IAP Test Exam Updated ACTUAL
QUESTIONS AND CORRECT ANSWERS
1) All incidents regardless of how small should be handled by an incident response team. -
CORRECT ANSWER False
2) Which of the following should not be in an information response team charter? -
CORRECT ANSWER Detailed line budget
3) Which of the following IRT members should be consulted before communicating to the
public about an incident? - CORRECT ANSWER All of the above
4) As defined by this chapter, what is not a step in responding to an incident? - CORRECT
ANSWER Creating a budget to compare options|Analyzing an incident response
5) A method outlined in this chapter to determine if an incident is major or minor is to
classify an incident with a _______ rating. - CORRECT ANSWER Severity
6) When containing an incident, you should always apply a long-term preventive solution. -
CORRECT ANSWER False
7) The IRT starts recording events once an _______. - CORRECT ANSWER Incident
is declared
8) During the containment step, you should also gather as much evidence as reasonably
possible about the incident. - CORRECT ANSWER True
9) To clean up after an incident, you should always wipe the affected machine clean and
rebuild it from scratch. - CORRECT ANSWER False
10) What value does a forensic tool bring? - CORRECT ANSWER All of the above
,11) How important is it to identify the attacker before issuing a final IRT report? - CORRECT
ANSWER Moderately important; nice to have but issue the report if not available
12) When analyzing an incident, you must try to determine which of the following? -
CORRECT ANSWER All of the above
13) Which IRT member is responsible for handling the media? - CORRECT
ANSWER Public relations
14) It is a best practice to test the IRT capability at least once a year. - CORRECT
ANSWER True
15) A federal agency is not required by law to report a security incident. - CORRECT
ANSWER False
1) Which of the following indicate that the culture of an organization is adopting IT security
policies? - CORRECT ANSWER All of the above
2) Effective security policies require that everyone in the organization be accountable for
policy implementation. - CORRECT ANSWER True
3) A quick indicator of whether a risk committee has discussed security policies or if the topic
has been delegated to lower levels is by looking at _______. - CORRECT
ANSWER Committee meeting minutes
4) Deliberate acts and malicious behavior by employees are easy to control, especially when
proper deterrents are installed. - CORRECT ANSWER False
5) Which of the following is not an organizational challenge when implementing security
policies? - CORRECT ANSWER Tight schedules
, 6) Which type of plan is critical to ensuring security awareness reaches specific types of
users? - CORRECT ANSWER Rollout plan ( trien khai)
7) Why should a security policy implementation be flexible to allow for updates? -
CORRECT ANSWER A and C
8) Which of the following is the least objectionable when dealing with policies in regards to
outdated technology? - CORRECT ANSWER Write security policies to best practices
and issue a policy waiver ( tu bo) for outdated technology that inherently cannot comply.
9) What is a strong indicator that awareness training is not effective? - CORRECT
ANSWER Sharing your password with a supervisor
10) Which of the following is a common cause of security breaches? - CORRECT
ANSWER Inadequate management and user decisions
11) Classroom training for security policy awareness is always the superior option to other
alternatives, such as online training. - CORRECT ANSWER False
12) To get employees to comply and accept security policies, the organization must
understand the employees' _______ - CORRECT ANSWER Motivation for needs
13) A brown bag session is a formal training event with a tightly controlled agenda. -
CORRECT ANSWER False
14) What is the best way to disseminate a new policy? - CORRECT ANSWER Intranet
15) Without _______, implementation of IT security policies is impossible. - CORRECT
ANSWER Excutive support
1) Which of the following is not an organizational gateway committee? - CORRECT
ANSWER Internal connection committee
QUESTIONS AND CORRECT ANSWERS
1) All incidents regardless of how small should be handled by an incident response team. -
CORRECT ANSWER False
2) Which of the following should not be in an information response team charter? -
CORRECT ANSWER Detailed line budget
3) Which of the following IRT members should be consulted before communicating to the
public about an incident? - CORRECT ANSWER All of the above
4) As defined by this chapter, what is not a step in responding to an incident? - CORRECT
ANSWER Creating a budget to compare options|Analyzing an incident response
5) A method outlined in this chapter to determine if an incident is major or minor is to
classify an incident with a _______ rating. - CORRECT ANSWER Severity
6) When containing an incident, you should always apply a long-term preventive solution. -
CORRECT ANSWER False
7) The IRT starts recording events once an _______. - CORRECT ANSWER Incident
is declared
8) During the containment step, you should also gather as much evidence as reasonably
possible about the incident. - CORRECT ANSWER True
9) To clean up after an incident, you should always wipe the affected machine clean and
rebuild it from scratch. - CORRECT ANSWER False
10) What value does a forensic tool bring? - CORRECT ANSWER All of the above
,11) How important is it to identify the attacker before issuing a final IRT report? - CORRECT
ANSWER Moderately important; nice to have but issue the report if not available
12) When analyzing an incident, you must try to determine which of the following? -
CORRECT ANSWER All of the above
13) Which IRT member is responsible for handling the media? - CORRECT
ANSWER Public relations
14) It is a best practice to test the IRT capability at least once a year. - CORRECT
ANSWER True
15) A federal agency is not required by law to report a security incident. - CORRECT
ANSWER False
1) Which of the following indicate that the culture of an organization is adopting IT security
policies? - CORRECT ANSWER All of the above
2) Effective security policies require that everyone in the organization be accountable for
policy implementation. - CORRECT ANSWER True
3) A quick indicator of whether a risk committee has discussed security policies or if the topic
has been delegated to lower levels is by looking at _______. - CORRECT
ANSWER Committee meeting minutes
4) Deliberate acts and malicious behavior by employees are easy to control, especially when
proper deterrents are installed. - CORRECT ANSWER False
5) Which of the following is not an organizational challenge when implementing security
policies? - CORRECT ANSWER Tight schedules
, 6) Which type of plan is critical to ensuring security awareness reaches specific types of
users? - CORRECT ANSWER Rollout plan ( trien khai)
7) Why should a security policy implementation be flexible to allow for updates? -
CORRECT ANSWER A and C
8) Which of the following is the least objectionable when dealing with policies in regards to
outdated technology? - CORRECT ANSWER Write security policies to best practices
and issue a policy waiver ( tu bo) for outdated technology that inherently cannot comply.
9) What is a strong indicator that awareness training is not effective? - CORRECT
ANSWER Sharing your password with a supervisor
10) Which of the following is a common cause of security breaches? - CORRECT
ANSWER Inadequate management and user decisions
11) Classroom training for security policy awareness is always the superior option to other
alternatives, such as online training. - CORRECT ANSWER False
12) To get employees to comply and accept security policies, the organization must
understand the employees' _______ - CORRECT ANSWER Motivation for needs
13) A brown bag session is a formal training event with a tightly controlled agenda. -
CORRECT ANSWER False
14) What is the best way to disseminate a new policy? - CORRECT ANSWER Intranet
15) Without _______, implementation of IT security policies is impossible. - CORRECT
ANSWER Excutive support
1) Which of the following is not an organizational gateway committee? - CORRECT
ANSWER Internal connection committee
