nerdexam
Cisco

210-255 · Question #136

Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?

The correct answer is A. internal CSIRT. An internal CSIRT provides incident handling services exclusively to its own parent organization, such as a bank, university, or federal agency.

Security Policies and Procedures

Question

Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?

Options

  • Ainternal CSIRT
  • Bnational CSIRT
  • Ccoordination centers
  • Danalysis centers
  • Evendor teams
  • Fincident response providers

How the community answered

(25 responses)
  • A
    88% (22)
  • C
    4% (1)
  • D
    4% (1)
  • F
    4% (1)

Why each option

An internal CSIRT provides incident handling services exclusively to its own parent organization, such as a bank, university, or federal agency.

Ainternal CSIRTCorrect

An internal CSIRT - also called an organizational CSIRT - is established within and serves only the parent organization to which it belongs, handling incidents that affect that organization's systems, networks, and data. It operates under the authority and funding of the parent organization and is staffed by its own personnel. This model is used by corporations, universities, and government agencies to manage their IR capabilities entirely in-house.

Bnational CSIRT

A national CSIRT serves as the primary IR point of contact for an entire country, not a single parent organization.

Ccoordination centers

Coordination centers coordinate IR activities and information sharing across multiple organizations or sectors rather than directly handling incidents for one parent organization.

Danalysis centers

Analysis centers focus on synthesizing data from many sources to identify trends and attack patterns, not on providing direct incident handling to a specific organization.

Evendor teams

Vendor teams handle vulnerability disclosures and incidents related to their own commercial products and services, not internal incidents within a specific parent organization.

Fincident response providers

Incident response providers are commercial entities that sell IR services to multiple paying clients, meaning they do not belong to or exclusively serve a single parent organization.

Concept tested: CSIRT types and organizational constituency scope

Source: https://www.sei.cmu.edu/education-outreach/computer-security-incident-response-teams/national-csirts/

Topics

#CSIRT#internal CSIRT#incident response#organizational security

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice