CISSP PRACTICE QUESTIONS – 20190422

Posted on by
Incident Response Process
You are the CISO of a multinational trading company. Your company implements a large scale web site selling products to global consumers. A network intrusion detection system (IDS) is implemented to detect abnormal traffic and potential attacks. Your incident response (IR) team receives a report from users that the web site is not available and shows HTTP error 404. An IR team member suspects that it’s a distributed denial of service (DDOS) attack, but the IDS didn’t trigger any alert. What action should the IR team take FIRST?
A. Document the incident in the incident management system.
B. Inform and ask the contracted internet service provider to mitigate the DDOS traffic
C. Analyze the incident report from the end user and notify the senior management
D. Ask for more details from the end user to realize the real situation

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Ask for more details from the end user to realize the real situation.

4 thoughts on “CISSP PRACTICE QUESTIONS – 20190422

  1. I would ask for more information about web server’s status to confirm if it’s a DoS attack or not. Generally, IDS technologies an not always detect Dos attacks.

    Reply

  2. I would ask for more information about web server’s status and incoming WAN traffic(Internet) statistics to confirm if it’s a DoS attack or not. Generally, IDS technologies don’t always detect DoS attacks.

    Reply

Leave a Reply