CompTIA Security+ 4.8 Security Operations – Incident Response

Posted by:

|

On:

|

0%

Incident Response

1 / 25

During a digital forensics investigation, an analyst needs to recover deleted files from a hard drive. Which of the following techniques would be MOST appropriate for this task?

2 / 25

A security analyst is investigating a potential data breach. Which of the following tools would be MOST useful for capturing and analyzing network traffic related to the incident?

3 / 25

In the context of incident response, what is the primary goal of the containment phase?

4 / 25

A company has experienced a data breach involving customer credit card information. Which of the following regulatory standards would MOST likely require the company to notify affected individuals?

5 / 25

In the context of incident response, what is the primary purpose of conducting a tabletop exercise?

6 / 25

During a digital forensics investigation, what is the primary purpose of maintaining a chain of custody?

7 / 25

During a ransomware incident, which of the following is typically the MOST appropriate initial containment strategy?

8 / 25

During an incident response, the security team discovers that a critical server has been compromised. What should be the FIRST step in the incident response process?

9 / 25

After successfully containing and eradicating a security incident, what is the MOST important step to take before closing the incident?

10 / 25

Which of the following is a key benefit of conducting regular tabletop exercises as part of an organization’s incident response plan?

11 / 25

Which of the following is a key component of the lessons learned phase in the incident response lifecycle?

12 / 25

What is the primary purpose of the eradication phase in the incident response process?

13 / 25

During a forensic investigation of a compromised system, an analyst needs to analyze the system’s network connections at the time of the incident. Which of the following commands would be MOST useful for this purpose on a Windows system?

14 / 25

Which of the following best describes the concept of ‘preservation’ in digital forensics?

15 / 25

In the context of incident response, what is the primary purpose of establishing a war room?

16 / 25

Which of the following is a key consideration when classifying the severity of a security incident?

17 / 25

An organization is reviewing its incident response plan. Which of the following should be included in the plan to ensure a timely and effective response to security incidents?

18 / 25

During a major security incident, which of the following is the MOST important consideration when communicating with external stakeholders?

19 / 25

A company has experienced a data breach. The legal team has issued a legal hold notice. What does this require the IT department to do?

20 / 25

A company has experienced a data breach involving customer personal information. Which of the following should be the FIRST step in the recovery phase of the incident response process?

21 / 25

An organization has detected a potential insider threat involving unauthorized access to sensitive data. Which of the following should be the FIRST step in responding to this incident?

22 / 25

During a digital forensics investigation, what is the primary purpose of creating a forensic image of a hard drive?

23 / 25

During a digital forensics investigation, an analyst needs to prove that the evidence has not been tampered with since it was collected. Which of the following techniques would be MOST effective for this purpose?

24 / 25

A security analyst is investigating a potential data exfiltration incident. Which of the following would be the MOST useful source of information for identifying unauthorized data transfers?

25 / 25

During a forensic investigation, an analyst needs to examine the contents of a computer’s RAM. Which of the following tools would be MOST appropriate for this task?

Your score is

Exit