Question 1

Which incidence response step includes identifying all hosts affected by an attack?

Options :

A : detection and analysis

B : post-incident activity

C : preparation

D : containment, eradication, and recovery

Answer: D

Question 2

What is the impact of false negative alerts when compared to true negative alerts?

Options :

A : A false negative is someone trying to hack into the system and no alert is raised, and a true negative is an event that never happened and an alert was not raised.

B : A true negative is an alert for an exploit attempt when no attack was detected, and a false negative is when no attack happens and an alert is still raised.

C : A true negative is a legitimate attack that triggers a brute force alert, and a false negative is when no alert and no attack is occurring.

D : A false negative is an event that alerts for injection attack when no attack is happening, and a true negative is an attack that happens and an alert that is appropriately raised.

Answer: A

Question 3

Refer to the exhibit.

A company's user HTTP connection to a malicious site was blocked according to configured policy. What is the source technology used for this measure?

Options :

A : network application control

B : firewall

C : IPS

D : web proxy

Answer: C

Question 4

Which utility blocks a host portscan?

Options :

A : HIDS

B : sandboxing

C : host-based firewall

D : antimalware

Answer: C

Question 5

Which element is included in an incident response plan as stated in NIST.SP800-617

Options :

A : security of sensitive information

B : individual approach to incident response

C : consistent threat identification

D : approval of senior management

Answer: D

Higher Test Marks with Free Online 200-201 Exam Practice

Buying Options: