Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Stack #4530404
| Question | Answer |
|---|---|
| A delay of several years in notifying users about stolen account credentials characterizes which case? Group of answer choices Equifax Marriott Yahoo British Airways | Yahoo |
| If an organization keeps a detailed incident response log, it can be used as legal evidence later. Group of answer choices True False | True |
| Which breaches were notable for delayed notifications? Group of answer choices Yahoo Equifax Marriott British Airways | Yahoo |
| A hospital’s database is breached, exposing patient medical rec. wc initial step in Incident Response Plan must b taken 1st? Notify the public immediately Eradicate malware b4 identifying it Identify and analyze breach source Restore data fr backup | Identify and analyze the breach source |
| A ransomware attack encrypts a company’s HR system. Employees cannot work. What should the organization do first? Group of answer choices Notify staff only Contain the affected HR system Pay ransom immediately Reinstall operating systems | Contain the affected HR system |
| Which breach revealed vulnerabilities inherited during an acquisition? Group of answer choices Equifax Marriott Yahoo British Airways | Marriott |
| Which factors determine whether a breach must be reported? Group of answer choices Number of individuals affected Sensitivity of data exposed Likelihood of harm Company’s profit margin | Number of individuals affected Sensitivity of data exposed Likelihood of harm |
| An online shopping site was hacked, and stolen card details were sold on the dark web. Which ETSI indicator best applies? Group of answer choices Spam Website Forgery Intrusion DoS Attack | Intrusion |
| Which Philippine authority enforces data privacy regulations and breach notifications? Group of answer choices Department of Health Department of Justice National Privacy Commission Commission on Audit | National Privacy Commission |
| Which breach forced regulators to stress “data minimization” principles? Group of answer choices Yahoo Marriott British Airways Equifax | Equifax |
| A university suffers ransomware but recovers from backup. Which ETSI indicator applies? Group of answer choices Website Defacement Spam Malware Physical Intrusion | Malware |
| A company uses “tabletop exercises” to test its IRP. This technique belongs to which stage? Group of answer choices Recovery Preparation Identification Lessons Learned | Preparation |
| What is the most important factor in successful breach notifications? Group of answer choices Delay until impact is minimized Timeliness and accuracy of disclosure Excluding technical details Blaming third parties | Timeliness and accuracy of disclosure |
| Which IRP step would involve reimaging systems and reinstalling clean applications? Group of answer choices Identification Containment Recovery Notification | Recovery |
| Which organizations must comply with HIPAA breach notification rules? Group of answer choices Hospitals Health insurance companies Healthcare clearinghouses Online retail stores | Hospitals Health insurance companies Healthcare clearinghouses |
| The Marriott breach showed that vulnerabilities inherited during acquisitions may go unnoticed. Group of answer choices True False | True |
| Which of the following penalties was imposed on Equifax for its delayed breach notification? Group of answer choices $50 million settlement Up to $700 million settlement No fine but reputational damage only Lifetime suspension of services | Up to $700 million settlement |
| Which IRP step is critical for maintaining evidence integrity in potential legal investigations? Group of answer choices Recovery Identification and containment Preparation Eradication | Identification and containment |
| Which best practices apply during the Lessons Learned phase? Group of answer choices Update security policies Revise training programs Analyze logs and response effectiveness Delete incident records | Update security policies Revise training programs Analyze logs and response effectiveness |
| Which IRP phase includes determining whether the event is a true security incident or a false alarm? Group of answer choices Identification Preparation Recovery Eradication | Identification |
| Which breach taught the industry about risks in credit-reporting infrastructures? Group of answer choices Equifax Yahoo Marriott British Airways | Equifax |
| Which are examples of Eradication activities? Group of answer choices Removing malware Deleting unauthorized user accounts Applying security patches Conducting PR campaigns | Removing malware Deleting unauthorized user accounts Applying security patches |
| Under GDPR, who bears the burden of proving compliance with breach notification rules? Group of answer choices Customers Organizations (Data Controllers) Regulators Security vendors | Organizations (Data Controllers) |
| Which phase ensures systems are fully functional and secure before going back online? Group of answer choices Preparation Containment Recovery Identification | Recovery |
| Which IRP phase emphasizes collaboration with law enforcement when criminal activity is suspected? Group of answer choices Recovery Identification and Notification Eradication Containment | Identification and Notification |
| In breach response, what role does public relations (PR) play? Group of answer choices Eradication Managing external communications Restoring backups Forensic analysis | Managing external communications |
| What is the main purpose of incident assessment? Group of answer choices Rebuild all servers immediately Determine scope, impact, and severity Avoid regulator involvement Pay ransom if demanded | Determine scope, impact, and severity |
| An attacker modifies DNS records to redirect users to fake sites. Which ETSI indicator best applies? Group of answer choices Spam Intrusion Website Forgery DoS Attack | Website Forgery |
| Which industries are especially regulated regarding breach notifications? Group of answer choices Healthcare (HIPAA) Finance (GDPR, DPA) E-commerce (PCI-related) Agriculture | Healthcare (HIPAA) Finance (GDPR, DPA) E-commerce (PCI-related) |
| A company hires a digital forensics team to analyze a breached database. Which phase of IRP is this? Group of answer choices Recovery Containment Identification and Investigation Lessons Learned | Identification and Investigation |
| Lessons Learned meetings should include both technical and non-technical staff. Group of answer choices True False | True |
| Which Philippine regulation obliges companies to submit a breach notification within 72 hours? Group of answer choices HIPAA CCPA GDPR DPA 2012 | DPA 2012 |
| What activities should organizations perform during the Preparation phase of IRP? Group of answer choices Draft incident response policies Establish CSIRT teams Conduct training and simulations Publicly disclose potential threats | Draft incident response policies Establish CSIRT teams Conduct training and simulations |
| Incident response plans should be tested annually or biannually to remain effective. Group of answer choices True False | True |
| Which ETSI indicator involves overwhelming a server with traffic to disrupt services? Group of answer choices Malware Spam Intrusion DoS Attack | DoS Attack |
| A hospital ransomware attack encrypted patient files, but the hospital refused to notify regulators because backups restored data. This action is compliant with HIPAA. Group of answer choices True False | False |
| In HIPAA, who must be notified if over 500 individuals’ PHI is exposed? Group of answer choices Only patients Patients, HHS, and media Only regulators Only the IT department | Patients, HHS, and media |
| Which breach response step can be legally required across GDPR, HIPAA, and DPA 2012? Group of answer choices Only technical patching Breach notification to regulators and affected individuals Hiring new IT staff Press release | Breach notification to regulators and affected individuals |
| Which actions are part of the Containment phase in IRP? Group of answer choices Isolating affected systems Blocking malicious IP addresses Rebuilding all systems immediately Publishing breach details online | Isolating affected systems Blocking malicious IP addresses |
| The National Privacy Commission (Philippines) requires breach notifications even for suspected incidents. Group of answer choices True False | False |
| Which law primarily enforces consumer rights in California regarding breach notifications? Group of answer choices GDPR HIPAA CCPA PCI DSS | CCPA |
| An organization creates policies, forms a Computer Security Incident Response Team (CSIRT), and trains employees. Which IRP phase does this represent? Group of answer choices Containment Recovery Lessons Learned Preparation | Preparation |
| Which IRP stage involves communicating with external stakeholders, including DPAs and customers? Group of answer choices Containment Recovery Notification/Communication Lessons Learned | Notification/Communication |
| A company immediately notifies customers about a suspected breach even before confirming it. This may cause panic but fulfills notification duties. Group of answer choices True False | True |
| What is the main difference between HIPAA and GDPR breach notifications? Group of answer choices HIPAA applies globally HIPAA applies to PHI, GDPR covers all personal data GDPR only applies to healthcare GDPR has no timeline requirement | HIPAA applies to PHI, GDPR covers all personal data |
| A company failing to notify DPAs within 72 hours under GDPR may face heavy fines. Group of answer choices True False | True |
| Failing to patch known vulnerabilities is an example of poor preparation in IRP. Group of answer choices True False | True |
| Eradication should always be done before containment to ensure full elimination of threats. Group of answer choices True False | False |
| After responding to a phishing attack, the security team updates training programs and policies. This reflects which IRP phase? Group of answer choices Containment Lessons Learned Eradication Identification | Lessons Learned |
| Which breach revealed the risk of using third-party scripts for payments? Group of answer choices Equifax Yahoo Marriott British Airways | British Airways |
| A phishing campaign successfully tricks employees into clicking malicious links. Which immediate step is best? Group of answer choices Recovery Containment Lessons Learned Public disclosure | Containment |
| Which incident response best practice reduces downtime for critical services? Group of answer choices Notify DPAs first Maintain redundant systems for continuity Erase logs to protect privacy Train only executives | Maintain redundant systems for continuity |
| Which IRP phase ensures continuity of critical operations while incidents are addressed? Group of answer choices Eradication Recovery Containment Lessons Learned | Containment |
| Which case taught the importance of vendor and acquisition risk management? Group of answer choices Yahoo Marriott British Airways Equifax | Marriott |
| Which factor worsened Yahoo’s response to its breach? Group of answer choices Overreporting the issue Quick communication with regulators Delay in disclosure to users Too much transparency | Delay in disclosure to users |
| Which IRP phase comes right after eradication? Group of answer choices Identification Containment Recovery Preparation | Recovery |
| Which law requires notification of a data breach to a supervisory authority within 72 hours? Group of answer choices HIPAA GDPR CCPA Philippine DPA 2012 | GDPR |
| In the Equifax breach, stolen data included credit card details and Social Security numbers. Group of answer choices True False | True |
| A retail company in California experiences a breach affecting customer names and addresses. Which law applies primarily? Group of answer choices GDPR HIPAA CCPA PCI DSS | CCPA |
| Which communication channels are acceptable for notifying individuals of a breach? Group of answer choices Written letters Email notifications Public announcements (for large-scale incidents) Internal memos only | Written letters Email notifications Public announcements (for large-scale incidents) |
| GDPR requires that breach notifications include details about mitigation efforts. Group of answer choices True False | True |
| An organization detects spam campaigns in its network but ignores them because no sensitive data was exposed. This is acceptable under GDPR. Group of answer choices True False | False |
| Which breach highlighted poor incident monitoring and communication with regulators? Group of answer choices British Airways Yahoo Equifax Marriott | Equifax |
| Lessons learned sessions after an incident are optional and not part of formal IRP. Group of answer choices True False | False |
| ETSI incident indicators are only applicable in Europe and have no global relevance. Group of answer choices True False | False |
| In HIPAA breach notifications, which of the following must be communicated to individuals? Group of answer choices Description of the incident Types of PHI involved Steps individuals should take to protect themselves Employee payroll details | Description of the incident Types of PHI involved Steps individuals should take to protect themselves |
| Which breach led to the exposure of 500 million hotel guest records, including passport details? Group of answer choices Equifax Marriott Yahoo British Airways | Marriott |
| During an incident, the security team isolates affected servers to prevent further spread. This represents which IRP phase? Group of answer choices Identification Containment Recovery Eradication | Containment |
| An organization implementing phishing awareness training after an attack is practicing “Lessons Learned.” Group of answer choices True False | True |
| Which breach showed failure to secure passport data during hotel bookings? Group of answer choices Equifax Marriott Yahoo British Airways | Marriott |
| If hackers replace a company website with political propaganda, what ETSI indicator is this? Group of answer choices Website Defacement Phishing Spam Intrusion | Website Defacement |
| Which incidents specifically involved credit card theft? Group of answer choices British Airways Target (reference example) Yahoo Marriott | British Airways Target (reference example) |
| A phishing email campaign should be classified as an intrusion in ETSI categories. Group of answer choices True False | False |
| The British Airways breach involved stolen data from passengers’ travel itineraries and payment details. Group of answer choices True False | True |
| Which laws mandate breach notification obligations? Group of answer choices GDPR HIPAA Philippine DPA 2012 PCI DSS (industry standard, not law) | GDPR HIPAA Philippine DPA 2012 |
| The Yahoo breach demonstrated that multi-year notification delays severely damage trust. Group of answer choices True False | True |
| Which breach involved attackers injecting malicious scripts into an airline’s website to capture card details? Group of answer choices Yahoo Marriott Equifax British Airways | British Airways |
| Which are common consequences of poor breach notification? Group of answer choices Regulatory fines Loss of customer trust Litigation costs Increased employee salaries | Regulatory fines Loss of customer trust Litigation costs |
| A financial firm discovers hackers exploiting an unpatched vulnerability. What must be done after containment? Group of answer choices Notify DPAs Rebuild network immediately Eradicate the root cause Publicly disclose the incident | Eradicate the root cause |
| Which body oversees breach notifications under GDPR? Group of answer choices U.S. Federal Trade Commission Philippine NPC Data Protection Authorities (DPAs) Department of Justice | Data Protection Authorities (DPAs) |
| A company that encrypts sensitive data but still gets breached is not legally required to notify authorities under any law. Group of answer choices True False | False |
| If an organization contains a breach but does not conduct forensic analysis, the IRP is still complete. Group of answer choices True False | False |
| Which recovery activities are considered best practices? Group of answer choices Reinstalling clean software Restoring data from verified backups Monitoring for re-infection Destroying all logs | Reinstalling clean software Restoring data from verified backups Monitoring for re-infection |
| The ETSI indicator “Spam” would most likely be detected during which IRP phase? Group of answer choices Recovery Identification Eradication Lessons Learned | Identification |
Created by:
cinnamonbr34d