GCIH Incident Response & Mitigation Techniques

Question 1

What is the primary objective of incident response?

Accepted Answer

To contain and mitigate the impact of the incident

Answer

To identify the cause of the incident.

Answer

To punish the attacker.

Answer

To communicate with stakeholders.

Question 2

What is the first step in incident response?

Accepted Answer

Identify and detect the incident

Answer

Contain the incident.

Answer

Notify law enforcement.

Answer

Document the incident.

Question 3

How do you prevent an incident from escalating during mitigation?

Accepted Answer

Isolate the affected systems

Answer

Shut down all systems.

Answer

Communicate with the attacker.

Answer

Erase all logs.

Question 4

What is the role of forensic evidence in incident response?

Accepted Answer

To understand the root cause of the breach

Answer

To catch the attacker.

Answer

To support legal action if necessary.

Answer

To prevent further damage.

Question 5

Why is it important to document every step of an incident response?

Accepted Answer

For future analysis and compliance

Answer

To make the response process faster.

Answer

To create a report for stakeholders.

Answer

To clear any blame from the response team.

Question 6

What is a common mistake during the response phase?

Accepted Answer

Taking action before assessing the situation

Answer

Not communicating with team members.

Answer

Underestimating the scale of the attack.

Answer

Waiting too long to report the incident.

Question 7

What is the goal of incident mitigation?

Accepted Answer

To reduce damage and restore security

Answer

To identify the attacker.

Answer

To collect evidence for law enforcement.

Answer

To notify all employees.

Question 8

How do you ensure an effective response to a large-scale attack?

Accepted Answer

By involving all team members and ensuring clear communication

Answer

By acting independently.

Answer

By delaying the response.

Answer

By focusing only on the technical aspects.

Question 9

Why is it important to notify stakeholders during incident response?

Accepted Answer

To keep them informed and manage expectations

Answer

To avoid external communication.

Answer

To ensure they are part of the investigation.

Answer

To share responsibility.