECT ANSWER E. All of the above Information sharing in the incident management context refers to sharing: A. Threat and mitigation information B. Threat and risk information C. Risk and disaster recovery information D. Business continuity information - CORRECT ANSWER A. Threat and mitigation information Methods for disseminating information may include: A. A. Mailing lists B. B. Blogs C. C. Paper signs D. D. Facebook E. E. A and C only F. F. B and D only G. G. A and B only H. H. None of the above I. I. All of the above - CORRECT ANSWER I. I. All of the above Which statement is true? A. Tactical triage involves determining the business impact B. Strategic triage involves doing a higher level assessment C. Tactical triage requires a good understanding of business drivers D. Strategic triage involves categorizing and assigning reports - CORRECT ANSWER B. Strategic triage involves doing a higher level assessment Response steps do NOT include: A. Containment B. Eradication C. Correlation D. Recovery - CORRECT ANSWER C. Correlation Having a better response process in place enables a higher level of operational resilience. A. True B. False - CORRECT ANSWER A. True Which organization attributes do you NOT need to document in order to properly prepare for an impact assessment? A. Services B. Service criticality C. Legal obligations attributed to services D. Current service availability statistics - CORRECT ANSWER D. Current service availability statistics A data model is an agreed upon form that must be filled out to report an incident: A. True B. False - CORRECT ANSWER B. False Establishing trust is the first step towards creating serious sharing partnerships: A. True B. False - CORRECT ANSWER A. True Which statement is true? A. Incident analysis and media (or forensic) analysis often use the same tools B. Incident analysis and media (or forensic) analysis are equivalent activities C. Incident analysis and media (or forensic) analysis have the same goals D. All incident analysis includes performing media (or forensic) analysis - CORRECT ANSWER A. Incident analysis and media (or forensic) analysis often use the same tools How does amplification modify a denial of service attack? A. Increases the number of network appliances (like firewalls) associated with an attack B. Decreases the frequency of denial of service traffic while increasing the variance C. Modifies target machines in order to more effectively attack the target D. Takes advantage of existing internet infrastructure to greatly increase denial of service traffic - CORRECT ANSWER D. Takes advantage of existing internet infrastructure to greatly increase denial of service traffic The activities within the Triage process include: A. Categorize, coordinate, prioritize, assign B. Identify, categorize, prioritize, assign C. Categorize, correlate, prioritize, assign D. Identify, correlate, categorize, prioritize - CORRECT ANSWER C. Categorize, correlate, prioritize, assign Information to be documented during incident analysis includes: A. Type and results of analysis performed B. Mitigations researched C. Analyst notes related to confidence of information reported D. Who was interviewed concerning the incident E. None of the above F. All of the above - CORRECT ANSWER F. All of the above Threat feeds can come from: A. Vendors B. National CSIRTs C. Sharing communities D. Security organizations E. None of the above F. All of the above - CORRECT ANSWER F. All of the above Incident analysis activities include: A. Diagraming a timeline of activity B. Verifying the integrity of restored data C. Receiving IDS alerts D. Reverse engineering - CORRECT ANSWER A. Diagraming a timeline of activity Which of the following are NOT host-based solutions for detecting or preventing malicious code operations? A. Anti-virus software B. Network boundary firewalls C. Memory management utilities D. Host-based monitoring tools - CORRECT ANSWER B. Network boundary firewalls Fusion analysis is most effective when information is unstructured. A. True B. False - CORRECT ANSWER B. False Others who may be involved in recovery may include: A. Information technology staff B. Database administrators C. Business continuity staff D. System owners E. None of the above F. All of the above - CORRECT ANSWER F. All of the above Swimlanes can be used for the following: A. A. Defining interfaces between organizational components performing incident management B. B. Defining roles and responsibilities for performing incident management C. C. Identifying handoffs of information during incident management D. D. Outlining a workflow for incident management activities E. E. A and B only F. F. A and C only G. G. B and D only H. H. None of the above I. I. All of the above - CORRECT ANSWER I. I. All of the above Which of the following statements are true? A. Incident management and information security are the same activity B. Incident management is part of the information assurance ecosystem C. Incident management is not included in the NICE framework D. Incident management and computer network defense are the same activity - CORRECT ANSWER B. Incident management is part of the information assurance ecosystem Data sources to be collected and reviewed during incident analysis might include: A. A. DNS and whois records B. B. Threat feeds C. C. Application and system logs D. D. Symptoms reported by users E. E. A and C only F. F. B and D only G. G. None of the above H. H. All of the above - CORRECT ANSWER H. H. All of the above Which of these statements is NOT true in relation to the STIX data model? A. Observables describe what has been or might be seen B. Indicators describe instances of specific adversary actions C. Reports describe response actions to be taken D. Courses of actions describe sets of incidents and/or TTPs - CORRECT ANSWER A. Observables describe what has been or might be seen Which of the following are NOT an element of situational awareness? A. Knowledge of potential storms or severe weather B. Knowledge of your competitor?s new products C. Knowledge of the training curriculum for staff D. Knowledge of current security threats and vulnerabilities - CORRECT ANSWER C. Knowledge of the training curriculum for staff [Show More]

Last updated: 8 months ago

Preview 1 out of 14 pages

Add to cart

Instant download

document-preview

Buy this document to get the full access instantly

Instant Download Access after purchase

Add to cart

Instant download

Also available in bundle (1)

ALL FedVTE Exams (20 Sets) Questions with Verified Answers 100% CORRECT

FedVTE Cyber Risk Management for Technicians Questions with Answers,Cyber security Analyst Quiz FedVTE 40 Questions with Verified Answers,FedVTE Windows Operating System Security 50 Questions with Ver...

By Nolan19 8 months ago

$33

20  

Reviews( 0 )

$10.00

Add to cart

Instant download

Can't find what you want? Try our AI powered Search

OR

REQUEST DOCUMENT
56
0

Document information


Connected school, study & course


About the document


Uploaded On

Oct 10, 2023

Number of pages

14

Written in

Seller


seller-icon
Nolan19

Member since 2 years

10 Documents Sold


Additional information

This document has been written for:

Uploaded

Oct 10, 2023

Downloads

 0

Views

 56

Recommended For You

Get more on EXAM »

$10.00
What is Browsegrades

In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.

We are here to help

We're available through e-mail, Twitter, Facebook, and live chat.
 FAQ
 Questions? Leave a message!

Follow us on
 Twitter

Copyright © Browsegrades · High quality services·