GCIA Incident Response and Forensics

Question 1

What is the primary objective of an incident response plan?

Accepted Answer

To ensure business continuity during an incident

Answer

To develop new security policies

Answer

To increase system performance

Answer

To train employees on security best practices

Question 2

Which step in the incident response process involves gathering evidence and documenting the incident?

Accepted Answer

Detection and Analysis

Answer

Containment, Eradication, and Recovery

Answer

Post-Incident Activity

Answer

Initial Response

Question 3

In digital forensics, what is the purpose of "chain of custody"?

Accepted Answer

To document who has handled the evidence and when

Answer

To ensure the digital evidence is kept confidential

Answer

To analyze the evidence for signs of tampering

Answer

To secure the physical environment where evidence is collected

Question 4

What is a common tool used for forensic analysis of file systems?

Accepted Answer

EnCase

Answer

Wireshark

Answer

Nmap

Answer

Metasploit

Question 5

Which of the following best describes a "root cause analysis" in the context of incident response?

Accepted Answer

Determining the underlying reason for the security incident

Answer

Identifying the specific malware responsible for an attack

Answer

Analyzing the effectiveness of the incident response team

Answer

Evaluating the financial impact of the incident