278 Chapter 11 ■ Practice Test 3
- What stage of the incident response process is Alejandro currently conducting?
A. Detection
B. Response
C. Recovery
D. Mitigation - If Alejandro’s initial investigation determines that a security incident is likely taking place,
what should be his next step?
A. Investigate the root cause.
B. File a written report.
C. Activate the incident response team.
D. Attempt to restore the system to normal operations.
8 7. As the incident response progresses, during which stage should the team conduct a root
cause analysis?
A. Response
B. Reporting
C. Remediation
D. Lessons Learned- Barry recently received a message from Melody that Melody encrypted using symmetric
cryptography. What key should Barry use to decrypt the message?
A. Barry’s public key
B. Barry’s private key
C. Melody’s public key
D. Shared secret key - After you do automated functional testing with 100 percent coverage of an application,
what type of error is most likely to remain?
A. Business logic errors
B. Input validation errors
C. Runtime errors
D. Error handling errors - During what phase of the incident response process would security professionals analyze
the process itself to determine whether any improvements are warranted?
A. Lessons Learned
B. Remediation
C. Recovery
D. Reporting