CCNA Cyber Ops FAQ: Incident Response Teams

CCNA Cyber Ops FAQ: Incident Response Teams

Q1. Which of the following are examples of some of the responsibilities of a corporate CSIRT and the policies it helps create? (Select all that apply.)
A. Scanning vendor customer networks
B. Incident classification and handling
C. Information classification and protection
D. Information dissemination
E. Record retentions and destruction

Answer: B, C, D, and E. Incident classification and handling, information classification and protection, information dissemination, and record retentions and destruction are the responsibilities of a CSIRT or policies it helps create. Typically, corporate CSIRTs do not scan the network of vendors or their customers.

Q2. Which of the following is one of the main goals of the CSIRT?
A. To configure the organization’s firewalls

B. To monitor the organization’s IPS devices

C. To minimize and control the damage associated with incidents, provide guidance for mitigation, and work to prevent future incidents

D. To hire security professionals who will be part of the InfoSec team of the organization.

Answer: C. One of the main goals of a CSIRT is to minimize risk, contain cyber damage, and save money by preventing incidents from happening—and if they do occur, to mitigate them efficiently.

Q3. Which of the following are the three metrics, or “scores,” of the Common Vulnerability Scoring System (CVSS)? (Select all that apply.)
A. Baseline score
B. Base score
C. Environmental score
D. Temporal score

Answer: B, C, and D. The base, temporal, and environmental scores are the three main components of the CVSS.

Q4. Which of the following is typically a responsibility of a PSIRT?
A. Configure the organization’s firewall
B. Monitor security logs
C. Investigate security incidents in a security operations center (SOC)
D. Disclose vulnerabilities in the organization’s products and services

Answer: D. PSIRTs are typically responsible for disclosing vulnerabilities in products and services sold by the organization to its customers.

Q5. Which of the following are core responsibilities of a national CSIRT and CERT?
A. Provide solutions for bug bounties

B. Protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information

C. Provide vulnerability brokering to vendors within a country

D. Create regulations around cybersecurity within the country

Answer: B. National CSIRTs and CERTs aim to protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information.

Q6. Which of the following is an example of a coordination center?
A. Cisco PSIRT
B. Microsoft MSRC
C. CERT division of the Software Engineering Institute (SEI)
D. FIRST

Answer: C. The CERT division of the Software Engineering Institute (SEI) is an example of a coordination center. Both Cisco PSIRT and Microsoft MSRC are PSIRTs, and FIRST is a forum for incident response teams.

Q7. Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a security operations center (SOC)?
A. Cisco CloudLock
B. Cisco’s Active Threat Analytics (ATA)
C. Cisco Managed Firepower Service
D. Cisco Jasper

Answer: B. The Cisco ATA service offers customers 24-hour continuous monitoring and advanced-analytics capabilities, combined with threat intelligence and security analysts and investigators to detect security threats in the customer networks. More information about Cisco ATA can be obtained at
https://www.cisco.com/c/en/us/products/security/managedservices.html.

Q8. Which of the following aim to protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information?
A. National CERTs
B. PSIRT
D. ATA
D. Global CERTs

Answer: A. National CERTs aim to protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information. PSIRTs are vendor Product Security Incident Response Teams. ATA is a Cisco-managed security service, and global CERTs do not exist.

Q9. Which of the following is the team that handles the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services?
A. CSIRT
B. ICASI
C. USIRP
D. PSIRT

Answer: D. Product Security Incident Response Teams (PSIRTs) are the ones that handle the investigation, resolution, and disclosure of security vulnerabilities in vendor products and services.

Q10. Which of the following is an example of a coordination center?
A. PSIRT
B. FIRST
C. The CERT/CC division of the Software Engineering Institute (SEI)
D. USIRP from ICASI

Answer: C. CERT/CC is an example of a coordination center.

Q11. Which of the following is the most widely adopted standard to calculate the severity of a given security vulnerability?
A. VSS
B. CVSS
C. VCSS
D. CVSC

Answer: B. The Common Vulnerability Scoring System (CVSS) is the most widely adopted standard to calculate the severity of a given security vulnerability.

Q12. The CVSS base score defines Exploitability metrics that measure how a vulnerability can be exploited as well as Impact metrics that measure the impact on which of the following? (Choose three.)
A. Repudiation
B. Non-repudiation
C. Confidentiality
D. Integrity
E. Availability

Answer: C, D, E. Confidentiality, integrity, and availability (CIA) are part of the CVSS base score metrics.

More Resources

About the author

Scott

Leave a Comment