Question 1

1 out of 1 points
A CSIRT model that is effective for large organizations and for organizations with major
computing resources at distant locations is the ____.
Selected Answer:
Correct distributed CSIRT
Correct Answer:
Correct distributed CSIRT
Question 2
0 out of 1 points
The first group to communicate the CSIRTs vision and operational plan is the managerial team
or individual serving as the ____.
Selected Answer:
Incorrect technical lead
Correct Answer:
Correct champion
Question 3
1 out of 1 points
Those services performed in response to a request or a defined event such as a help desk alert are
called ____.
Selected Answer:
Correct reactive services
Correct Answer:

Correct reactive services

Question 4
1 out of 1 points
One way to build and maintain staff skills is to develop incident-handling ____ and have the
team members discuss how they would handle them.
Selected Answer:
Correct scenarios
Correct Answer:
Correct scenarios
Question 5
1 out of 1 points
Giving the IR team the responsibility for ____ is generally not recommended.
Selected Answer:
Correct patch management
Correct Answer:
Correct patch management
Question 6
1 out of 1 points
When an organization completely outsources its IR work, typically to an on-site contractor, it is
called a(n) ____ model.
Selected Answer:
Correct fully outsourced
Correct Answer:

Correct fully outsourced

Question 7
1 out of 1 points
The focus during a(n) ____ is on learning what worked, what didnt, and where communications
and response procedures may have failed.
Selected Answer:
Correct after action review
Correct Answer:
Correct after action review
Question 8
0 out of 1 points
Those services undertaken to prepare the organization or the CSIRT constituents to protect and
secure systems in anticipation of problems, attacks, or other events are called ____.
Selected Answer:
Incorrect reactive services
Correct Answer:
Correct proactive services
Question 9
1 out of 1 points
____ are closely monitored network decoys serving that can distract adversaries from more
valuable machines on a network; can provide early warning about new attack and exploitation
trends; and can allow in-depth examination of adversaries during and after exploitation.
Selected Answer:

Correct Honeypots
Correct Answer:
Correct Honeypots
Question 10
1 out of 1 points
Using a process known as ____, network-based IDPSs look for attack patterns by comparing
measured activity to known signatures in their knowledge base to determine whether or not an
attack has occurred or may be under way.
Selected Answer:
Correct signature matching
Correct Answer:
Correct signature matching
Question 11
1 out of 1 points
In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to
inject false information to corrupt the servers answers to routine DNS queries from other
systems on that network.
Selected Answer:
Correct DNS cache poisoning
Correct Answer:
Correct DNS cache poisoning
Question 12
1 out of 1 points

The use of IDPS sensors and analysis systems can be quite complex. One very common
approach is to use an open source software program called ____ running on an open source
UNIX or Linux system that can be managed and queried from a desktop computer using a client
interface.
Selected Answer:
Correct Snort
Correct Answer:
Correct Snort
Question 13
1 out of 1 points
The ____ approach for detecting intrusions is based on the frequency with which certain network
activities take place.
Selected Answer:
Correct anomaly-based IDPS
Correct Answer:
Correct anomaly-based IDPS
Question 14
1 out of 1 points
A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by
servers, network devices, and even other IDPSs.
Selected Answer:
Correct log file monitor
Correct Answer:

Correct log file monitor

Question 15
1 out of 1 points
The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic
data relating to communications.
Selected Answer:
Correct Pen/Trap Statute
Correct Answer:
Correct Pen/Trap Statute
Question 16
1 out of 1 points
A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions
taken by a client.
Selected Answer:
Correct statement of indemnification
Correct Answer:
Correct statement of indemnification
Question 17
1 out of 1 points
A ____ is an agency that provides physical facilities in the event of a disaster for a fee.
Selected Answer:
Correct service bureau
Correct Answer:

Correct service bureau

Question 18
1 out of 1 points
A potential disadvantage of a ____ site-resumption strategy is that more than one organization
might need the facility simultaneously.
Selected Answer:
Correct time-share
Correct Answer:
Correct time-share
Question 19
1 out of 1 points
An organization aggregates all local backups to a central repository and then backs up that
repository to an online vendor, with a ____ backup strategy.
Selected Answer:
Correct disk-to-disk-to-cloud
Correct Answer:
Correct disk-to-disk-to-cloud
Question 20
1 out of 1 points
A(n) ____ is an extension of an organizations intranet into cloud computing.
Selected Answer:
Correct private cloud
Correct Answer:

Correct private cloud

Question 21
1 out of 1 points
A ____ is a synonym for a virtualization application.
Selected Answer:
Correct hypervisor
Correct Answer:
Correct hypervisor
Question 22
1 out of 1 points
____ uses a number of hard drives to store information across multiple drive units.
Selected Answer:
Correct RAID
Correct Answer:
Correct RAID
Question 23
1 out of 1 points
A resumption location known as a ____ is a fully configured computer facility capable of
establishing operations at a moments notice.
Selected Answer:
Correct hot site
Correct Answer:
Correct hot site

Question 24
1 out of 1 points
Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead
of, performing backups of data.
Selected Answer:
Correct robustness
Correct Answer:
Correct robustness
Question 25
1 out of 1 points
The ____ is used to collect information directly from the end users and business managers.
Selected Answer:
Correct facilitated data-gathering session
Correct Answer:
Correct facilitated data-gathering session
Question 26
1 out of 1 points
The purpose of the ____ is to define the scope of the CP operations and establish managerial
intent with regard to timetables for response to incidents, recovery from disasters, and
reestablishment of operations for continuity.
Selected Answer:
Correct contingency planning policy
Correct Answer:

Correct contingency planning policy

Question 27
1 out of 1 points
To a large extent, incident response capabilities are part of a normal IT budget. The only area in
which additional budgeting is absolutely required for incident response is the maintenance of
____.
Selected Answer:
Correct redundant equipment
Correct Answer:
Correct redundant equipment
Question 28
0 out of 1 points
An manual alternative to the normal way of accomplishing an IT task might be employed in the
event that IT is unavailable. This is called a ____.
Selected Answer:
Incorrect business disruption experience
Correct Answer:
Correct work-around procedure
Question 29
1 out of 1 points
What is a common approach used in the discipline of systems analysis and design to understand
the ways systems operate and to chart process flows and interdependency studies?
Selected Answer:

Correct systems diagramming

Correct Answer:
Correct systems diagramming
Question 30
1 out of 1 points
Which of the following collects and provides reports on failed login attempts, probes, scans,
denial-of-service attacks, and detected malware?
Selected Answer:
Correct system logs
Correct Answer:
Correct system logs
Question 31
1 out of 1 points
The last stage of a business impact analysis is prioritizing the resources associated with the ____,
which brings a better understanding of what must be recovered first.
Selected Answer:
Correct mission/business processes
Correct Answer:
Correct mission/business processes
Question 32
1 out of 1 points
The final component to the CPMT planning process is to deal with ____.
Selected Answer:

Correct budgeting for contingency operations

Correct Answer:
Correct budgeting for contingency operations
Question 33
1 out of 1 points
The ____ job functions and organizational roles focus on protecting the organizations
information systems and stored information from attacks.
Selected Answer:
Correct information security management and professionals
Correct Answer:
Correct information security management and professionals
Question 34
1 out of 1 points
A(n) ____ is a detailed examination of the events that occurred, from first detection of an
incident to final recovery.
Selected Answer:
Correct after-action review
Correct Answer:
Correct after-action review
Question 35
1 out of 1 points
Incident analysis resources include network diagrams and lists of ____, such as database servers.
Selected Answer:

Correct critical assets

Correct Answer:
Correct critical assets
Question 36
1 out of 1 points
The U.S. National Institute of Standards and Technology recommends a set of tools for the
CSIRT including incident reporting mechanisms with which users can report suspected incidents.
At least one of these mechanisms should permit people to report incidents ____.
Selected Answer:
Correct anonymously
Correct Answer:
Correct anonymously
Question 37
1 out of 1 points
A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the
responsibilities of the team leader in scanning the organizations information infrastructure for
signs of an incident.
Selected Answer:
Correct IR duty officer
Correct Answer:
Correct IR duty officer
Question 38
1 out of 1 points

____ is the process of systematically examining information assets for evidentiary material that
can provide insight into how an incident transpired.
Selected Answer:
Correct Forensics analysis
Correct Answer:
Correct Forensics analysis
Question 39
1 out of 1 points
A favorite pastime of information security professionals is ____, which is a simulation of attack
and defense activities using realistic networks and information systems.
Selected Answer:
Correct war gaming
Correct Answer:
Correct war gaming
Question 40
1 out of 1 points
Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill
sets as necessary to attempt to contain and terminate the incident. The resulting team is called the
____ for this particular incident.
Selected Answer:
Correct reaction force
Correct Answer:
Correct reaction force

Question 41
1 out of 1 points
General users require training on the technical details of how to do their jobs securely, including
good security practices, ____ management, specialized access controls, and violation reporting.
Selected Answer:
Correct password
Correct Answer:
Correct password
Question 42
1 out of 1 points
The ____ illustrates the most critical characteristics of information and has been the industry
standard for computer security since the development of the mainframe.
Selected Answer:
Correct C.I.A. triangle
Correct Answer:
Correct C.I.A. triangle
Question 43
1 out of 1 points
____ assigns a risk rating or score to each information asset. Although this number does not
mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable
information asset and facilitates the development of comparative ratings later in the risk control
process.
Selected Answer:

Correct Risk assessment

Correct Answer:
Correct Risk assessment
Question 44
1 out of 1 points
A ____ deals with the preparation for and recovery from a disaster, whether natural or manmade.
Selected Answer:
Correct disaster recovery plan
Correct Answer:
Correct disaster recovery plan
Question 45
1 out of 1 points
A(n) ____ is any clearly identified attack on the organizations information assets that would
threaten the assets confidentiality, integrity, or availability.
Selected Answer:
Correct incident
Correct Answer:
Correct incident
Question 46
1 out of 1 points

A ____ is a document that describes how, in the event of a disaster, critical business functions
continue at an alternate location while the organization recovers its ability to function at the
primary site.
Selected Answer:
Correct business continuity plan
Correct Answer:
Correct business continuity plan
Question 47
1 out of 1 points
A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.
Selected Answer:
Correct threat
Correct Answer:
Correct threat
Question 48
1 out of 1 points
A(n) ____ is used to anticipate, react to, and recover from events that threaten the security of
information and information assets in an organization; it is also used to restore the organization
to normal modes of business operations;
Selected Answer:
Correct contingency plan
Correct Answer:
Correct contingency plan

Question 49
1 out of 1 points
Information assets have ____ when they are not exposed (while being stored, processed, or
transmitted) to corruption, damage, destruction, or other disruption of their authentic states.
Selected Answer:
Correct integrity
Correct Answer:
Correct integrity
Question 50
1 out of 1 points
____ hack systems to conduct terrorist activities through network or Internet pathways.
Selected Answer:
Correct Cyberterrorists
Correct Answer:
Correct Cyberterrorists