Information Security And IT Risk Management 1st Edition By Manish Agrawal – Test Bank

• Chapter 11 – Incident handling

1. An incident is
   1. a) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
   2. b) The part of the incident response policy that specifies the targets of the policy
   3. c) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
   4. d) Staff designated to respond to incidents

Answer: (a)

2. The stages of incident handling include
   1. a) Planning, detection, maintenance, retirement
   2. b) Preparation, detection, containment, post-incident analysis
   3. c) Planning, acquisition, deployment, post-incident analysis
   4. d) Preparation, acquisition, deployment, post-incident analysis

Answer: (b)

3. Preparation for incident response includes all of the following except
   1. a) Creating an incident response policy
   2. b) Creating an incident response team
   3. c) Containing the harm from an incident
   4. d) Creating a communication plan during incidents

Answer: (c)

4. The scope of an incident response policy is
   1. a) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
   2. b) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
   3. c) Staff designated to respond to incidents
   4. d) The part of the incident response policy that specifies the targets of the policy

Answer: (d)

5. An incident response policy is
   1. a) A description of the standard methods used by an organization to handle information security incidents
   2. b) A description of security policies, acceptable use policies, or standard security practices
   3. c) A specification of the targets of the policy
   4. d) The act of following applicable laws, regulations, rules, industry codes and contractual obligations

Answer: (a)

6. Since the incident response policy is developed following strict procedures including top management approval, its existence generally is an assurance that the organization will respond satisfactorily to an information security incident
   1. a) True
   2. b) False

Answer: (b)

7. The IRT is
   1. a) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
   2. b) The part of the incident response policy that specifies the targets of the policy
   3. c) Staff designated to respond to incidents
   4. d) The act of following applicable laws, regulations, rules, industry codes and contractual obligations

Answer: (c)

8. During an incident, the IRT is involved with all of the following, except
   1. a) Identifying the threats to the organization from the incident
   2. b) Mitigating risks
   3. c) Communicating with stakeholders
   4. d) Issuing a final report

Answer: (c)

9. During an incident, it is advisable to pull members away from current projects to assist the IRT
   1. a) True
   2. b) False

Answer: (a)

10. The leader of the IRT is preferably
    1. a) Someone from the senior leadership of the organization
    2. b) A technically competent professional with high credibility within the organization
    3. c) The functional leader of the business unit affected by the incident
    4. d) The leader of the IT function within the organization

Answer: (b)