Skip to main content
Workforce LibreTexts

9.5: Assessment

  • Page ID
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    \( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)

    ( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\id}{\mathrm{id}}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\kernel}{\mathrm{null}\,}\)

    \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\)

    \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\)

    \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    \( \newcommand{\vectorA}[1]{\vec{#1}}      % arrow\)

    \( \newcommand{\vectorAt}[1]{\vec{\text{#1}}}      % arrow\)

    \( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vectorC}[1]{\textbf{#1}} \)

    \( \newcommand{\vectorD}[1]{\overrightarrow{#1}} \)

    \( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}} \)

    \( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)

    \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    Multiple Choice

    Identify the choice that best completes the statement or answers the question.

    ____ 1. Which of the following is not a common type of incident in a SCADA/ICS?

    a. Unauthorized access to system controls c. Vendor goes out of business and can no longer supply critical components
    b. A worm infects a network at a nuclear power plant d. Vendor improperly performs a security assessment, resulting in loss of system availability


    ____ 2. In which phase of NIST’s SP 800-61 would organizations prioritize response to multiple threat actions?

    a. Preparation c. Containment Eradication and Recovery
    b. Detection and Analysis d. Post-Incident Activity




    Match each core capability of the National Response Framework with its objective.

    A. Planning H. Mass Care Services
    B. Public Information and Warning I. Mass Search and Rescue Operations
    C. Operational Coordination J. On-Scene Security and Protection
    D. Critical Transportation K. Operational Communications
    E. Environmental Response/Health and Safety L. Public and Private Services and Resources
    F. Fatality Management Services M. Public Health and Medical Services
    G. Infrastructure Systems N. Situational Assessment

    ____ 3. Ensure the availability of guidance and resources

    ____ 4. Relay information on threats and hazards

    ____ 5. Provide life-sustaining services, including food and shelter

    ____ 6. Provide communications

    ____ 7. Establish and maintain an operational structure and process

    ____ 8. Provide decision-makers with information

    ____ 9. Deliver search and rescue operations

    ____ 10. Provide transportation for response

    ____ 11. Provide essential services

    ____ 12. Engage the community to develop response approaches

    ____ 13. Provide lifesaving medical treatment

    ____ 14. Stabilize infrastructure

    ____ 15. Provide law enforcement and security

    ____ 16. Body recovery and victim identification services

    Match the following sections of the ICS Cyber Incident Response Plan with their contents.

    A. Overview, Goals, and Objectives F. Response Actions
    B. Incident Description G. Communications
    C. Incident Detection H. Forensics
    D. Incident Notification I. Additional Sections
    E. Incident Analysis

    ____ 17. Includes media contacts

    ____ 18. Incident type classification

    ____ 19. Addresses how an incident is prioritized and escalated

    ____ 20. Addresses how to evaluate and analyze an incident

    ____ 21. Other stuff

    ____ 22. Discusses business objectives

    ____ 23. The process for collecting, examining, and analyzing incident data, with an eye to legal action

    ____ 24. Defines the procedures used for each type of incident

    ____ 25. Describes how an incident is identified and reported


    Short Answer

    26. Define incident containment and provide an example of how it would be applied to an incident.



    27. Discuss how the response strategy for an incident that was sourced from within the organization would differ from one sourced from outside of the organization.




    For the answers to these questions, email your name, the name of your college or other institution, and your position there CyberWatch West will email you a copy of the answer key.

    9.5: Assessment is shared under a CC BY license and was authored, remixed, and/or curated by LibreTexts.

    • Was this article helpful?