Review Questions



                1.  Which of the following is the best response after detecting and
                    verifying an incident?

                    A.  Contain it.

                    B.  Report it.

                    C.  Remediate it.

                    D.  Gather evidence.

                2.  Which of the following would security personnel do during the
                    remediation stage of an incident response?


                    A.  Contain the incident

                    B.  Collect evidence

                    C.  Rebuild system

                    D.  Root cause analysis

                3.  Which of the following are DoS attacks? (Choose three.)

                    A.  Teardrop

                    B.  Smurf

                    C.  Ping of death

                    D.  Spoofing


                4.  How does a SYN flood attack work?

                    A.  Exploits a packet processing glitch in Windows systems

                    B.  Uses an amplification network to flood a victim with packets

                    C.  Disrupts the three-way handshake used by TCP

                    D.  Sends oversized ping packets to a victim

                5.  A web server hosted on the internet was recently attacked,
                    exploiting a vulnerability in the operating system. The operating
                    system vendor assisted in the incident investigation and verified