Test 3

Post Test #3
Escalation time periods, as a function of criticality, are often represented in the form of
what type of agreement?
Select one:
a. MOU
b. SLA
c. MOA
d. ISA
Question 2
Correct
1.00 points out of 1.00
Flag question
Question text
Cyber event false alarms and non-security alerts could include which of the following?
Select one:
a. Human or operational errors
b. Detection
c. Testing
d. All of the above
Question 3
Incorrect
Flag question
Question text
Agentless SIEM tools hold the following advantage over Agent-based SIEM tools:
Select one:
a. The lack of filtering and aggregation at the individual server level causes larger
amounts of data to be transferred over networks.

b. They analyze the data from different log sources, correlate events, identify and
prioritize significant events, and initiate responses to events.
c. All logs go to a common format such as syslog.
d. Installation and configuration control on the clients is not an issue.
Question 4
Correct
Flag question
Question text
In regard to IT system components, event monitoring and detection are applied to
networks, operating systems, and ________.
Select one:
a. Applications
b. Computer operators
c. Browsers
d. Search engines
Question 5
Incorrect
Flag question
Question text
Which of the following is NOT involved with a security incident's overall effect?
Select one:
a. Current technical effect
b. The criticality of the system(s)
c. Which resources are affected
d. Future technical effect
Question 6
Incorrect
Flag question
Question text
Which law or regulation requires financial institutions to protect their customers'
information via cyber log management?
Select one:
a. GLBA
b. FISMA
c. HIPPA
d. PCI
Question 7
Correct
Flag question
Question text
Types of cyber event false alarms and non-security alerts would include which of the
following?
Select one:
a. Inaccurate reports
b. Detection
c. Both inaccurate reports and detection
d. None of the above
Question 8
Incorrect
Flag question
Question text
Profiling systems involves _________.
Select one:
a. Packet sniffing
b. File integrity checksums
c. Reviewing logs
d. Synchronizing host clocks
Question 9
Correct
Flag question
Question text
What is an incident precursor?
Select one:
a. A sign that an incident may occur in the future
b. A sign that an incident is occurring now
c. A sign that an incident may have occurred
d. A symptom of an imminent shutdown
Question 10
Correct
Flag question
Question text
To what components of an overall IT system are event monitoring and detection
applied? (Choose the BEST answer)
Select one:
a. Server and client operating systems
b. Local and wide area network components
c. Databases and web servers
d. Networks, operating systems, and application software
Question 11
Correct
Flag question
Question text
What are the two types of cyber event log management tools?
Select one:
a. Network and operating system
b. Automated log management, and security information and event management
(SIEM)
c. System software and application software
d. Batch and real time
Question 12
Incorrect
Flag question
Question text
In determining scope and characteristics, the cyber incident response team should
examine logs and alerts, as well as look for ________.
Select one:
a. The intruder who initiated the event
b. Cause and effect
c. Missing logs and alerts
d. Anything suspicious
Question 13
Correct
Flag question
Question text
Which of the following activities is NOT part of the investigation activities for incident
analysis?
Select one:
a. Synchronizing server clocks
b. Performing event correlation
c. Using packet sniffers on networks
d. Using Internet search engines for research
Question 14
Correct
Flag question
Question text
"Criticality" is considered ________ in a system that is mission critical to multiple
agencies or critical infrastructure.
Select one:
a. Medium
b. Low
c. Critical
d. High
Question 15
Correct
Flag question
Question text
Initial incident data should be obtained by the organization's ________ and ________.
Select one:
a. IT and MIS
b. Director and VP
c. Help desk and FIRE
d. Help desk and CSIRT
Question 16
Correct
Flag question
Question text
Regarding a suspected incident, information should be collected about the reporter
(caller), the event(s), the ________, and the systems involved.
Select one:
a. Security Information and Event Management (SIEM) records
b. Risk scenarios
c. Diagnostic matrix
d. Actions taken so far
Question 17
Correct
Flag question
Question text
Event ________ is used to relate events reported by different subsystems and possibly
occurring at different times and on different systems.
Select one:
a. Discovery
b. Correlation
c. Containment
d. Mitigation
Question 18
Correct
Flag question
Question text
Which of the following are primary sources for cyber logs and alerts?
Select one:
a. Intrusion detection devices, operating systems, application programs, anti-malware
software, and networking equipment
b. Modems and other communication devices
c. Disk backup systems
d. Accounting software
Question 19
Correct
Flag question
Question text
What type of service represents an outsourcing of the CSIRT function?
Select one:
a. Business continuity provider
b. Managed security provider
c. Internet service provider
d. Application service provider
Question 20
Correct
Flag question
Question text
Which one of the following is NOT a typical automation method for cyber incident
management?
Select one:
a. Software tools installed and managed by the organization
b. Removable hard drive units
c. Managed security service providers
d. Problem resolution services
Question 21
Incorrect
Flag question
Question text
A cyber incident response SLA matrix sets escalation times in relation to ________ and
________.
Select one:
a. Incident type / number of users
b. Response times / incident type
c. Impacts / number of users
d. Impact / criticality

Test 3

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Test 3

Hochgeladen von

Copyright:

Verfügbare Formate

Post Test #3

d. All of the above

amounts of data to be transferred over networks.

prioritize significant events, and initiate responses to events.

c. All logs go to a common format such as syslog.

d. Installation and configuration control on the clients is not an issue.

b. The criticality of the system(s)

c. Which resources are affected

d. Future technical effect

c. Both inaccurate reports and detection

d. None of the above

d. Synchronizing host clocks

b. A sign that an incident is occurring now

c. A sign that an incident may have occurred

d. A symptom of an imminent shutdown

b. Local and wide area network components

c. Databases and web servers

d. Networks, operating systems, and application software

b. Automated log management, and security information and event management

c. System software and application software

d. Batch and real time

b. Cause and effect

c. Missing logs and alerts

b. Performing event correlation

c. Using packet sniffers on networks

d. Using Internet search engines for research

c. Help desk and FIRE

d. Help desk and CSIRT

d. Actions taken so far

software, and networking equipment

b. Modems and other communication devices

c. Disk backup systems

c. Internet service provider

d. Application service provider

b. Removable hard drive units

c. Managed security service providers

d. Problem resolution services

b. Response times / incident type

c. Impacts / number of users

Das könnte Ihnen auch gefallen