Sign in to save

Bookmark this page so you can find it later.

Sign in to save

Bookmark this page so you can find it later.

Computer Science Grade 9-12

Computer Science: Cybersecurity Incident Response Plan

Planning, documenting, and improving a response to cyber incidents

View Answer Key

Practice identifying the parts of a cybersecurity incident response plan, making response decisions, and improving procedures after an incident.

Read each scenario carefully. Answer in complete sentences and show your reasoning where appropriate.

Name:
Date:
Score: / 15

Planning, documenting, and improving a response to cyber incidents

Computer Science - Grade 9-12

Instructions: Read each scenario carefully. Answer in complete sentences and show your reasoning where appropriate.
  1. 1
    Circular six-step cybersecurity incident response lifecycle with phase icons.

    List the six common phases of a cybersecurity incident response plan and briefly explain the purpose of each phase.

  2. 2
    Laptop screen showing a lock symbol representing ransomware and locked files.

    A student reports that a school laptop suddenly displays a message demanding payment to unlock files. Which incident response phase begins first after the report, and what should the response team do during that phase?

  3. 3

    Explain the difference between containment and eradication in an incident response plan.

  4. 4

    A company detects that one employee account is sending suspicious emails to hundreds of contacts. Write two immediate containment actions the company should take.

  5. 5
    Sequence of login, password change, and mass email events suggesting account compromise.

    Read the event log summary: 8:05 a.m. login from the employee's city, 8:10 a.m. failed login attempts from another country, 8:12 a.m. successful login from that country, 8:15 a.m. password changed, 8:18 a.m. mass email sent. Identify the most likely incident and explain your evidence.

  6. 6

    Why should an incident response plan define roles such as incident commander, technical lead, communications lead, and legal or compliance contact?

  7. 7

    A school server may have been hacked. Write three pieces of information that should be included in the first incident ticket or report.

  8. 8

    Choose the better communication message for students and explain why it is better. Message A: There was a huge hack and everything may be unsafe. Message B: We are investigating a security issue affecting the student portal. Please do not reset passwords until further notice, and we will provide an update by 3:00 p.m.

  9. 9
    Forensic evidence preservation shown by copying a computer drive before wiping.

    During an incident, why is it important to preserve evidence before wiping a computer or reinstalling software?

  10. 10

    A web application was attacked through an unpatched vulnerability. Give one eradication action and one recovery action for this incident.

  11. 11

    The table shows possible incidents: phishing email, lost phone with school email access, malware on a lab computer, and leaked database password. For each incident, name one containment action.

  12. 12

    Explain what a severity level is in an incident response plan. Give an example of a low-severity incident and a high-severity incident.

  13. 13
    Backup verification before restoring a ransomware-infected computer.

    A backup is available after a ransomware attack, but it was last made three weeks ago. What should the response team check before restoring from the backup?

  14. 14

    Create a short checklist of five actions that should be completed during the preparation phase of an incident response plan.

  15. 15

    After a data breach, the team holds a lessons learned meeting. Write three questions the team should ask and explain how the answers can improve the incident response plan.

LivePhysics™.com Computer Science - Grade 9-12

More Computer Science Worksheets

See all Computer Science worksheets

More Grade 9-12 Worksheets

See all Grade 9-12 worksheets