CISSP - Chapter 17 Review Questions
Which of the following is the best response after detecting and verifying an incident?
A. Contain it.
B. Report it.
C. Remediate it.
D. Gather evidence. - Answer A
Which of the following would security personnel do during the remediation stage of an
incident response?
A. Contain the incident
B. Collect evidence
C. Rebuild system
D. Root cause analysis - Answer D
Which of the following are DoS attacks? (Choose three.)
A. Teardrop
B. Smurf
C. Ping of death
D. Spoofing - Answer A,B,C
How does a SYN flood attack work?
A. Exploits a packet processing glitch in Windows systems
B. Uses an amplification network to flood a victim with packets
C. Disrupts the three-way handshake used by TCP
D. Sends oversized ping packets to a victim - Answer C
A web server hosted on the internet was recently attacked, exploiting a vulnerability in
the operating system. The operating system vendor assisted in the incident
investigation and
verified that the vulnerability was not previously known. What type of attack was this?
A. Botnet
B. Zero-day exploit
C. Denial of service
D. Distributed denial of service - Answer B
Of the following choices, which is the most common method of distributing malware?
A. Drive-by downloads
B. USB flash drives
C. Ransomware
D. Unapproved software - Answer A
Of the following choices, what indicates the primary purpose of an intrusion detection
system (IDS)?
A. Detect abnormal activity
B. Diagnose system failures
C. Rate system performance
D. Test a system for vulnerabilities - Answer A
Which of the following is the best response after detecting and verifying an incident?
A. Contain it.
B. Report it.
C. Remediate it.
D. Gather evidence. - Answer A
Which of the following would security personnel do during the remediation stage of an
incident response?
A. Contain the incident
B. Collect evidence
C. Rebuild system
D. Root cause analysis - Answer D
Which of the following are DoS attacks? (Choose three.)
A. Teardrop
B. Smurf
C. Ping of death
D. Spoofing - Answer A,B,C
How does a SYN flood attack work?
A. Exploits a packet processing glitch in Windows systems
B. Uses an amplification network to flood a victim with packets
C. Disrupts the three-way handshake used by TCP
D. Sends oversized ping packets to a victim - Answer C
A web server hosted on the internet was recently attacked, exploiting a vulnerability in
the operating system. The operating system vendor assisted in the incident
investigation and
verified that the vulnerability was not previously known. What type of attack was this?
A. Botnet
B. Zero-day exploit
C. Denial of service
D. Distributed denial of service - Answer B
Of the following choices, which is the most common method of distributing malware?
A. Drive-by downloads
B. USB flash drives
C. Ransomware
D. Unapproved software - Answer A
Of the following choices, what indicates the primary purpose of an intrusion detection
system (IDS)?
A. Detect abnormal activity
B. Diagnose system failures
C. Rate system performance
D. Test a system for vulnerabilities - Answer A
