Incident Response Sample Question

Incident Response Process
You are the CISO of a multinational trading company. Your company implements a large scale web site selling products to global consumers. A network intrusion detection system (IDS) is implemented to detect abnormal traffic and potential attacks. Your incident response (IR) team receives a report from users that the web site is not available and shows HTTP error 404. An IR team member suspects that it’s a distributed denial of service (DDOS) attack, but the IDS didn’t trigger any alert. What action should the IR team take FIRST?
A. Document the incident in the incident management system.
B. Inform and ask the contracted internet service provider to mitigate the DDOS traffic
C. Analyze the incident report from the end user and notify the senior management
D. Ask for more details from the end user to realize the real situation

4 thoughts on “Incident Response Sample Question

  1. I would ask for more information about web server’s status to confirm if it’s a DoS attack or not. Generally, IDS technologies an not always detect Dos attacks.

  2. I would ask for more information about web server’s status and incoming WAN traffic(Internet) statistics to confirm if it’s a DoS attack or not. Generally, IDS technologies don’t always detect DoS attacks.

Leave a Reply