Free 5-question sample test with instant feedback. See how ready you are.
Question 1
What are the six phases of the NIST incident response lifecycle in correct order?
Answer: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-Incident Activity (often listed as 6 steps by splitting containment, eradication, and recovery).
Question 2
During which phase of incident response are indicators of compromise (IoCs) first identified and triaged?
Answer: Detection and Analysis phase, where security teams examine alerts, logs, and other signals to confirm whether an incident has occurred.
Question 3
What is the primary goal of the Containment phase in incident response?
Answer: To limit the scope and impact of the incident, preventing further damage or spread while preserving evidence for analysis.
Question 4
What distinguishes the Eradication phase from the Containment phase in incident response?
Answer: Eradication involves permanently removing the root cause (malware, backdoors, compromised accounts), whereas containment only limits the spread without full removal.
Question 5
What is the purpose of a lessons-learned meeting conducted during the Post-Incident Activity phase?
Answer: To review what happened, evaluate the effectiveness of the response, identify gaps, and update policies and procedures to prevent recurrence.