GRACEAMELIA 2024/2025 ACADEMIC YEAR ©2024. ALL RIGHTS
RESERVED. FIRST PUBLISH OCTOBER, 2024
CDS 348 Final Exam Study Questions
and Answers
A CSIRT model in which a single CSIRT handles incidents throughout the organization is called
a(n) - Ans:✔✔-central CSIRT
A CSIRT model that is effective for large organizations and for organizations with major
computing resources at distant locations is the - Ans:✔✔-distributed CSIRT
A key step in the ____ approach to incident response is to discover the identity of the intruder
while documenting his or her activity. - Ans:✔✔-apprehend and prosecute
Giving the IR team the responsibility for ____ is generally not recommended. - Ans:✔✔-patch
management
In the absence of the assigned team manager, the ____ should assume authority for overseeing
and evaluating a provided service. - Ans:✔✔-deputy team manager
One way to build and maintain staff skills is to develop incident-handling ____ and have the
team members discuss how they would handle them. - Ans:✔✔-scenarios
The announcement of an operational CSIRT should minimally include - Ans:✔✔-contact
methods and numbers
Page 1/18
,GRACEAMELIA 2024/2025 ACADEMIC YEAR ©2024. ALL RIGHTS
RESERVED. FIRST PUBLISH OCTOBER, 2024
The champion for the CSIRT may be the same person as the champion for the entire IR function-
typically, the - Ans:✔✔-chief information officer
The CSIRT must have a clear and concise ____ statement that, in a few sentences,
unambiguously articulates what it will do - Ans:✔✔-mission
The determination of what systems fall under the CSIRT 's responsibility is called its ____. -
Ans:✔✔-scope of operations
The first step in building a CSIRT is to - Ans:✔✔-obtain management support and buy-in
The focus during a(n) ____ is on learning what worked, what didn't, and where communications
and response procedures may have failed. - Ans:✔✔-after action review
The organization must first understand what skills are needed to effectively respond to an
incident. If necessary, management must determine if it is willing to acquire needed ____ to fill
in the gaps. - Ans:✔✔-personnel
Those services performed in response to a request or a defined event such as a help desk alert
are called - Ans:✔✔-reactive services
Those services undertaken to prepare the organization or the CSIRT constituents to protect and
secure systems in anticipation of problems, attacks, or other events are called - Ans:✔✔-
proactive services
Page 2/18
, GRACEAMELIA 2024/2025 ACADEMIC YEAR ©2024. ALL RIGHTS
RESERVED. FIRST PUBLISH OCTOBER, 2024
When an organization completely outsources its IR work, typically to an on-site contractor, it is
called a(n) ____ model. - Ans:✔✔-fully outsourced
As soon as the CSIRT is able to determine what exactly is happening, it is expected to report its
preliminary finding to management. - Ans:✔✔-True
One of the first signals that an organization is making progress in the development of its IR
program, specifically in the development of its CSIRT, is a dramatic drop in the number of
identified incidents. - Ans:✔✔-False
Regardless of which IR model an organization chooses, multiple employees should be in charge
of incident response. - Ans:✔✔-False
The CSIRT is also known as the IR Reaction Team. - Ans:✔✔-True
A ____ attack is much more substantial than a DoS attack because of the use of multiple
systems to simultaneously attack a single target - Ans:✔✔-distributed denial-of-service
A ____ is a small quantity of data kept by a Web site as a means of recording that a system has
visited that Web site. - Ans:✔✔-cookie
Which of the following is an example of a UA (Unauthorized Access) attack? - Ans:✔✔-
Modifying Web-based content without permission
Page 3/18
RESERVED. FIRST PUBLISH OCTOBER, 2024
CDS 348 Final Exam Study Questions
and Answers
A CSIRT model in which a single CSIRT handles incidents throughout the organization is called
a(n) - Ans:✔✔-central CSIRT
A CSIRT model that is effective for large organizations and for organizations with major
computing resources at distant locations is the - Ans:✔✔-distributed CSIRT
A key step in the ____ approach to incident response is to discover the identity of the intruder
while documenting his or her activity. - Ans:✔✔-apprehend and prosecute
Giving the IR team the responsibility for ____ is generally not recommended. - Ans:✔✔-patch
management
In the absence of the assigned team manager, the ____ should assume authority for overseeing
and evaluating a provided service. - Ans:✔✔-deputy team manager
One way to build and maintain staff skills is to develop incident-handling ____ and have the
team members discuss how they would handle them. - Ans:✔✔-scenarios
The announcement of an operational CSIRT should minimally include - Ans:✔✔-contact
methods and numbers
Page 1/18
,GRACEAMELIA 2024/2025 ACADEMIC YEAR ©2024. ALL RIGHTS
RESERVED. FIRST PUBLISH OCTOBER, 2024
The champion for the CSIRT may be the same person as the champion for the entire IR function-
typically, the - Ans:✔✔-chief information officer
The CSIRT must have a clear and concise ____ statement that, in a few sentences,
unambiguously articulates what it will do - Ans:✔✔-mission
The determination of what systems fall under the CSIRT 's responsibility is called its ____. -
Ans:✔✔-scope of operations
The first step in building a CSIRT is to - Ans:✔✔-obtain management support and buy-in
The focus during a(n) ____ is on learning what worked, what didn't, and where communications
and response procedures may have failed. - Ans:✔✔-after action review
The organization must first understand what skills are needed to effectively respond to an
incident. If necessary, management must determine if it is willing to acquire needed ____ to fill
in the gaps. - Ans:✔✔-personnel
Those services performed in response to a request or a defined event such as a help desk alert
are called - Ans:✔✔-reactive services
Those services undertaken to prepare the organization or the CSIRT constituents to protect and
secure systems in anticipation of problems, attacks, or other events are called - Ans:✔✔-
proactive services
Page 2/18
, GRACEAMELIA 2024/2025 ACADEMIC YEAR ©2024. ALL RIGHTS
RESERVED. FIRST PUBLISH OCTOBER, 2024
When an organization completely outsources its IR work, typically to an on-site contractor, it is
called a(n) ____ model. - Ans:✔✔-fully outsourced
As soon as the CSIRT is able to determine what exactly is happening, it is expected to report its
preliminary finding to management. - Ans:✔✔-True
One of the first signals that an organization is making progress in the development of its IR
program, specifically in the development of its CSIRT, is a dramatic drop in the number of
identified incidents. - Ans:✔✔-False
Regardless of which IR model an organization chooses, multiple employees should be in charge
of incident response. - Ans:✔✔-False
The CSIRT is also known as the IR Reaction Team. - Ans:✔✔-True
A ____ attack is much more substantial than a DoS attack because of the use of multiple
systems to simultaneously attack a single target - Ans:✔✔-distributed denial-of-service
A ____ is a small quantity of data kept by a Web site as a means of recording that a system has
visited that Web site. - Ans:✔✔-cookie
Which of the following is an example of a UA (Unauthorized Access) attack? - Ans:✔✔-
Modifying Web-based content without permission
Page 3/18
