Cybersecurity Plus Bootcamp Module 12 Quiz

Which of the following lists the seven processes in the CompTIA incident response lifecycle?

Planning, reporting, mitigation, analysis, recovery, post-incident review, compliance
Preparation, detection, analysis, containment, eradication, recovery, lessons learned
Planning, detection, monitoring, mitigation, reporting, recovery, compliance
Identification, isolation, investigation, removal, recovery, review, readiness

True or False: The “first responder” is the first person to report an incident to the Computer Incident Response Team (CIRT).

TRUE
FALSE

True or False: All security alerts should be sent to every employee to maintain transparency.

TRUE
FALSE

Why is an out-of-band communication method important for incident responders?

To ensure alerts are faster than normal email
To prevent alert fatigue
To communicate securely if primary networks are compromised
To allow remote workers to connect to the VPN

Which type of incident response exercise best simulates a real intrusion scenario?

Tabletop exercise
Red team/blue team simulation
Checklist review
Communication drill

What does it mean when digital evidence is described as “latent”?

It cannot be seen directly and must be interpreted
It is encrypted by default
It is only stored in the cloud
It is hidden inside binary files

Which process must be followed when transferring digital evidence to another team?

Data retention scheduling
Chain of custody
Data replication
Access control listing

True or False: To ensure evidence integrity, you should hash the media before making an image copy.

TRUE
FALSE

If the ARP cache contains critical evidence, should you shut down the PC before imaging the hard drive?

Yes, to preserve the cache
No, because the ARP cache is stored in volatile memory
Yes, to prevent malware spread
No, because ARP entries are written to disk

Which type of log should be included in addition to firewall, application, OS security, IPS/IDS, and network logs?

Web server logs
Switch logs
DNS logs
Endpoint logs

What is the primary use of a security dashboard?

To store archived logs
To visualize and summarize key security data for daily operations
To automatically remediate all alerts
To encrypt log files

True or False: File system audit settings cannot be customized in security logging.

TRUE
FALSE

Which data source allows frame-by-frame analysis of events that triggered an IDS alert?

Packet capture
Host event logs
Syslog
NetFlow records

What is the primary function of a SIEM?

Encrypt all log data
Aggregate, normalize, and correlate security events from multiple sources
Replace intrusion prevention systems
Block suspicious IP addresses automatically

In SIEM architecture, what is the difference between a collector and a sensor?

Collectors store log archives; sensors run antivirus scans
Collectors receive and parse logs; sensors capture network traffic
Collectors filter alerts; sensors aggregate logs
Collectors normalize logs; sensors export flow records

Why is a parser necessary for logs from a UTM gateway in a SIEM?

To compress large log files
To encrypt the logs in transit
To forward logs to the firewall
To translate logs into a standard format for correlation

Which activity should be added to log aggregation, alerting, scanning, reporting, and response to align with Security+ objectives?

Archiving
Load balancing
Encrypted backup
Incident drill

Which monitoring tool generates flow records for network analysis?

NetFlow/IPFIX probes
Packet capture
Syslog server
Security dashboard

Cybersecurity Plus Bootcamp Module 12 Quiz

Cybersecurity Plus Bootcamp Module 12 Quiz

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question