CSC - Cybersecurity Compliance Incident Response and Reporting Questions and Answers

Question 1

A financial services firm discovers a sophisticated malware infection on a server processing customer data. According to the NIST SP 800-61 incident response lifecycle, which of the following is a primary objective of the 'Containment, Eradication, and Recovery' phase?

Accepted Answer

Isolating the affected server from the network to prevent the malware from spreading.

Answer

The 'Containment, Eradication, and Recovery' phase focuses on limiting the scope and impact of the incident. Isolating the affected server is a key containment strategy to stop the threat from spreading to other systems. Analyzing logs is part of 'Detection and Analysis', policy development is 'Preparation', and the post-incident review is 'Post-Incident Activity'.

Question 2

A European e-commerce company becomes aware of a personal data breach. Under the General Data Protection Regulation (GDPR), what is the maximum timeframe within which the company must notify the relevant supervisory authority, unless the breach is unlikely to result in a risk to individuals' rights and freedoms?

Accepted Answer

Within 72 hours of becoming aware of the breach

Answer

Article 33 of the GDPR explicitly states that a data controller must notify the competent supervisory authority of a personal data breach without undue delay and, where feasible, not later than 72 hours after having become aware of it.

Question 3

Which of the following activities is MOST characteristic of the 'Post-Incident Activity' phase of the NIST incident response lifecycle?

Accepted Answer

Updating the incident response plan based on lessons learned from a recent breach.

Answer

The 'Post-Incident Activity' phase is focused on learning from the incident to improve future responses and the organization's overall security posture. A key activity is holding a lessons-learned meeting and using the findings to update policies, procedures, and controls.

Question 4

A U.S.-based energy company, defined as critical infrastructure, suffers a major cyberattack that disrupts operations. They pay a ransom to the attackers. According to the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), to which federal agency must they report the ransomware payment?

Accepted Answer

The Cybersecurity and Infrastructure Security Agency (CISA)

Answer

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) mandates that covered entities report covered cyber incidents and ransomware payments directly to the Cybersecurity and Infrastructure Security Agency (CISA).

Question 5

A business associate of a healthcare provider discovers that a misconfigured server has exposed the protected health information (PHI) of 300 patients. Under the HIPAA Breach Notification Rule, what is the business associate's primary and most immediate reporting obligation?

Accepted Answer

Notify the covered entity (the healthcare provider) without unreasonable delay.

Answer

The HIPAA Breach Notification Rule requires a business associate to notify the covered entity after discovering a breach 'without unreasonable delay and in no case later than 60 days' following discovery. The covered entity is ultimately responsible for notifying affected individuals and HHS.

(CSC) Cybersecurity Compliance Certification Practice Test

(CSC) Cybersecurity Compliance Certification Practice Test

CSC - Cybersecurity Compliance Incident Response and Reporting Questions and Answers