61.
Which one of the following is an example of a computer
security incident?
- A.User accesses a secure file
- B.Administrator changes a file’s permission settings
- C.Intruder breaks into a building
- D.Former employee crashes a server
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| A former employee crashing a server is an example of a computer security incident because it is an actual violation of the availability of that system. An intruder breaking into a building may be a security event, but it is not necessarily a computer security event unless he or she performs some action affecting a computer system. A user accessing a secure file and an administrator changing a file permission settings are examples of security events but are not security incidents. |
62.
During what phase of the incident response process would an
organization implement defenses designed to reduce the
likelihood of a security incident?
- A.Preparation
- B.Detection and analysis
- C.Containment, eradication, and recovery
- D.Post-incident activity
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Organizations should build solid, defense-in-depth approaches to cybersecurity during the preparation phase of the incident response process. The controls built during this phase serve to reduce the likelihood and impact of future incidents. |
63.
Alan is responsible for developing his organization’s
detection and analysis capabilities. He would like to purchase a
system that can combine log records from multiple sources to
detect potential security incidents. What type of system is best
suited to meet Alan’s security objective?
- A.IPS
- B.IDS
- C.SIEM
- D.Firewall
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| A security information and event management (SIEM) system correlates log entries from multiple sources and attempts to identify potential security incidents. |
64.
Ben is working to classify the functional impact of an
incident. The incident has disabled email service for
approximately 30 percent of his organization’s staff. How
should Ben classify the functional impact of this incident
according to the NIST scale?
- A.None
- B.Low
- C.Medium
- D.High
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The definition of a medium functional impact is that the organization has lost the ability to provide a critical service to a subset of system users. That accurately describes the situation that Ben finds himself in. Assigning a low functional impact is only done when the organization can provide all critical services to all users at diminished efficiency. Assigning a high functional impact is only done if a critical service is not available to all users. |
65.
What phase of the incident response process would include
measures designed to limit the damage caused by an ongoing
breach?
- A.Preparation
- B.Detection and analysis
- C.Containment, eradication, and recovery
- D.Post-incident activity
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The containment protocols contained in the containment, eradication, and recovery phases are designed to limit the damage caused by an ongoing security incident. |
|
|
||||||||||||||||||||||||||||
