Computer Emergency Response Team! Trivia Quiz

25 Questions | Total Attempts: 79

SettingsSettingsSettings
Please wait...
Computer Emergency Response Team! Trivia Quiz

.


Questions and Answers
  • 1. 
    Below are the lists of types of training suitable to train CSIRT except for:
    • A. 

      Establish mentoring system

    • B. 

      Encourage self study

    • C. 

      Involve team members in incident simulation

    • D. 

      None of the above

  • 2. 
    The acceptance of the CSIRT team in an organization depends on:
    • A. 

      Its ability to coordinate with other organizations

    • B. 

      The expertise and professionalism it displays

    • C. 

      Its perceived capabilities

    • D. 

      All of the above

  • 3. 
    Which of these are not part of the steps taken under the preparation phase in Incident Response Methodology?
    • A. 

      Develop the IR policy

    • B. 

      Organize the CSIRT

    • C. 

      Gathering incident logs and write report

    • D. 

      Gathering information from stakeholders and constituency

  • 4. 
    What are the barriers to success in organizing a team?
    • A. 

      Law

    • B. 

      Politics

    • C. 

      Specialist

    • D. 

      None of the above

  • 5. 
    The __________ department typically controls all physical access to the facility.
    • A. 

      Physical security

    • B. 

      Law and regulations

    • C. 

      Human resource

    • D. 

      Administration

  • 6. 
    The most important issue in forming and managing an incident response team is ________.
    • A. 

      Skill members

    • B. 

      Good employer

    • C. 

      Policy

    • D. 

      High end technology

  • 7. 
    Which of the below are skills needed to be included in a SCIRT team?
    • A. 

      Cryptography

    • B. 

      Intrusion detection systems

    • C. 

      Documentation creation and maintenance

    • D. 

      Re-assemble PC

    • E. 

      Managerial experience

  • 8. 
    CSIRT services that are triggered by an event or request, and are the core component of CSIRT work is called:
    • A. 

      Real-time services

    • B. 

      Active services

    • C. 

      Proactive services

    • D. 

      Reactive services

  • 9. 
    Users must be knowledgeable not only about basic security practices but also about what constitutes an anomaly or what might be an incident in the making therefore the need for ______________.
    • A. 

      Testing

    • B. 

      Training

    • C. 

      Further study

    • D. 

      Communicating

  • 10. 
    Which factor is the most important item when it comes to ensuring that security is successful in an organization?
    • A. 

      Effective controls and implementation methods

    • B. 

      Security awareness by all employees

    • C. 

      Updated and relevant security policies and procedures

    • D. 

      Senior management support

  • 11. 
    An organization that would like to form an incident response team would have to focus on reasons.  What are the reasons?
    • A. 

      To build experts

    • B. 

      Ability to Work Proactively

    • C. 

      Outsourcing

    • D. 

      Rely on constituency

  • 12. 
    A server has been compromised by a hacker who used it to send spam messages to thousands of people on the Internet.  A member of the IT staff noticed the problem while monitoring network and service performance over the weekend, and has noticed that several windows are open on the server’s monitor.  He also notices that a program he is unfamiliar with is running on the computer.  He has called you for instructions as to what he should do next.  As the CSIRT team leader, which of the following will you tell him to do immediately?
    • A. 

      Call the police

    • B. 

      Reboot the server to disconnect the hacker from the machine and using the server further

    • C. 

      Document what appears on the screen

    • D. 

      Shut down the server to prevent the hacker from using the server further

  • 13. 
    What has caused the rise in computer crimes and new methods of committing old computer crimes?
    • A. 

      Creation of new software.

    • B. 

      World Wide Web

    • C. 

      New security methods of detecting computer crimes

    • D. 

      Increased use of computer and expansion of the internet and its services

  • 14. 
    How do users prevent and protect themselves against viruses?
    • A. 

      Missing Files or folders should be deleted

    • B. 

      Do not delete or report SPAM from your computer

    • C. 

      Files with weird and obscene messages should be stored

    • D. 

      Do not open e-mail attachments, use an OS that has virus security features, scan other users’ media storage devices before using them on your computer

  • 15. 
    Your machine was infected by a particularly destructive virus. Luckily, you have backups of your data. Which of the following should you do first?
    • A. 

      Restore the data from the backups

    • B. 

      Scan the data from the backups for virus infection

    • C. 

      Boot from an anti-virus CD or floppy to scan and disinfect your machine

    • D. 

      Use the installed anti-virus program to scan and disinfect your machine

  • 16. 
    Which group causes the most risk of fraud and computer compromises?
    • A. 

      Hackers

    • B. 

      Contractors / Suppliers

    • C. 

      Employees

    • D. 

      Vendors

  • 17. 
    Which element must computer evidence have to be admissible in court?
    • A. 

      It must contain source code

    • B. 

      It must be annotated

    • C. 

      It must be printed

    • D. 

      It must be relevant

  • 18. 
    First point to test in the notification process:
    • A. 

      Observing the process

    • B. 

      Straight away conduct test

    • C. 

      Identifying a typical user

    • D. 

      Presenting that user with a form

  • 19. 
    Attack tracing can be implemented in the PDCERF methodology such as:
    • A. 

      Containment, eradication, recovery

    • B. 

      Eradication, recovery, follow up

    • C. 

      Detection, containment, eradication

    • D. 

      Planning, detection

  • 20. 
    There are 5 common incident prorities.  In priority 3, the CSIRT should:
    • A. 

      Protect human lives

    • B. 

      Minimize disruption of computing resources

    • C. 

      Protect classified and / or sensitive data

    • D. 

      Protect important data in the organization

  • 21. 
    What is the main task of a CSIRT?
    • A. 

      I. Provide assistance in preventing and handling computer security incidents

    • B. 

      II. Shares information and lessons learned

    • C. 

      III.A place to report local computer security incident problems

    • D. 

      I & II

    • E. 

      II & III

    • F. 

      All of the above

  • 22. 
    A CSIRT with a _______________ relationship with it constituency, would be able to advise & influence the constituency.
    • A. 

      Full authority

    • B. 

      Share authority

    • C. 

      No authority

    • D. 

      None of the above

  • 23. 
    Why does organizational resistance become a barrier to the success of a CSIRT?
    • A. 

      Feeling threatened

    • B. 

      Overhead function

    • C. 

      Burdened by more tasks

    • D. 

      Reluctant to go for training

  • 24. 
    There are many ways to spread the information about the incident response team.  Which is first best way to do so?
    • A. 

      Creating a website dedicated for the team

    • B. 

      Send out email to all staffs regarding the setup of the team

    • C. 

      Train and educate the people within the team, especially the help desks

    • D. 

      Get the staffs to remember all the teams' contact number and email

  • 25. 
    Which of the below are important to have in the documentation of the incident?
    • A. 

      Employees questioned and involved

    • B. 

      Cost of repairing the damage

    • C. 

      Expense and time logs

    • D. 

      The date the case will be brought to court