Questions 51-100 – Flashcards

Question Companies may want to consider budgeting for contributions to employee loss expenses (such as funerals) as well as for counseling services for employees and loved ones as part of ____.

Question A CPMT should include _____ who can oversee the security planning of the project and provide information on threats, vulnerabilities, and recovery requirements needed in the planning process.

Question Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.

Question ____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.

Question A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization's information infrastructure for signs of an incident.

Question The ____ Department of an organization needs to review the procedures of the CSIRT and understand the steps the CSIRT will perform to ensure it is within legal and ethical guidelines for the municipal, state, and federal jurisdictions.

Question In computer-based training settings, trainees receive a seminar presentation at their computers.

Question A recommended practice for the implementation of the physical IR plan is to select a ____ binder.

Question The committees of the CPMT follow a set of general stages to develop their subordinate plans. In the case of incident planning, the first stage is to ____.

Question One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.

Question A recommended practice for the implementation of the physical IR plan document is to organize the contents so that the first page contains the ____ actions.

Question A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

Question The U.S. National Institute of Standards and Technology defines the incident response life cycle as having four main processes: 1) preparation; 2) detection and analysis; 3) containment, eradication, and recovery; and 4) ____.

Question General users require training on the technical details of how to do their jobs securely, including good security practices, ____ management, specialized access controls, and violation reporting.

Question A recommended practice for implementation of a physical IR plan document is to attach copies of relevant documents such as service agreements for the ISP, telephone, water, gas, etc.

Question The responsibility for creating an organization's IR plan often falls to the ____.

Question The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. Unlike "capture-the-flag " exercises, this competition is exclusively a real-world ____ competition.

Question The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

Question In contingency planning, an adverse event that threatens the security of an organization's information is called a(n) ____.

Question Incident analysis resources include network diagrams and lists of ____, such as database servers.

Question The training delivery method with the lowest cost to the organization is ____.

Question E-mail spoofing attacks require an immediate response, typically no more than 30 minutes to one hour.

Question A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems.

Question There are several national training programs that focus on incident response tools and techniques.

Question Organizing the incident response planning process begins with staffing the disaster recovery committee.

Question ____ incident responses enables the organization to react to a detected incident quickly and effectively, without confusion or wasted time and effort.

Question The IR plan is usually ____ when an incident causes minimal damage with little or no disruption to business operations.

Question The ____ of an organization defines the roles and responsibilities for incident response for the CSIRT and others who will be mobilized in the activation of the plan.

Question Most organizations will find themselves awash in incident candidates at one time or another, and the vast majority will be ____.

Question The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.

Question A(n) ____ is a sign that an activity now occurring may signal an incident that could occur in the future.

Question The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

Question In the event that a definite indicator is recognized, the corresponding ____ must be activated immediately.

Question A(n) ____ is any system resource that is placed onto a functional system but has no normal use for that system. If it attracts attention, it is from unauthorized access and will trigger a notification or response.

Question To help make the detection of actual incidents more reliable, there are three broad categories of incident indicators that have been identified: possible, probable, and definite.

Question ____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.

Question The Windows Task Manager can be used to seek out Trojan programs on Microsoft Windows computers.

Question A ____ rootkit is one that becomes a part of the system bootstrap process and is loaded every time the system boots.

Question The ____ of a hub, switch or other networking device is a specially configured connection that is capable of viewing all the traffic that moves through the entire device.

Question If an intruder can ____ a device, then no electronic protection can deter the loss of information.

Question The task of monitoring file systems for unauthorized change is best performed by using a(n) ____.

Question Most modern antivirus/anti-malware utilities cannot detect rootkits.

Question The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____.

Question The process of evaluating the circumstances around organizational events includes determining which adverse events are possible incidents, or ____.

Question In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on that network.

Question The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place.

Question A(n) ____ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization.

Question Many attacks come through ports and then attack legitimate processes to allow themselves access or to conduct subsequent attacks.

Question According to the NIST definition of an event as "any observable occurrence in a system or network," all events are computer or network oriented.

Question New systems can respond to an incident threat autonomously, based on preconfigured options that go beyond simple defensive actions usually associated with IDPS and IPS systems. These systems, referred to as ____, use a combination of resources to detect an intrusion and then to trace the intrusion back to its source.