Question 1

IDS false alarms cause ________.

Accepted Answer

A)   companies to ignore IDS alerts
B)   companies to install multiple IDSs using different methods
C)   Both A and B
D)   Neither A nor B

Question 2

Live tests are ________.

Accepted Answer

A)   more effective than walkthroughs
B)   inexpensive
C)   Both A and B
D)   Neither A nor B

Question 3

Disconnection ________.

Accepted Answer

A)   is the most decisive way to do termination
B)   harms legitimate users
C)   Both A and B
D)   Neither A nor B

Question 4

False alarms in an IDS are known as ________.

Accepted Answer

A)   false positives
B)   false negatives
C)   pranks
D)   noise

Question 5

Precedents can be created by ________.

Accepted Answer

A)   U.S. Circuit Courts of Appeal.
B)   U.S. District Courts
C)   Both A and B
D)   Neither A nor B

Question 6

Black holing is an effective long-term containment solution.

Accepted Answer

A) True 
 B)False

Question 7

The normal standard for deciding a case in ________ trials is guilt beyond a reasonable doubt.

Accepted Answer

A)   civil
B)   criminal
C)   Both A and B
D)   Neither A nor B

Question 8

Who should head the CSIRT?

Accepted Answer

A)   IT
B)   IT security
C)   A senior manager
D)   None of the above

Question 9

In an IDS, ________ means that the IDS should report all attacks events and report as few false alarms as possible.

Accepted Answer

A)   precision
B)   event correlation
C)   Both A and B
D)   Neither A nor B

Question 10

A NIDS can ________.

Accepted Answer

A)   see all packets passing through its position in a network
B)   scan encrypted data
C)   Both A and B
D)   Neither A nor B

Question 11

An IDS is a ________ control.

Accepted Answer

A)   preventative
B)   detective
C)   restorative
D)   All of the above

Question 12

Rehearsals improve ________.

Accepted Answer

A)   accuracy
B)   speed
C)   Both A and B
D)   Neither A nor B

Question 13

Restoration of data files from tape ________.

Accepted Answer

A)   is the fastest recovery method
B)   always results in data loss
C)   Both A and B
D)   Neither A nor B

Question 14

The only person who should speak on behalf of a firm should be ________.

Accepted Answer

A)   the public relations director
B)   the firm's legal counsel
C)   Both A and B
D)   Neither A nor B

Question 15

18 U.S.C. § 1030 protects ________.

Accepted Answer

A)   all computers
B)   "protected computers" such as government computers
C)   Both A and B
D)   Neither A nor B

Question 16

If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial.

Accepted Answer

A) True 
 B)False

Question 17

Incident response is defined as reacting to incidents impromptu.

Accepted Answer

A) True 
 B)False

Question 18

________ of response is critical.

Accepted Answer

A)   Accuracy
B)   Speed
C)   Both A and B
D)   Neither A nor B

Question 19

What protection can a firm provide for people in the event of an emergency?

Accepted Answer

A)   Not allowing people to go into an unsafe environment
B)   Accounting for all staff immediately
C)   Both A and B
D)   Neither A nor B

Question 20

________ specify how a company will maintain or restore core business operations after disasters.

Accepted Answer

A)   Business continuity plans
B)   IT disaster recovery plans
C)   Both A and B
D)   Neither A nor B

Exam 10: Incident and Disaster Response

Incident response is defined as reacting to incidents impromptu.

Correct AnswerverifiedShow Answer

In an IDS, ________ means that the IDS should report all attacks events and report as few false alarms as possible.

Correct AnswerverifiedShow Answer

Restoration of data files from tape ________.

Correct AnswerverifiedShow Answer

18 U.S.C. § 1030 protects ________.

Correct AnswerverifiedShow Answer

A NIDS can ________.

Correct AnswerverifiedShow Answer

If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial.

Correct AnswerverifiedShow Answer

The normal standard for deciding a case in ________ trials is guilt beyond a reasonable doubt.

Correct AnswerverifiedShow Answer

Rehearsals improve ________.

Correct AnswerverifiedShow Answer

________ of response is critical.

Correct AnswerverifiedShow Answer

What protection can a firm provide for people in the event of an emergency?

Correct AnswerverifiedShow Answer

An IDS is a ________ control.

Correct AnswerverifiedShow Answer

Who should head the CSIRT?

Correct AnswerverifiedShow Answer

Live tests are ________.

Correct AnswerverifiedShow Answer

Precedents can be created by ________.

Correct AnswerverifiedShow Answer

________ specify how a company will maintain or restore core business operations after disasters.

Correct AnswerverifiedShow Answer

Disconnection ________.

Correct AnswerverifiedShow Answer

Black holing is an effective long-term containment solution.

Correct AnswerverifiedShow Answer

False alarms in an IDS are known as ________.

Correct AnswerverifiedShow Answer

The only person who should speak on behalf of a firm should be ________.

Correct AnswerverifiedShow Answer

IDS false alarms cause ________.

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified