Incident Response: Fundamentals and the IR Lifecycle
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
09 Jun 2026
About this mock
This test covers the foundational concepts of incident response and management as defined by internationally recognised standards and frameworks. Topics include the distinction between a security event and a security incident, the CIA triad (confidentiality, integrity, and availability) as the basis for impact assessment, and the four-phase incident-response lifecycle described in NIST Special Publication 800-61. Questions also address the roles and responsibilities of a Computer Security Incident Response Team (CSIRT), including how team members coordinate detection, containment, eradication, recovery, and post-incident review. Learners working toward careers in digital forensics, security operations, or incident management will find this test a useful benchmark of baseline recall across these core concepts.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 27 questions
NIST Special Publication 800-61 Rev. 2: Computer Security Incident Handling Guide
Section 2.4 - Incident Response Team Structure
- cited in 1 question
NIST Special Publication 800-30 Rev. 1: Guide for Conducting Risk Assessments
Section 2 - Risk fundamentals (threat, vulnerability, risk)
- cited in 1 question
FIRST - Forum of Incident Response and Security Teams (first.org)
About FIRST - mission and activities
- cited in 1 question
FIRST Standards Definitions and Usage Guidance - Traffic Light Protocol (TLP) Version 2.0
TLP labels and sharing boundaries
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Incident Response: Fundamentals and the IR Lifecycle mock cover?+
This test covers the foundational concepts of incident response and management as defined by internationally recognised standards and frameworks. Topics include the distinction between a security event and a security incident, the CIA triad (confidentiality, integrity, and availability) as the basis for impact assessment, and the four-phase incident-response lifecycle described in NIST Special Publication 800-61. Questions also address the roles and responsibilities of a Computer Security Incide
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Free.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Incident Response and Management. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.