Module 9: Incident Response
Assessment
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 1. Which of the following is not a common type of incident in a SCADA/ICS?
- a. Unauthorized access to system controls
- b. A worm infects a network at a nuclear power plant
- c. Vendor goes out of business and can no longer supply critical components
- d. Vendor improperly performs a security assessment, resulting in loss of system availability.
____ 2. In which phase of NIST’s SP 800-61 would organizations prioritize response to multiple threat actions?
- a. Preparation
- b. Detection and Analysis
- c. Containment Eradication and Recovery
- d. Post-Incident Activity
Matching
Match the National Response Framework’s Core Capabilities with their functions.
- a. Planning
- b. Public Information and Warning
- c. Operational Coordination
- d. Critical Transportation
- e. Environmental Response/Health and Safety
- f. Fatality Management Services
- g. Infrastructure Systems
- h. Mass Care Services
- i. Mass Search and Rescue Operations
- j. On-Scene Security and Protection
- k. Operational Communications
- l. Public and Private Services and Resources
- m. Public Health and Medical Services
- n. Situational Assessment
____ 3. Ensure the availability of guidance and resources
____ 4. Relay information on threats and hazards
____ 5. Provide life-sustaining services, including food and shelter
____ 6. Provide communications
____ 7. Establish and maintain an operational structure and process
____ 8. Provide decision makers with information
____ 9. Deliver search and rescue operations
____ 10. Provide transportation for response
____ 11. Provide essential services
____ 12. Engage the community to develop response approaches
____ 13. Provide lifesaving medical treatment
____ 14. Stabilize infrastructure
____ 15. Provide law enforcement and security
____ 16. Body recovery and victim identification services
Match the following section titles with their contents
- a. Overview, Goals, and Objectives
- b. Incident Description
- c. Incident Detection
- d. Incident Notification
- e. Incident Analysis
- f. Response Actions
- g. Communications
- h. Forensics
- i. Additional Sections
____ 17. Includes media contacts
____ 18. Incident type classification
____ 19. Address how an incident is prioritized and escalated
____ 20. Addresses how to evaluate and analyze an incident
____ 21. Other stuff
____ 22. Discusses business objectives
____ 23. The process for collecting, examining, and analyzing incident data, with an eye to legal action
____ 24. Defines the procedures used for each type of incident
____ 25. Describes how an incident is identified and reported
Short Answer
26. Define incident containment and provide an example of how it would be applied to an incident.
27. Discuss who the response strategy would differ in an incident that was sourced to people from within the organization, from that sourced from outside of the organization.