1. This is a closed-book, closed-notes quiz. No reference material (including assignments and labs) will be permitted for use during the quiz session.
2. The quiz contains the following types of questions:
Short essay type
3. Place your answers in the space immediately following each question.
1. What is the purpose of a CIRT plan? Describe what this plan does and what other plan it ties into.
The purpose of a CIRT plan is to document and outline an organizations response to computer incidents, identify potential incidents, and best responses to mitigate damages. It is similar to the purpose of DRP.
2. Describe what the three models are for a CIRT plan based on the NIST SP 800-61 template.
Three models you can use for a CIRT according to the NIST SP 800-61 are central incident response team, distributed incident response team, and coordinating team.
•Central response team- a company in single location uses a single team who will respond to every incident. With this responsibility they have remote access to every system.
•Distributed team- there can be multiple teams due to major computing facilities in multiple locations. They are normally centrally located and are managed from a central location which could be a home office for a company or one location that can manage everything.
•Coordinating team- senior personnel who provide advice to other teams.
3. Define three of the responsibilities that an Incident Response Team would have. List them and describe the responsibilities.
Develop incident response procedures – Procedures of how they will respond to any types of incidents.
Investigate incidents- If an incident occurs they are responsible for determining the priority and impact of the incident.
Determine cause of incidents – Understanding what caused the incident which will better help determine the best response of this incident
4. As much as 80% of all incidents are a result of internal