Incident Response Procedures for Data Breaches
Exam 2025 | All Questions and Correct Answers |
Already Graded A+ | Verified Answers | Just Released
What is Incident Type 1 in the context of data security? - (ANSWER)Theft by
Employee, which involves the theft of confidential information by individuals
abusing their trust and authority.
What actions should be taken immediately if theft by an employee is suspected? -
(ANSWER)Identify suspected parties, revoke all privileges, change global or
administrative passwords, back up logs, and secure hardcopy evidence.
What types of materials could be compromised in an employee theft incident? -
(ANSWER)Credit card data, UserIDs and/or passwords, proprietary information,
and financial records.
What is the purpose of notifying relevant parties after a theft incident? -
(ANSWER)To inform them of the loss and any potential impacts.
What steps should be taken if credit card data is lost? - (ANSWER)Notify
appropriate authorities and institute procedures to minimize impact to
cardholders.
What should be done if <Company> proprietary information is compromised? -
(ANSWER)Initiate steps to minimize damage, including termination of
employment and prosecution.
,What is the hardening procedure for Incident Type 1? - (ANSWER)Review
employee-vetting techniques and confidential data dissemination procedures,
and update documentation as necessary.
What characterizes Incident Type 2? - (ANSWER)Confidential information stolen
from staff due to negligence, such as misplacing or losing documents.
What immediate actions should be taken if confidential information is lost by staff
negligence? - (ANSWER)Change UserIDs and passwords of responsible individuals
and any global passwords they had access to.
What should be identified after a breach due to staff negligence? - (ANSWER)The
point and specific type of breach, as well as what specific material was
compromised.
What disciplinary actions may responsible employees face in Incident Type 2? -
(ANSWER)They may be subject to disciplinary policies up to and including
termination of employment.
What is the hardening procedure for Incident Type 2? - (ANSWER)Review
employee-training materials and remind employees of the sensitive nature of
data.
What defines Incident Type 3? - (ANSWER)Loss of confidential information by
accident due to unforeseen and uncontrollable circumstances.
, What is an example of a scenario that could lead to Incident Type 3? -
(ANSWER)Data lost in transit due to a traffic accident.
What actions should be taken immediately in the event of accidental loss of
confidential data? - (ANSWER)Change UserIDs and passwords of affected
individuals and any global passwords they had access to.
What is the overall goal of the response procedures for all incident types? -
(ANSWER)To minimize damage, recover information, and ensure the integrity of
confidential data.
What should be done with logs and evidence in the case of an incident? -
(ANSWER)Back up all relevant logs and secure any hardcopy evidence.
What should be done to re-activate innocent users after an incident? -
(ANSWER)Require new passwords for all affected systems.
What is the significance of determining affected machines in an incident? -
(ANSWER)To assess the scope of the breach and implement necessary security
measures.
What should be included in the inventory check after an incident? -
(ANSWER)Check for any physical loss of confidential materials.
Exam 2025 | All Questions and Correct Answers |
Already Graded A+ | Verified Answers | Just Released
What is Incident Type 1 in the context of data security? - (ANSWER)Theft by
Employee, which involves the theft of confidential information by individuals
abusing their trust and authority.
What actions should be taken immediately if theft by an employee is suspected? -
(ANSWER)Identify suspected parties, revoke all privileges, change global or
administrative passwords, back up logs, and secure hardcopy evidence.
What types of materials could be compromised in an employee theft incident? -
(ANSWER)Credit card data, UserIDs and/or passwords, proprietary information,
and financial records.
What is the purpose of notifying relevant parties after a theft incident? -
(ANSWER)To inform them of the loss and any potential impacts.
What steps should be taken if credit card data is lost? - (ANSWER)Notify
appropriate authorities and institute procedures to minimize impact to
cardholders.
What should be done if <Company> proprietary information is compromised? -
(ANSWER)Initiate steps to minimize damage, including termination of
employment and prosecution.
,What is the hardening procedure for Incident Type 1? - (ANSWER)Review
employee-vetting techniques and confidential data dissemination procedures,
and update documentation as necessary.
What characterizes Incident Type 2? - (ANSWER)Confidential information stolen
from staff due to negligence, such as misplacing or losing documents.
What immediate actions should be taken if confidential information is lost by staff
negligence? - (ANSWER)Change UserIDs and passwords of responsible individuals
and any global passwords they had access to.
What should be identified after a breach due to staff negligence? - (ANSWER)The
point and specific type of breach, as well as what specific material was
compromised.
What disciplinary actions may responsible employees face in Incident Type 2? -
(ANSWER)They may be subject to disciplinary policies up to and including
termination of employment.
What is the hardening procedure for Incident Type 2? - (ANSWER)Review
employee-training materials and remind employees of the sensitive nature of
data.
What defines Incident Type 3? - (ANSWER)Loss of confidential information by
accident due to unforeseen and uncontrollable circumstances.
, What is an example of a scenario that could lead to Incident Type 3? -
(ANSWER)Data lost in transit due to a traffic accident.
What actions should be taken immediately in the event of accidental loss of
confidential data? - (ANSWER)Change UserIDs and passwords of affected
individuals and any global passwords they had access to.
What is the overall goal of the response procedures for all incident types? -
(ANSWER)To minimize damage, recover information, and ensure the integrity of
confidential data.
What should be done with logs and evidence in the case of an incident? -
(ANSWER)Back up all relevant logs and secure any hardcopy evidence.
What should be done to re-activate innocent users after an incident? -
(ANSWER)Require new passwords for all affected systems.
What is the significance of determining affected machines in an incident? -
(ANSWER)To assess the scope of the breach and implement necessary security
measures.
What should be included in the inventory check after an incident? -
(ANSWER)Check for any physical loss of confidential materials.
