Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.

com/courses/33859/quizzes/86297

Week 4 Quiz
Due Oct 1, 2021 at 11:59pm Points 100 Questions 20
Time Limit None Allowed Attempts Unlimited

This quiz is no longer available as the course has been concluded.

Attempt History
Attempt Time Score
LATEST Attempt 1 1 minute 100 out of 100

 Correct answers are hidden.

Score for this attempt: 100 out of 100

Submitted Sep 24, 2021 at 2:10pm
This attempt took 1 minute.

Question 1 5 / 5 pts

The IR team will have a multitude of responsibilities including the

preservation, collection, validation, identification, analysis,
interpretation, documentation and presentation of digital evidence
derived from digital sources for the purposes of reconstructing events.

True

False

Question 2 5 / 5 pts

1 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

A forensics team typically uses two methods to document a scene as it

exists at the time of arrival: photography and ____.

field notes

interviewing

field activity log forms

authentication

Question 3 5 / 5 pts

The four (4) main sources of data for the forensics process include: 1)
files, 2)_____________, 3) network traffic, and applications.

operating systems

computers

storage array

servers

Question 4 5 / 5 pts

During the Identify stage, several question must be answered. These

include RAM contents, login sessions, memory, running processes,
open files, network connections, network configurations, etc. One of
the essential elements is _____________________.

2 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

registers and cache

system time

open ports

volatile memory

Question 5 5 / 5 pts

A(n) ____ attack is a method of combining attacks with rootkits and

back doors.

hybrid

unauthorized

lockdown

hijack

Question 6 5 / 5 pts

A(n) ____ covers the confidentiality of information from everyone unless

disclosure is mandated by the courts.

statement of indemnification

intellectual property assurance

nondisclosure agreement

3 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

covenant not to compete

Question 7 5 / 5 pts

During the SELECT phase, the team or investigator must decide on an

area of focus. Once the focus area has been determined, data carving
is an important aspect. Data carving is the process of retrieving data
from __________ or __________ files.

hidden and deleted

operating system and bootkit

executables and libraries

packed and encrypted

Question 8 5 / 5 pts

During the _____________phase, the forensic examiner must evaluate

the relevance of data collected to the current investigation.

CLASSIFY

EXAMINE

ANALYZE

SELECT

4 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

Question 9 5 / 5 pts

A(n) ____ is any clearly identified attack on the organization’s

information assets that would threaten the assets’ confidentiality,
integrity, or availability.

trespass

Trojan horse

risk

incident

Question 10 5 / 5 pts

During the _______________ phase, investigators or examiners are

required to document every event as the they performed it.

ANALYZE

SELECT

PRESERVE

PRESENT

Question 11 5 / 5 pts

As soon as the CSIRT is able to determine what exactly is happening, it

5 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

is expected to report its preliminary finding to management.

True

False

Question 12 5 / 5 pts

Automated IR systems/tools help to facilitate IR documentation and are

available through a number of vendors.

True

False

Question 13 5 / 5 pts

As part of Developing and Refining the Investigation Plan, the team

must 1) determine the scope, 2)__________________, 3) decide what
to collect, 4) evaluate whether the information can be collected, and 5)
set boundaries to ensure no scope creep.

define processes

conduct BIA

estimate hours

develop ROI

6 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

Question 14 5 / 5 pts

There are a limited number (1-2) of certifications associated digital

forensics.

True

False

Question 15 5 / 5 pts

During the final analysis, ALL data collected must be presented and
evaluated.

True

False

Question 16 5 / 5 pts

Deciding which technical contingency strategies are selected,

developed, and implemented is most often based on the type of
__________ being used.

training

recovery plan

information system

7 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

service provider

Question 17 5 / 5 pts

E-mail spoofing attacks require an immediate response, typically no

more than 30 minutes to one hour.

True

False

Question 18 5 / 5 pts

It is not essential that the incident response policies are integrated with
the overall enterprise security plan.

True

False

Question 19 5 / 5 pts

Essentially a DoS attack, a ____ is a message aimed at causing

organizational users to waste time reacting to a nonexistent malware
threat.

Trojan horse

8 of 9 7/26/2022, 11:03 AM
Week 4 Quiz: Incident Handling and Response (10452.B1) https://wilmu.instructure.com/courses/33859/quizzes/86297

worm infection

malware hoax

tracking cookie

Question 20 5 / 5 pts

General users require training on the technical details of how to do their

jobs securely, including good security practices, ____ management,
specialized access controls, and violation reporting.

password

“before action”

organization

war gaming

Quiz Score: 100 out of 100

9 of 9 7/26/2022, 11:03 AM