CompTIA Sec+ SY0-701: Domain 4, Quiz 3
These flashcards cover the stages of incident response, tabletop exercises for testing plans, and the importance of chain of custody in digital forensics.
During an incident response, what is the first stage to consider?
a. Eradication
b. Analysis
c. Preparation
d. Recovery
Preparation
Preparation is correct because it is the initial stage in the incident response, where teams ensure they have the right tools, skills, and procedures in place.
Key Terms
During an incident response, what is the first stage to consider?
a. Eradication
b. Analysis
c. Preparation
d. Recovery
Preparation
Preparation is correct because it is the initial stage in the incident response, where teams ensure they...
What does the “Tabletop exercise” relate to within the context of incident response?
a. Software used in threat hunting
b. Digital forensics tool
c. Testing an incident response plan
d. Automated report
Testing an incident response plan
Tabletop exercise is correct because it is a form of testing where team members wa...
In digital forensics, what ensures that evidence has remained untouched from acquisition to court presentation?
a. Metadata
b. Digital signature
c. E-discovery
d. Chain of custody
Chain of custody
Chain of custody is correct because it tracks the evidence’s possession, handling, and storage, ens...
Which data source is best suited to provide information on potential malicious activity across an organization’s network traffic?
a. IPS/IDS logs
b. Vulnerability scans
c. Endpoint logs
d. OS-specific security logs
IPS/IDS logs
IPS/IDS logs are correct because Intrusion Prevention Systems and Intrusion Detection Systems specifica...
What is a primary concern when introducing automation and orchestration in security operations?
a. Complexity
b. Workforce multiplier
c. Enabling/disabling services and access
d. Continuous integration and testing
Complexity
Complexity is correct because introducing automation can make systems and processes more complex, necessi...
What step in the incident response process involves taking actions to limit the damage of an incident and prevent further damage?
a. Containment
b. Analysis
c. Detection
d. Recovery
Containment
Containment is correct because it focuses on limiting the damage and spread of an incident.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
During an incident response, what is the first stage to consider? a. Eradication | Preparation Preparation is correct because it is the initial stage in the incident response, where teams ensure they have the right tools, skills, and procedures in place. |
What does the “Tabletop exercise” relate to within the context of incident response? a. Software used in threat hunting | Testing an incident response plan Tabletop exercise is correct because it is a form of testing where team members walk through scenarios to see how they would respond. |
In digital forensics, what ensures that evidence has remained untouched from acquisition to court presentation? a. Metadata | Chain of custody Chain of custody is correct because it tracks the evidence’s possession, handling, and storage, ensuring it remains unaltered. |
Which data source is best suited to provide information on potential malicious activity across an organization’s network traffic? a. IPS/IDS logs | IPS/IDS logs IPS/IDS logs are correct because Intrusion Prevention Systems and Intrusion Detection Systems specifically monitor and log network traffic for potential threats. |
What is a primary concern when introducing automation and orchestration in security operations? a. Complexity | Complexity Complexity is correct because introducing automation can make systems and processes more complex, necessitating proper management and understanding. |
What step in the incident response process involves taking actions to limit the damage of an incident and prevent further damage? a. Containment | Containment Containment is correct because it focuses on limiting the damage and spread of an incident. |
In the context of using data sources to support an investigation, which of the following would give insights into vulnerabilities present in an organization’s systems? a. Packet captures | Vulnerability scans Vulnerability scans are correct because they are specifically designed to identify and report on system vulnerabilities. |
Which term refers to proactive identification and mitigation of threats before they become incidents? a. E-discovery | Threat hunting Threat hunting is correct because it involves actively searching for signs of malicious activity to prevent potential threats. |
When considering automation in security operations, what describes the scenario where automated processes create more problems than they solve, necessitating additional work? a. Reaction time | Technical debt Technical debt is correct because it refers to the future costs (in terms of time, effort, or money) incurred due to choosing a quick but potentially problematic solution now. |
In the realm of security operations automation, which term best describes pre-defined configurations that are applied to ensure consistency across systems? a. Escalation | Standard infrastructure configurations Standard infrastructure configurations are correct because they pertain to applying a consistent set of configurations across systems for uniformity. |
After an incident has been resolved, which phase of incident response focuses on identifying what went wrong and how to prevent similar incidents in the future? a. Containment | Lessons learned Lessons learned are correct because they emphasize understanding the incident and devising strategies to prevent similar occurrences. |
If an organization wants to understand the original cause of a security breach, which activity should they prioritize? a. Digital forensics reporting | Root cause analysis Root cause analysis is correct because it investigates the primary cause of an issue or incident. |
Which type of log would most likely provide detailed insights into system-level events and potential security breaches on a Windows operating system? a. Vulnerability scans | OS-specific security logs OS-specific security logs are correct because they capture events specifically related to the operating system. |
Which of the following best describes a proactive approach to discovering threats in an environment before they can cause harm? a. Threat hunting | Threat hunting Threat hunting is correct because it involves actively searching for threats in an environment before they can escalate. |
When capturing data packets moving across a network for analysis, which of the following is the primary data source? a. Firewall logs | Packet captures Packet captures are correct because they record raw data packets moving across a network. |