Question 1:
(10 marks]
A user in your organisation has reported that their email account has been hacked, and
unauthorised Eimailshave been sent from their account.
(a) What steps do you take to investigate the incident?
(b) How do you prevent similar attacks from occurring in the future?
Question 2:
(10 marks]
Your organisation is preparing to implement a new security information and event management
(SIEM) system.
(a) What factors should be considered when selecting a SIEM solution?
(b) What steps should be taken to ensure a successful implementation?
Question 3:
(10 marks]
A vendor has notified your organisation that a hardware vulnerability exists in one of the servers
you use.
(a) What steps do you take to patch the vulnerability and prevent exploitation by attackers?
Question 4:
(10 marks]
A user in your organisation has reported that they have received a suspiciousemail attachment.
(a) What steps do you take to investigate the attachment?
(b) How do you prevent similar attacks from occurring in the future?
Question 5:
[10 marks]
A security researcher has identified a vulnerability in one of your organisation's applications.
(a) What steps do you take to verify the vulnerability and remediate the issue?
Question 6:
[10 marks]
A user in your organisation has reported that they have received a threatening email from an
unknown sender.
(a) What steps do you take to investigate the email?
(b) How do you protect the user from further threats?
Page 2