212-89

Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of an IRT?A . Links the appropriate technology to the incident to ensure that the foundation’s offices are returned to normal operations as...

When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?A . All access rights of the employee to physical locations, networks, systems, applications and data should be disabledB . The organization should enforce separation of dutiesC . The access...

Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?A . An insider intentionally deleting files from a workstationB . An attacker redirecting user to a malicious website and infects his system with TrojanC ....

The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup...

Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical...

One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According to CERT’s incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process improvement mechanisms?A . ProtectionB . PreparationC...

Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?A . Evidence SupervisorB . Evidence DocumenterC . Evidence ManagerD . Evidence Examiner/...

A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined: A . Identification VulnerabilitiesB . Control analysisC . Threat identificationD . System characterizationView AnswerAnswer: C

The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?A . Full-level authorityB . Mid-level authorityC . Half-level authorityD ....

Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?A . Access control policyB . Audit trail policyC . Logging policyD...