An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization's incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?

A. High level incident

B. Middle level incident

C. Ultra-High level incident

D. Low level incident

The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and G.

A. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager

B. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager

C. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-Incident Analyst, G-Public relations

D. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F- Constituency, G-Incident Coordinator

Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

A. Cookie tracker

B. Worm

C. Trojan

D. Virus

One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According to CERT's incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process improvement mechanisms?

A. Protection

B. Preparation

C. Detection

D. Triage

Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance, tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

A. Correlating known patterns of suspicious and malicious behavior

B. Protecting computer systems by implementing proper controls

C. Making is compulsory for employees to sign a none disclosure agreement

D. Categorizing information according to its sensitivity and access rights

Based on the some statistics; what is the typical number one top incident?

A. Phishing

B. Policy violation

C. Un-authorized access

D. Malware

Which of the following is a characteristic of adware?

A. Gathering information

B. Displaying popups

C. Intimidating users

D. Replicating

A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself, spreads through the infected network automatically and takes advantage of file or information transport features on the system to travel independently is called:

A. Trojan

B. Worm

C. Virus

D. RootKit

A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

A. Decrease in network usage

B. Established connection attempts targeted at the vulnerable services

C. System becomes instable or crashes

D. All the above

The main difference between viruses and worms is:

A. Worms require a host file to propagate while viruses don't

B. Viruses require a host file to propagate while Worms don't

C. Viruses don't require user interaction; they are self-replicating malware

D. Viruses and worms are common names for the same malware