FEDVTE Foundations of Incident Management Exam
2022 with complete solution
Political motivations and financial interests are the two most common
motivations behind current cyber threats.
A. True
B. False
A. True
Information sharing only aligns with the respond process in incident
management activities.
A. True
B. False
B. False
Sensors are defined only as technical or information systems.
A. True
B. False
B. False
Eradication consists of short-term, tactical actions.
A. True
B. False
B. False
Containment strategies may include:
A. Rebuilding systems from original media
B. Remediating vulnerabilities
C. Leaving systems online
D. Shutting down a service
D. Shutting down a service
Which of the following is a decision that might need to be made ahead of time as
part of the Prepare process?
A. When and if forensics evidence will be collected
B. When, if, and how law enforcement will be involved
C. What systems can be isolated or shutdown
D. Who to notify when handling certain incidents
E. All of the above
F. None of the above
E. All of the above
What are the three impact attributes described in the course material?
A. Function, Availability, Impact
B. Availability, Information, Confidentiality
C. Function, Information, Recoverability
D. Recoverability, Externality, Impact
C. Function, Information, Recoverability
Which of the following is NOT a method of conducting operational exercises?
A. Table top scenarios
B. Virtual simulations
, C. Vulnerability scanning
D. Capture the flag competition
C. Vulnerability scanning
Information sharing protocols include:
A. STIX / CAB
B. IDGEMF
C. OpenSOC
D. CRITS
D. CRITS
Which of the following is NOT an approach for institutionalizing an incident
management capability?
A. National CSIRT
B. Network and security operations center (NSOC)
C. Red team
D. Crisis management team
E. Security incident response team
C. Red team
Elements of situational awareness are only technical in nature.
A. True
B. False
B. False
Which of the following are NOT considered indicators of compromise (IOCs)?
A. Domain names
B. Virus signatures
C. Timestamps
D. Registry keys
C. Timestamps
Postmortems can be done after an incident to identify:
A. What went right
B. What went wrong
C. Training needs
D. Tools needed
E. A and B only
F. C and D only
G. B and C only
H. None of the above
I. All of the above
I. All of the above
Incident response only starts once you receive an incident report.
A. True
B. False
B. False
Recovery strategies may include:
A. Isolating the system from the network
B. Improving network and host security
C. Modifying access controls
2022 with complete solution
Political motivations and financial interests are the two most common
motivations behind current cyber threats.
A. True
B. False
A. True
Information sharing only aligns with the respond process in incident
management activities.
A. True
B. False
B. False
Sensors are defined only as technical or information systems.
A. True
B. False
B. False
Eradication consists of short-term, tactical actions.
A. True
B. False
B. False
Containment strategies may include:
A. Rebuilding systems from original media
B. Remediating vulnerabilities
C. Leaving systems online
D. Shutting down a service
D. Shutting down a service
Which of the following is a decision that might need to be made ahead of time as
part of the Prepare process?
A. When and if forensics evidence will be collected
B. When, if, and how law enforcement will be involved
C. What systems can be isolated or shutdown
D. Who to notify when handling certain incidents
E. All of the above
F. None of the above
E. All of the above
What are the three impact attributes described in the course material?
A. Function, Availability, Impact
B. Availability, Information, Confidentiality
C. Function, Information, Recoverability
D. Recoverability, Externality, Impact
C. Function, Information, Recoverability
Which of the following is NOT a method of conducting operational exercises?
A. Table top scenarios
B. Virtual simulations
, C. Vulnerability scanning
D. Capture the flag competition
C. Vulnerability scanning
Information sharing protocols include:
A. STIX / CAB
B. IDGEMF
C. OpenSOC
D. CRITS
D. CRITS
Which of the following is NOT an approach for institutionalizing an incident
management capability?
A. National CSIRT
B. Network and security operations center (NSOC)
C. Red team
D. Crisis management team
E. Security incident response team
C. Red team
Elements of situational awareness are only technical in nature.
A. True
B. False
B. False
Which of the following are NOT considered indicators of compromise (IOCs)?
A. Domain names
B. Virus signatures
C. Timestamps
D. Registry keys
C. Timestamps
Postmortems can be done after an incident to identify:
A. What went right
B. What went wrong
C. Training needs
D. Tools needed
E. A and B only
F. C and D only
G. B and C only
H. None of the above
I. All of the above
I. All of the above
Incident response only starts once you receive an incident report.
A. True
B. False
B. False
Recovery strategies may include:
A. Isolating the system from the network
B. Improving network and host security
C. Modifying access controls
