What is the first step in the incident response process?
Preparation is the initial step that ensures tools, policies, and response plans are in place before incidents occur.
Which of the following best describes threat hunting?
Threat hunting is a proactive approach to detecting threats that evade existing security solutions.
What is the purpose of a security information and event management (SIEM) system?
SIEM systems collect and analyze log data to detect and respond to security incidents.
Which term describes evidence that indicates a potential security breach?
Indicators of compromise (IOCs) are signs that a security incident may have occurred.
What is the primary goal of containment during incident response?
Containment focuses on preventing further damage or spread of the incident.
What should be done immediately after detecting a confirmed breach?
Notifying the incident response team initiates the response procedures quickly and effectively.
Loading Questions...
Why is documentation important in incident response?
Proper documentation supports legal actions, reporting, and improvement of future responses.
Which of the following is an example of an indicator of compromise?
Unusual outbound network traffic can indicate that a system is compromised and communicating with an attacker.
What is the final phase in the incident response process?
The lessons learned phase ensures continuous improvement by evaluating and documenting the incident.