Graded Quiz: Incident Response: Incident Response :Incident Response and Digital Forensics (IBM Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1 — Primary focus of an IRP
-
❌ Document previous incidents
-
❌ Hiring procedures
-
✅ Outlining effective responses to security incidents
-
❌ User conduct policies
Explanation:
An IRP’s core goal is to define clear, actionable steps for responding to incidents.
2. Question 2 — Why senior management approval is vital
-
❌ Helps with low-risk decisions
-
✅ Demonstrates commitment & secures necessary resources
-
❌ Solely for compliance
-
❌ Guarantees training budget
Explanation:
Management approval legitimizes the IR program and ensures funding, authority, and support.
3. Question 3 — Benefit of IR training
-
✅ Ensures team members understand roles & responsibilities
-
❌ Helps complete reports
-
❌ Only for new hires
-
❌ Removes need for IR plan
Explanation:
Training prepares staff to respond quickly and correctly.
4. Question 4 — Most critical communication tool
-
❌ Landline
-
❌ Pager
-
✅ Smartphones
-
❌ Fax
Explanation:
Smartphones provide email, chat, calls, conferencing, and access to IR platforms.
5. Question 5 — When to establish baseline security & prepare team
-
❌ During incident
-
❌ After incident
-
✅ Before an incident
-
❌ None
Explanation:
Preparation happens before incidents via planning, training, and baselining.
6. Question 6 — First action after detecting an incident
-
✅ Assess the nature and scope of the incident
-
❌ Notify all employees
-
❌ Implement new measures
-
❌ Financial audit
Explanation:
Confirmation and scoping are the first steps before other actions.
7. Question 7 — Action after identifying unusual workstation behavior
-
❌ Notify user
-
✅ Implement short-term containment
-
❌ Reboot
-
❌ Disconnect internet
Explanation:
Immediate containment limits spread while preserving evidence.
8. Question 8 — Minor failure quickly resolved =
-
❌ No impact
-
❌ High
-
❌ Medium
-
✅ Low impact
Explanation:
Low impact = minor disruption with quick recovery.
9. Question 9 — Why create backups during containment
-
❌ Delete files
-
✅ Preserve forensic evidence & ensure data restoration
-
❌ Speed recovery
-
❌ Prevent unauthorized access
Explanation:
Backups allow evidence preservation and safe rollback.
10. Question 10 — Importance of incident tracking
-
❌ Only provides end report
-
❌ Eliminates communication
-
✅ Helps manage & coordinate response efforts
-
❌ Ignore timeline
Explanation:
Tracking ensures organization, accountability, and accurate documentation.
🧾 Summary Table
| Q | Correct Answer | Key Concept |
|---|---|---|
| 1 | Effective incident response | IRP purpose |
| 2 | Management commitment & resources | IR governance |
| 3 | Roles clarity | IR training |
| 4 | Smartphones | Communication |
| 5 | Before incident | Preparation phase |
| 6 | Assess scope | First IR step |
| 7 | Short-term containment | Immediate action |
| 8 | Low impact | Minimal disruption |
| 9 | Preserve evidence & restore data | Backups |
| 10 | Coordination & management | Tracking |