Graded Quiz: Analyzing Incident Response and Digital Forensics Case Studies :Cybersecurity Case Studies and Capstone Project (IBM Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1 — Benefit of post-incident reviews
❌ Avoid documenting lessons learned
❌ Create static security measures
✅ Identify root causes and improve security measures
❌ Focus only on financial cost
Explanation:
Post-incident reviews help organizations understand what went wrong and how to prevent recurrence.
2. Question 2 — Learnings from analyzing TTPs
❌ Identify only IOCs
❌ Limit training to technical staff
❌ Ignore web vulnerabilities
✅ Understand attacker behavior to improve future defenses
Explanation:
TTP analysis teaches organizations how adversaries operate, enabling better detection and response.
3. Question 3 — Initial attempt to handle increased traffic
❌ Removing features
❌ Deploying additional servers immediately
✅ Requesting a temporary quota increase
❌ Shutting down services
Explanation:
Google first attempted to increase quota limits to handle unexpected surge in traffic.
4. Question 4 — Root cause of Google Home frequent data fetches
❌ Outdated Google Assistant
❌ Hardware mismatch
❌ Incorrect voice commands
✅ Miscommunication between client and server developers
Explanation:
The issue originated from misunderstanding of system behavior between engineering teams.
5. Question 5 — Outcome after lightning strike incident analysis
❌ Permanent damage
✅ Minimal data loss (<0.000001% unrecoverable)
❌ Full recovery
❌ Indefinite shutdown
Explanation:
Google reported extremely tiny, almost negligible data loss after the lightning strike.
6. Question 6 — Value of digital forensics case studies
❌ Learning how to hack
❌ Avoiding legal boundaries
❌ Learning new tech only
✅ Learning how to handle similar investigations
Explanation:
Case studies help investigators understand real-world scenarios and apply best practices.
7. Question 7 — Ethical consideration in digital forensics
✅ Privacy concerns & legal boundaries
❌ Use of open-source tools
❌ Importance of encryption
❌ Social media impact
Explanation:
Digital forensics professionals must balance evidence handling with privacy and legality.
8. Question 8 — Tools used to trace Madoff transactions
❌ Cybersecurity monitoring tools
✅ Forensic accounting software
❌ Machine learning models
❌ Cloud systems
Explanation:
The Madoff case relied heavily on forensic accounting to trace financial fraud patterns.
9. Question 9 — Crucial technology in exposing Madoff fraud
❌ Blockchain analysis
❌ AI algorithms
❌ Encrypted communication tools
✅ Data analytics software
Explanation:
Investigators used data analysis to uncover irregularities in the accounting records.
10. Question 10 — Outcome of Ganias case ruling
❌ Ruled in favor of Ganias
❌ Retrial
❌ Dismissed on procedural grounds
✅ Court ruled in favor of prosecution, upholding evidence legality
Explanation:
The Second Circuit reversed the earlier decision and ruled that the evidence retention was lawful.
🧾 Summary Table
| Q | Correct Answer | Key Concept |
|---|---|---|
| 1 | Root cause & improvements | Purpose of post-incident review |
| 2 | Learn from TTPs | Understanding attacker behavior |
| 3 | Temporary quota increase | Traffic overload handling |
| 4 | Miscommunication | Root cause analysis |
| 5 | Minimal data loss | Impact analysis |
| 6 | Handle similar situations | Forensics learning |
| 7 | Privacy & legal boundaries | Ethics in DF |
| 8 | Forensic accounting | Fraud tracing |
| 9 | Data analytics | Fraud detection |
| 10 | Prosecution upheld | Legal precedent |