Principles of Incident Response And Disaster Recovery 2nd Edition By Michael – Test Bank

Principles of Incident Response And Disaster Recovery 2nd Edition By Michael – Test Bank

📚 Download and Learn Now!

Get ready for your test with this easy test bank. It has lots of questions to help you learn about people and how they think.

✅ What You Get:

• 💡 Download Fast – Get it right after you buy.
• 📝 Lots of Questions – Learn important ideas.
• 📖 Easy Answers – Simple words to help you understand.
• 🏆 Test Practice – Get ready for your exam.
• 🎯 Great for Learning – Perfect for students and teachers.

So what are you waiting for click to buy now and get better marks.

Chapter 5: Incidence Response: Detection and Decision Making

TRUE/FALSE

1.According the to NIST definition of  an event as “any observable occurrence in a system or network,” all events are computer or network oriented.

ANS: F PTS: 1 REF: 167

2.To help make the detection of actual incidents more reliable, there are three broad categories of incident indicators that have been identified: possible, probable, and definite.

ANS: T PTS: 1 REF: 168

3.Most modern antivirus/anti-malware utilities cannot detect rootkits.

ANS: F PTS: 1 REF: 171

4.The Windows Task Manager can be used to seek out Trojan programs on Microsoft Windows computers.

ANS: F PTS: 1 REF: 176

5.Many attacks come through ports and then attack legitimate processes to allow themselves access or to conduct subsequent attacks.

ANS: T PTS: 1 REF: 197

MULTIPLE CHOICE

1.The process of evaluating the circumstances around organizational events includes determining which adverse events are possible incidents, or ____.

ANS: B PTS: 1 REF: 167

2.A(n) ____ is a sign that an adverse event is underway and has a probability of becoming an incident.

ANS: C PTS: 1 REF: 168

3.A(n) ____ is a sign that an activity now occurring may signal an incident that could occur in the future.

ANS: A PTS: 1 REF: 168

4.A ____ rootkit is one that becomes a part of the system bootstrap process and is loaded every time the system boots.

ANS: D PTS: 1 REF: 170

5.In the event that a definite indicator is recognized, the corresponding ____ must be activated immediately.

ANS: B PTS: 1 REF: 172

6.Most organizations will find themselves awash in incident candidates at one time or another, and the vast majority will be ____.

ANS: D PTS: 1 REF: 173

7.The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____.

ANS: D PTS: 1 REF: 184

8.A(n) ____ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization.

ANS: C PTS: 1 REF: 185

9.The ____ of a hub, switch or other networking device is a specially configured connection that is capable of viewing all the traffic that moves through the entire device.

ANS: A PTS: 1 REF: 189

10.The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.

ANS: B PTS: 1 REF: 190

11.Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.

ANS: D PTS: 1 REF: 191

12.In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network.

ANS: B PTS: 1 REF: 192

13.The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place.

ANS: C PTS: 1 REF: 205

Related Test Bank