CPA Exam Lab
Section 2: 35–45%I10

Incident Response and Security Monitoring

Exam Insight

When a breach occurs, the exam expects you to know the incident response lifecycle in order and to recognize the monitoring tools that detect events. Understanding logging, SIEM, IDS/IPS, forensics, chain of custody, and breach notification ties the whole security program together.

CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.

What AICPA Wants You to Know

  • 1List the phases of the incident response lifecycle in order.
  • 2Explain the role of logging and centralized monitoring.
  • 3Describe what a SIEM does and how it aids detection.
  • 4Distinguish an IDS from an IPS.
  • 5Explain digital forensics and the importance of chain of custody.
  • 6Summarize breach notification obligations at a high level.