Module 9: Incident Response

Assessment

Multiple Choice

Identify the choice that best completes the statement or answers the question.

 

____ 1. Which of the following is not a common type of incident in a SCADA/ICS?

  • a. Unauthorized access to system controls
  • b. A worm infects a network at a nuclear power plant
  • c. Vendor goes out of business and can no longer supply critical components
  • d. Vendor improperly performs a security assessment, resulting in loss of system availability.

 

____ 2. In which phase of NIST’s SP 800-61 would organizations prioritize response to multiple threat actions?

  • a. Preparation
  • b. Detection and Analysis
  • c. Containment Eradication and Recovery
  • d. Post-Incident Activity

Matching

Match the National Response Framework’s Core Capabilities with their functions.

  • a. Planning
  • b. Public Information and Warning
  • c. Operational Coordination
  • d. Critical Transportation
  • e. Environmental Response/Health and Safety
  • f. Fatality Management Services
  • g. Infrastructure Systems
  • h. Mass Care Services
  • i. Mass Search and Rescue Operations
  • j. On-Scene Security and Protection
  • k. Operational Communications
  • l. Public and Private Services and Resources
  • m. Public Health and Medical Services
  • n. Situational Assessment

 

____ 3. Ensure the availability of guidance and resources

 

____ 4. Relay information on threats and hazards

 

____ 5. Provide life-sustaining services, including food and shelter

 

____ 6. Provide communications

 

____ 7. Establish and maintain an operational structure and process

 

____ 8. Provide decision makers with information

 

____ 9. Deliver search and rescue operations

 

____ 10. Provide transportation for response

 

____ 11. Provide essential services

 

____ 12. Engage the community to develop response approaches

 

____ 13. Provide lifesaving medical treatment

 

____ 14. Stabilize infrastructure

 

____ 15. Provide law enforcement and security

 

____ 16. Body recovery and victim identification services

 

Match the following section titles with their contents

 

  • a. Overview, Goals, and Objectives
  • b. Incident Description
  • c. Incident Detection
  • d. Incident Notification
  • e. Incident Analysis
  • f. Response Actions
  • g. Communications
  • h. Forensics
  • i. Additional Sections

 

____ 17. Includes media contacts

 

____ 18. Incident type classification

 

____ 19. Address how an incident is prioritized and escalated

 

____ 20. Addresses how to evaluate and analyze an incident

 

____ 21. Other stuff

 

____ 22. Discusses business objectives

 

____ 23. The process for collecting, examining, and analyzing incident data, with an eye to legal action

 

____ 24. Defines the procedures used for each type of incident

 

____ 25. Describes how an incident is identified and reported

Short Answer

26. Define incident containment and provide an example of how it would be applied to an incident.

27. Discuss who the response strategy would differ in an incident that was sourced to people from within the organization, from that sourced from outside of the organization.

License

Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Systems by NCyTE Center is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book