CompTIA CySA+ Domain 3: Cyber Incident Response Welcome to your CompTIA CySA+ Domain 3: Cyber Incident Response 1. CompTIA CySA+: Cyber Incident Response During a cyber incident response, which type of analysis focuses on identifying the tactics, techniques, and procedures (TTPs) of attackers? A. Forensic analysis B. Log analysis C. Threat intelligence analysis D. Vulnerability analysis None 2. CompTIA CySA+: Cyber Incident Response In the context of incident response, what is the primary purpose of a 'kill chain' model? A. To outline the structure of the incident response team B. To identify potential vulnerabilities in the system C. To describe the stages of a cyber attack D. To prioritize incident response activities None 3. CompTIA CySA+: Cyber Incident Response Which of the following is a key activity in the Preparation phase of the Incident Response Lifecycle? A. Conducting a root cause analysis B. Establishing communication plans C. Performing data exfiltration analysis D. Implementing containment measures None 4. CompTIA CySA+: Cyber Incident Response What is the main objective of triage in cybersecurity incident response? A. To restore systems to their original state B. To classify and prioritize incidents C. To identify the perpetrator of the incident D. To analyze the impact on business operations None 5. CompTIA CySA+: Cyber Incident Response In incident response, what is the significance of the term 'Indicators of Compromise' (IoCs)? A. Measures taken to prevent future incidents B. Evidence of successful security policies C. Artifacts or actions indicating a potential security breach D. Benchmarks for incident response time None 6. CompTIA CySA+: Cyber Incident Response Which tool is most commonly used in the containment phase of a cybersecurity incident response to isolate affected systems? A. Intrusion Detection System (IDS) B. Data Loss Prevention (DLP) tools C. Firewall D. Antivirus software None 7. CompTIA CySA+: Cyber Incident Response What is the primary goal of 'chain of custody' in the context of cyber incident response? A. To ensure that incident response actions are transparent B. To maintain and document the integrity of physical and digital evidence C. To establish a timeline of the incident response activities D. To delegate responsibilities among the incident response team None 8. CompTIA CySA+: Cyber Incident Response In cyber incident response, what is the primary purpose of performing a root cause analysis? A. To assess the financial impact of the incident B. To identify the underlying cause of the incident C. To document the response process for future reference D. To determine the effectiveness of the response team None 9. CompTIA CySA+: Cyber Incident Response Which phase of the Incident Response Lifecycle involves analyzing the incident to improve future response and prevention measures? A. Preparation B. Detection and Analysis C. Containment, Eradication, and Recovery D. Post-Incident Activity None 10. CompTIA CySA+: Cyber Incident Response In the context of cyber incident response, what is the purpose of using sandboxes? A. To isolate and analyze suspicious files or software B. To restore systems to their operational state C. To conduct penetration testing on network defenses D. To encrypt sensitive data during a breach None 11. CompTIA CySA+: Cyber Incident Response What role does 'attribution' play in cyber incident response? A. Identifying the source or actor responsible for the incident B. Estimating the financial impact of the incident C. Restoring affected systems to operational status D. Implementing new security measures to prevent future incidents None 12. CompTIA CySA+: Cyber Incident Response During an incident response, what is the significance of 'time stamps' in log files? A. They indicate the severity of the incident B. They provide a chronological order of events C. They determine the effectiveness of the response D. They estimate the cost of the incident None 13. CompTIA CySA+: Cyber Incident Response In the context of cybersecurity incident response, what is a 'honeypot' primarily used for? A. Detecting intrusions by mimicking vulnerable systems B. Storing backups of critical data C. Filtering spam and malicious email content D. Encrypting data to prevent unauthorized access None 14. CompTIA CySA+: Cyber Incident Response What is the purpose of 'data exfiltration analysis' in cyber incident response? A. To identify data stolen during an incident B. To measure the amount of data processed by the incident response team C. To analyze the data backup efficiency D. To evaluate the performance of the data recovery process None 15. CompTIA CySA+: Cyber Incident Response In incident response, what is the main goal of 'eradication'? A. To remove the components of the incident from the affected systems B. To restore services to their pre-incident state C. To analyze the cause of the incident D. To document the incident for future reference None 16. CompTIA CySA+: Cyber Incident Response Which activity in cyber incident response involves determining the scope and impact of the incident? A. Preparation B. Identification C. Containment D. Recovery None 17. CompTIA CySA+: Cyber Incident Response In cyber incident response, what is the purpose of using 'SIEM' (Security Information and Event Management) tools? A. To encrypt sensitive data B. To manage firewall rules C. To collect, analyze, and report on security data D. To conduct penetration tests None 18. CompTIA CySA+: Cyber Incident Response What is a primary consideration when choosing a communication method during a cyber incident response? A. The cost of the communication method B. The speed of message delivery C. The security and confidentiality of the communication D. The ease of access to communication tools None 19. CompTIA CySA+: Cyber Incident Response In the context of cyber incident response, what is the role of 'digital forensics'? A. To repair damaged systems and restore data B. To analyze digital evidence and investigate the incident C. To implement new security controls D. To conduct risk assessments None 20. CompTIA CySA+: Cyber Incident Response Which phase in the incident response process involves taking actions to minimize the impact of the incident? A. Detection B. Containment C. Analysis D. Post-Incident Activity None 21. CompTIA CySA+: Cyber Incident Response Which type of report in cybersecurity incident response typically includes detailed technical information about the incident and its remediation? A. Executive summary B. Lessons learned report C. Technical incident report D. Initial incident notification None 22. CompTIA CySA+: Cyber Incident Response In incident response, what is the primary purpose of 'war gaming' exercises? A. To test the physical security of data centers B. To practice and improve incident response capabilities C. To perform vulnerability scans on the network D. To assess the financial impact of potential incidents None 23. CompTIA CySA+: Cyber Incident Response What is the primary goal of 'containment strategies' in the incident response process? A. To eradicate the cause of the incident B. To prevent the spread of the incident C. To recover lost or stolen data D. To prosecute the attackers None 24. CompTIA CySA+: Cyber Incident Response During a cyber incident, what is the role of a 'crisis communication plan'? A. To facilitate internal communication within the incident response team B. To guide the dissemination of information to external parties C. To encrypt communications for security D. To monitor news and social media for incident-related information None 25. CompTIA CySA+: Cyber Incident Response In the aftermath of a cybersecurity incident, what is the main focus of 'recovery strategies'? A. Prosecuting the attackers B. Restoring systems and operations to normal C. Conducting a cost analysis of the incident D. Reviewing and updating security policies None 26. CompTIA CySA+: Cyber Incident Response In cybersecurity, what is an 'incident playbook' primarily used for? A. Documenting regulatory compliance B. Outlining specific procedures for responding to different types of incidents C. Recording the financial impact of incidents D. Training new members of the incident response team None 27. CompTIA CySA+: Cyber Incident Response What is the main purpose of conducting 'tabletop exercises' in incident response planning? A. To test the physical security measures of the organization B. To practice the incident response plan in a simulated environment C. To evaluate the technical skills of the response team D. To perform a detailed technical analysis of security tools None 28. CompTIA CySA+: Cyber Incident Response Which factor is most critical when establishing the severity level of a cybersecurity incident? A. The technical skills of the incident response team B. The time of day when the incident occurred C. The impact on business operations and data D. The geographical location of the incident None 29. CompTIA CySA+: Cyber Incident Response In incident response, what is the importance of 'root cause analysis'? A. To determine who is responsible for the incident B. To identify underlying vulnerabilities or flaws that led to the incident C. To calculate the financial damages caused by the incident D. To assess the performance of the incident response team None 30. CompTIA CySA+: Cyber Incident Response What is the role of 'situational awareness' in the context of cybersecurity incident response? A. To maintain a constant state of alertness for potential future incidents B. To manage the distribution of security patches C. To document the lessons learned from past incidents D. To track the financial expenditure on security measures None 1 out of 30 Time is Up! Time's up
