Saint Leo University COM 520 CHAPTER 13 1)To ensure a secure computing environment, investigate each reported event

Saint Leo University

COM 520

CHAPTER 13

1)To ensure a secure computing environment, investigate each reported event.

A.            True

B.            False

2.            Many incidents go unreported because they are never recognized.

A.            True

B.            False

3.            Which of the following is the best description of the SIRT's initial responsibility for incidents?

A.            Recognize incidents.

B.            Validate that an incident has occurred.

C.            Initiate the incident investigation.

D.            Contain the incident damage.

4.            The_______________ step of handling incidents should always occur before an incident happens.

5.            Which incident-handling step might include disconnecting a computer from the network?

A.            Identification

B.            Eradication

C.            Containment

D.            Recovery

6.            The_______________ step to handling incidents is the most important step to continuously improving your incident response plan.

7.            ITinvestigators (SMEs) are all SIRT team members.

A.            True

B.            False

8.            Which incident classification would apply to a situation where you find that your user account is locked due to too many logon tries using an incorrect password?

A.            Unauthorized access of a limited account

B.            AUP violation

C.            Failed attempt to access any account

D.            Unauthorized scan of one or more systems

9.            Which incident security level would be appropriate after discovering that several of your workstations are infected with worms that will launch a coordinated DoS attack against your Web servers

in 12 hours?

A.            Severe

B.            High

C.            Moderate

D.            Low

10.          Which incident-handling step might include scanning a computer for malware?

A.            Identification

B.            Containment

C.            Eradication

D.            Recovery

11.          Which incident-handling step might include removing a virus from a computer?

A.            Identification

B.            Containment

C.            Eradication

D.            Recovery

12.          The contents of log files are which type of evidence?

A.            Real evidence

B.            Documentary evidence

C.            Testimonial evidence

D.            Demonstrative evidence

13.          The documentation that provides details of every move and access of evidence is called the___________

14.          You should treat every incident as if it might end up in court.

A.            True

B.            False

15.          Any small change to evidence data may render that evidence unusable to your case.

A.            True

B.            False