Intrusion Detection Chapter 4

30 August 2022
4.7 (114 reviews)
26 test answers

Unlock all answers in this set

Unlock answers (22)
question
Incident analysis resources include network diagrams and lists of ____, such as database servers.
answer
critical assets
question
The ____ Department of an organization needs to review the procedures of the CSIRT and understand the steps the CSIRT will perform to ensure it is within legal and ethical guidelines for the municipal, state, and federal jurisdictions.
answer
Legal
question
E-mail spoofing attacks require an immediate response, typically no more than 30 minutes to one hour.
answer
False
question
____ incident responses enables the organization to react to a detected incident quickly and effectively, without confusion or wasted time and effort.
answer
Predefining
question
A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.
answer
after-action review
question
There are several national training programs that focus on incident response tools and techniques
answer
True
question
A recommended practice for the implementation of the physical IR plan is to select a ____ binder.
answer
red
question
The responsibility for creating an organization's IR plan often falls to the ____.
answer
chief information security officer
question
____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.
answer
Forensic analysis
question
In computer-based training settings, trainees receive a seminar presentation at their computers.
answer
False
question
The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. Unlike "capture-the-flag " exercises, this competition is exclusively a real-world ____ competition.
answer
defensive
question
One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.
answer
CSIRT
question
The committees of the CPMT follow a set of general stages to develop their subordinate plans. In the case of incident planning, the first stage is to ____.
answer
form the IR planning committee
question
A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems.
answer
war gaming
question
The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.
answer
anonymously
question
The U.S. National Institute of Standards and Technology defines the incident response life cycle as having four main processes: 1) preparation; 2) detection and analysis; 3) containment, eradication, and recovery; and 4) ____.
answer
post-incident activity
question
The ____ of an organization defines the roles and responsibilities for incident response for the CSIRT and others who will be mobilized in the activation of the plan.
answer
IR policy
question
A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization's information infrastructure for signs of an incident.
answer
IR duty officer
question
The training delivery method with the lowest cost to the organization is ____.
answer
self-study (noncomputerized)
question
A recommended practice for the implementation of the physical IR plan document is to organize the contents so that the first page contains the ____ actions.
answer
"during attack"
question
A recommended practice for implementation of a physical IR plan document is to attach copies of relevant documents such as service agreements for the ISP, telephone, water, gas, etc.
answer
True
question
Organizing the incident response planning process begins with staffing the disaster recovery committee.
answer
False
question
In contingency planning, an adverse event that threatens the security of an organization's information is called a(n) ____.
answer
incident
question
The IR plan is usually ____ when an incident causes minimal damage with little or no disruption to business operations.
answer
activated
question
Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.
answer
reaction force
question
General users require training on the technical details of how to do their jobs securely, including good security practices, ____ management, specialized access controls, and violation reporting.
answer
password