---Advertisement---
Digital Security

Security Incident Management and Forensics Interview Question-Answer

By Smart Answer

Updated on:

---Advertisement---

Q.1 Which of the following are the phases of the incident response process as defined by NIST?

       A. Preparation > Detection > Analysis > Containment

       B. Detection > Analysis > Containment and Eradicaton > Recovery

       C. Preparation > Detection and Analysis > Containment, Eradication, and Recovery >Post-Incident Activity

       D. Detection > Analysis > Containment and Eradicaton > Post Incident Recovery

Ans : Preparation > Detection and Analysis > Containment, Eradication, and Recovery >Post-Incident Activity


Q.2 Which of the following are useful incident analysis resources?

       A. Phones and contact information

       B. Documentation, network diagrams, critical file hash values

       C. Removable media, forensic software, digital cameras, etc.

Ans : Documentation, network diagrams, critical file hash values


Q.3 Which of the following tricks the user into thinking they are on a real system but in reality is a virtual environment to collect incidents?

       A. Honeypot

       B. Sandboxes

       C. IDS

Ans : Sandboxes


Q.4 “All incidents are events but an event is not necessarily an incident”.

       A. True

       B. False

Ans : True


Q.5 It is ok if minor alterations occur in the evidence during forensic analysis.

       A. True

       B. False

Ans : False


Q.6 Which of the following can be considered as information assets?

       A. Client Data

       B. Application Software

       C. System Software

       D. Corporate Data

       E. All of these

Ans : All of these


Q.7 Which of the following pertains to legal evidence found in computers and digital storage media?

       A. Security Incident Management

       B. Monitoring

       C. Logging

       D. Computer Forensics

Ans : Computer Forensics


Q.8 Which of the following is primarily used to collect device logs from several different machines in a central location for monitoring and review?

       A. Syslog

       B. SerLog

       C. Network log

Ans : Syslog


Q.9 What does live forensic acquisition acknowledge?

       A. Volatility of the evidence

       B. Integrity of the evidence

       C. Confidentiality of evidence

Ans : Volatility of the evidence


Q.10 Which of the following are steps in the digital forensic process?

       A. Seizure >Acquisition and analysis of digital media > Production of a report

       B. Preparation > Detection > Analysis > Containment

Ans : Seizure >Acquisition and analysis of digital media > Production of a report


Smart Answer

---Advertisement---

Related Post

Cyber Security Interview Question-Answer Part – 3

Cybersecurity Prologue Interview Question-Answer Cyber Security Interview Question-Answer Part – 1 Cyber Security Interview Question-Answer Part – 2 Q.1 Which of the following can also consider as the ...

Cyber Security Interview Question-Answer Part – 2

Cybersecurity Prologue Interview Question-Answer Cyber Security Interview Question- – 1 Cyber Security Interview Question- – 3 Q.1 Which of the following can be considered as the elements of ...

Cyber Security Interview Question-Answer

Cybersecurity Prologue Interview Question-Answer Cyber Security Interview Question-Answer Part – 2 Cyber Security Interview Question-Answer Part – 3 Q.1 Which of the following refers to stealing one’s idea ...

User Authentication Interview Question-Answer part – 2

Authentication Interview Question-Answer Q.1 Which of the following is a good practice?        A. Give full permission for remote transferring        B. Grant read ...

Leave a Comment