Scribd
Upload
7 views7 pages

Incident Response and Security Attacks Quiz

The document presents a series of questions related to incident response, security controls, and attack types, aimed at assessing knowledge in cybersecurity practices. Key topics include incident containment, remediation, types of attacks such as DoS and zero-day exploits, and the roles of intrusion detection systems. It also highlights the importance of proper incident handling and accountability in security management.

Uploaded by

Nono Bon2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
7 views7 pages

Incident Response and Security Attacks Quiz

The document presents a series of questions related to incident response, security controls, and attack types, aimed at assessing knowledge in cybersecurity practices. Key topics include incident containment, remediation, types of attacks such as DoS and zero-day exploits, and the roles of intrusion detection systems. It also highlights the importance of proper incident handling and accountability in security management.

Uploaded by

Nono Bon2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Domaine 7-ANG

1- Which of the following is the best response after detecting and


verifying an incident?

a. Contain it.
b. Report it.
c. Remediate it.
d. Gather evidence.

2- Which of the following would security personnel do during the


remediation stage of an incident response?

a. Contain the incident


b. Collect evidence
c. Rebuild system
d. Root cause analysis

3- Which of the following are DoS attacks? (Choose three.)

a. Teardrop
b. Smurf
c. Ping of death
d. Spoofing
4- How does a SYN flood attack work?

a. Exploits a packet processing glitch in Windows systems


b. Uses an amplification network to flood a victim with packets
c. Disrupts the three-way handshake used by TCP
d. Sends oversized ping packets to a victim

5- A web server hosted on the internet was recently attacked, exploiting


a vulnerability in the operating system. The operating system vendor
assisted in the incident investigation and verified that the
vulnerability was not previously known. What type of attack was
this?

a. Botnet
b. Zero-day exploit
c. Denial of service
d. Distributed denial of service

6- Of the following choices, which is the most common method of


distributing malware?

a. Drive-by downloads
b. USB flash drives
c. Ransomware
d. Unapproved software

7- Of the following choices, what indicates the primary purpose of an


intrusion detection system (IDS)?
a. Detect abnormal activity
b. Diagnose system failures
c. Rate system performance
d. Test a system for vulnerabilities

8- Which of the following is true for a host-based intrusion detection


system (HIDS)?

a. It monitors an entire network.


b. It monitors a single system.
c. It’s invisible to attackers and authorized users.
d. It cannot detect malicious code.

9- Which of the following is a fake network designed to tempt intruders


with unpatched and unprotected security vulnerabilities and false
data?

a. IDS
b. Honeynet
c. Padded cell
d. Pseudo flaw

10 -Of the following choices, what is the best form of anti-malware


protection?

a. Multiple solutions on each system


b. A single solution throughout the organization
c. Anti-malware protection at several locations
d. One-hundred-percent content filtering at all border gateways

11-When using penetration testing to verify the strength of your security


policy, which of the following is not recommended?

Mimicking attacks previously perpetrated against your system


Performing attacks without management knowledge
Using manual and automated attack tools
Reconfiguring the system to resolve any discovered vulnerabilities

12-What is used to keep subjects accountable for their actions while they
are authenticated to a system?

Authentication
Monitoring
Account lockout
User entitlement reviews

13- What type of a security control is an audit trail?

Administrative
Detective
Corrective
Physical
14- Which of the following options is a methodical examination or review of
an environment to ensure compliance with regulations and to detect
abnormalities, unauthorized occurrences, or outright crimes?

Penetration testing
Auditing
Risk analysis
Entrapment

15- What can be used to reduce the amount of logged or audited data using
nonstatistical methods?

Clipping levels
Sampling
Log analysis
Alarm triggers

16- Which of the following focuses more on the patterns and trends of data
than on the actual content?

Keystroke monitoring
Traffic analysis
Event logging
Security auditing
17-What would detect when a user has more privileges than necessary?

Account management
User entitlement audit
Logging
Reporting

-Refer to the following scenario when answering questions 18 through 20.


An organization has an incident response plan that requires reporting
incidents after verifying them. For security purposes, the organization has
not published the plan. Only members of the incident response team know
about the plan and its contents. Recently, a server administrator noticed
that a web server he manages was running slower than normal. After a
quick investigation, he realized an attack was coming from a specific IP
address. He immediately rebooted the web server to reset the connection
and stop the attack. He then used a utility he found on the internet to
launch a protracted attack against this IP address for several hours. Because
attacks from this IP address stopped, he didn’t report the incident.
18-What should have been done before rebooting the web server?

Review the incident


Perform remediation steps
Take recovery steps
Gather evidence
19- Which of the following indicates the most serious mistake the server
administrator made in this incident?
Rebooting the server
Not reporting the incident
Attacking the IP address
Resetting the connection

20 What was missed completely in this incident?


Lessons learned
Detection
Response
Recovery

You might also like