Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
Correct Answer:
D
Which process is used when IPS events are removed to improve data integrity?
Correct Answer:
B
Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.
Solution:
Exploitation - The targeted Environment is taken advantage of triggering the threat actor's code Installation - Backdoor is placed on the victim system allowing the threat actor to maintain the persistence. Command and Control - An outbound connection is established to an Internet-based controller server. Actions and Objectives - The threat actor takes actions to violate data integrity and availability
Does this meet the goal?
Correct Answer:
A
What is a difference between inline traffic interrogation and traffic mirroring?
Correct Answer:
A
Inline traffic interrogation analyzes traffic in real time and has the ability to prevent certain traffic from being forwarded Traffic mirroring doesn't pass the live traffic instead it copies traffic from one or more source ports and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
Correct Answer:
B
