CSC - Cybersecurity Compliance Incident Response and Reporting Questions and Answers

Question 1

A financial services firm discovers a sophisticated malware infection on a server processing customer data.
According to the NIST SP 800-61 incident response lifecycle, which of the following is a primary objective of the 'Containment, Eradication, and Recovery' phase?

Accepted Answer

Isolating the affected server from the network to prevent the malware from spreading.

Answer

Conducting a post-incident review to document lessons learned.

Answer

Developing an incident response policy and training the response team.

Answer

Analyzing network traffic logs to determine the initial attack vector.

Question 2

A European e-commerce company becomes aware of a personal data breach. Under the General Data Protection Regulation (GDPR), what is the maximum timeframe within which the company must notify the relevant supervisory authority, unless the breach is unlikely to result in a risk to individuals' rights and freedoms?

Accepted Answer

Within 72 hours of becoming aware of the breach

Answer

Within 24 hours of discovery

Answer

Without undue delay, but no later than 60 days

Answer

Within 30 days of containing the breach

Question 3

Which of the following activities is MOST characteristic of the 'Post-Incident Activity' phase of the NIST incident response lifecycle?

Accepted Answer

Updating the incident response plan based on lessons learned from a recent breach.

Answer

Disconnecting an infected workstation from the corporate network.

Answer

Identifying and prioritizing critical IT assets and systems.

Answer

Analyzing security tool alerts to confirm a suspected incident.

Question 4

A U.S.-based energy company, defined as critical infrastructure, suffers a major cyberattack that disrupts operations. They pay a ransom to the attackers. According to the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), to which federal agency must they report the ransomware payment?

Accepted Answer

The Cybersecurity and Infrastructure Security Agency (CISA)

Answer

The Federal Bureau of Investigation (FBI)

Answer

The National Security Agency (NSA)

Answer

The Department of Homeland Security (DHS)

Question 5

A business associate of a healthcare provider discovers that a misconfigured server has exposed the protected health information (PHI) of 300 patients. Under the HIPAA Breach Notification Rule, what is the business associate's primary and most immediate reporting obligation?

Accepted Answer

Notify the covered entity (the healthcare provider) without unreasonable delay.

Answer

Notify the Department of Health and Human Services (HHS) within 72 hours.

Answer

Post a notice on their company website for 90 days.

Answer

Send individual notification letters to all 300 affected patients.

Question 6

An incident response team is handling a data breach. The team leader emphasizes the importance of documenting every action taken, preserving system logs, and creating forensic images of affected hard drives. This meticulous process is most critical for which of the following outcomes?

Accepted Answer

Facilitating potential legal action and supporting law enforcement investigations.

Answer

Ensuring compliance with media notification requirements.

Answer

Calculating the mean time to recovery (MTTR) for performance metrics.

Answer

Immediately restoring business operations to minimize downtime.