Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 10: Incident and Disaster Response

Full screen (f)
exit full mode
Question
________ of response is critical.

A) Accuracy
B) Speed
C) Both A and B
D) Neither A nor B
Use Space or
up arrow
down arrow
to flip the card.
Question
With good planning and protection, a company can eliminate security incidents.
Question
A CSIRT should not include members from the legal department.
Question
Live tests are ________.

A) more effective than walkthroughs
B) inexpensive
C) Both A and B
D) Neither A nor B
Question
Rehearsals improve ________.

A) accuracy
B) speed
C) Both A and B
D) Neither A nor B
Question
The business continuity team should be headed by ________.

A) a senior business manager
B) the chief information officer
C) the chief security officer
D) None of the above
Question
Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss.
Question
A major security incident is generally handled by the ________.

A) IT disaster response team
B) business continuity team
C) CSIRT
D) All of the above
Question
A CSIRT should include members from the public relations department.
Question
Which of the following is not one of the four security levels of incidents?

A) False alarms
B) Minor incidents
C) Virus epidemics
D) Disasters
Question
Walkthroughs are ________ table-top exercises.

A) better than
B) just as good as
C) worse than
D) the same thing as
Question
A walkthrough is also called a ________.

A) table-top exercise
B) live test
C) Both A and B
D) Neither A nor B
Question
Incident response is defined as reacting to incidents according to plan.
Question
Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________.

A) detailed business continuity plans
B) a full-time director of business continuity
C) Both A and B
D) Neither A nor B
Question
False positives are legitimate activities that are flagged as suspicious.
Question
Successful attacks are commonly called ________.

A) security incidents
B) countermeasures
C) Both A and B
D) Neither A nor B
Question
________ is concerned with the restarting of the day-to-day revenue generating operations of the firm.

A) Business continuity planning
B) IT disaster recovery
C) Both A and B
D) Neither A nor B
Question
________ is the act of passing an incident to the CSIRT or business continuity team.

A) Transference
B) Escalation
C) Delegation
D) Acceleration
Question
________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery.

A) Detection
B) Analysis
C) Both A and B
D) Neither A nor B
Question
Incident response is defined as reacting to incidents impromptu.
Question
Once an attack has begun, a company should never allow the attacker to continue.
Question
If it can be applied, the least-damaging recovery option is ________.

A) restoration from backup tapes
B) total reinstallation
C) repair during continuing server operation
D) All of the above are about equally damaging
Question
________ is the act of actually stopping an incident's damage.

A) Disconnection
B) Gapping
C) Containment
D) Termination
Question
Restoration of data files from tape ________.

A) is the fastest recovery method
B) always results in data loss
C) Both A and B
D) Neither A nor B
Question
Repair during ongoing server operation is ________.

A) desirable
B) dangerous
C) Both A and B
D) Neither A nor B
Question
The decision to let an attack continue should be made by ________.

A) IT
B) IT security
C) senior business executives
D) public relations
Question
Black holing is an effective long-term containment solution.
Question
________ eliminates the problem of having to re-baseline the system to proper security levels.

A) Using a disk image
B) Total software reinstallation
C) Both A and B
D) Neither A nor B
Question
________ deals with interpretations of rights and duties that companies or individuals have relative to each other.

A) Criminal law
B) Civil law
C) Both A and B
D) Neither A nor B
Question
The only person who should speak on behalf of a firm should be ________.

A) the public relations director
B) the firm's legal counsel
C) Both A and B
D) Neither A nor B
Question
Which of the following should the CSIRT include?

A) senior manager
B) PR director
C) firm's legal counsel
D) All of the above
Question
It is easier to punish employees than to prosecute outside attackers.
Question
Disconnection ________.

A) is the most decisive way to do termination
B) harms legitimate users
C) Both A and B
D) Neither A nor B
Question
Which of the following is not one of the three rules for apologies?

A) Explain what happened.
B) Acknowledge responsibility and harm.
C) Use wording aimed at reducing lawsuits.
D) Explain what action will be taken to compensate victims, if any.
Question
________ investigate(s) most violations of local and state computer laws.

A) Local police
B) The FBI
C) Both A and B
D) Neither A nor B
Question
Who should head the CSIRT?

A) IT
B) IT security
C) A senior manager
D) None of the above
Question
Total software reinstallation effectively addresses data loss.
Question
________ evidence is evidence that is acceptable for court proceedings.

A) Title 18
B) Title 11
C) Forensic
D) Expert
Question
Dropping all future packets from a particular IP address is called ________.

A) black holing
B) disconnection
C) IP address spoofing
D) damaging
Question
Allowing an attacker to continue working in a system after the attack has been discovered ________.

A) may allow the company to collect evidence for prosecution
B) can be dangerous by allowing the attacker to do more damage
C) Both A and B
D) Neither A nor B
Question
Only an expert witness is allowed to interpret facts for juries.
Question
A(n) ________ is a professional who is trained to collect and evaluate computer evidence in ways that are likely to be admissible in court.

A) expert witness
B) computer forensics expert
C) Both A and B
D) Neither A nor B
Question
________ punishments may result in fines.

A) Criminal
B) Civil
C) Both A and B
D) Neither A nor B
Question
A ________ is law dealing with information technology.

A) cyberlaw
B) Title 13
C) Title 17
D) All of the above
Question
The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial.

A) reasonable doubt
B) mens rea
C) Both A and B
D) Neither A nor B
Question
Plaintiffs initiate legal proceedings in ________ cases.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Question
Which of the following is not one of the three levels of U.S. federal courts?

A) U.S. District Courts
B) U.S. Circuit Courts of Appeal
C) U.S. State Courts
D) The U.S. Supreme Court
Question
Courts will often admit unreliable evidence if judges believe that juries can be trusted to evaluate it properly.
Question
If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial.
Question
Mens Rea usually is important is ________ trials.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Question
Federal jurisdiction typically does not extend to computer crimes that are committed entirely within a state and that do not have a bearing on interstate commerce.
Question
Past judicial precedents constitute ________.

A) case law
B) statutes
C) criminal law
D) All of the above
Question
The normal standard for deciding a case in ________ trials is a preponderance of the evidence.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Question
Precedents can be created by ________.

A) U.S. Circuit Courts of Appeal.
B) U.S. District Courts
C) Both A and B
D) Neither A nor B
Question
________ punishments may result in jail time.

A) Criminal
B) Civil
C) Both A and B
D) Neither A nor B
Question
________ are areas of responsibility within which different government bodies can make and enforce laws but beyond which they cannot.

A) Mens rea
B) Jurisdictions
C) Statutes
D) Precedents
Question
Prosecutors initiate legal proceedings in ________ cases.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Question
The normal standard for deciding a case in ________ trials is guilt beyond a reasonable doubt.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Question
________ deals with the violation of criminal statutes.

A) Criminal law
B) Civil law
C) Both A and B
D) Neither A nor B
Question
International laws about cybercrime are fairly uniform.
Question
Communication between IDS ________ must be secure.

A) managers and agents
B) vendors and managers
C) Both A and B
D) Neither A nor B
Question
Interactive log file analysis can filter out irrelevant entries.
Question
In ________ transfers, the agent waits until it has several minutes or several hours of data and then sends a block of log file data to the manager.

A) batch
B) real-time
C) Both A and B
D) Neither A nor B
Question
Which of the following is a function of IDSs?

A) Strike-back
B) Automated analysis
C) Both A and B
D) Neither A nor B
Question
False alarms in an IDS are known as ________.

A) false positives
B) false negatives
C) pranks
D) noise
Question
In ________ transfers, each event's data goes to the manager immediately.

A) batch
B) real-time
C) Both A and B
D) Neither A nor B
Question
What information should alarms give the security staff?

A) A way to test the alarm for accuracy
B) Advice about what the security administrator should do
C) Both A and B
D) Neither A nor B
Question
18 U.S.C. § 1030 prohibits hacking.
Question
18 U.S.C. § 2511 prohibits ________.

A) the interception of electronic messages
B) hacking
C) Both A and B
D) Neither A nor B
Question
IDS false alarms cause ________.

A) companies to ignore IDS alerts
B) companies to install multiple IDSs using different methods
C) Both A and B
D) Neither A nor B
Question
The ________ is responsible for integrating the information from the multiple agents that run on multiple monitoring devices.

A) manager
B) agent
C) Both A and B
D) Neither A nor B
Question
An IDS provides query and reporting tools to help administrators analyze the data interactively during and after an incident.
Question
The ________ collects event data and stores them in log files on the monitoring devices.

A) manager
B) agent
C) Both A and B
D) Neither A nor B
Question
NIDs look at ________.

A) all host traffic in a network
B) all network traffic in a network
C) Both A and B
D) Neither A nor B
Question
18 U.S.C. § 1030 protects ________.

A) all computers
B) "protected computers" such as government computers
C) Both A and B
D) Neither A nor B
Question
An IDS is a ________ control.

A) preventative
B) detective
C) restorative
D) All of the above
Question
A router can be a NIDS.
Question
Which type of analysis do IDSs usually do?

A) Attack signature detection
B) Anomaly detection
C) Both A and B
D) Neither A nor B
Question
A ________ IDS sends data from many devices at a central management console.

A) centralized
B) distributed
C) fragmented
D) decentralized
Question
18 U.S.C. § 1030 prohibits ________.

A) hacking
B) malware attacks
C) denial-of-service attacks
D) All of the above
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/107
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 10: Incident and Disaster Response
1
________ of response is critical.

A) Accuracy
B) Speed
C) Both A and B
D) Neither A nor B
C
2
With good planning and protection, a company can eliminate security incidents.
False
3
A CSIRT should not include members from the legal department.
False
4
Live tests are ________.

A) more effective than walkthroughs
B) inexpensive
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
5
Rehearsals improve ________.

A) accuracy
B) speed
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
6
The business continuity team should be headed by ________.

A) a senior business manager
B) the chief information officer
C) the chief security officer
D) None of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
7
Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
8
A major security incident is generally handled by the ________.

A) IT disaster response team
B) business continuity team
C) CSIRT
D) All of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
9
A CSIRT should include members from the public relations department.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following is not one of the four security levels of incidents?

A) False alarms
B) Minor incidents
C) Virus epidemics
D) Disasters
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
11
Walkthroughs are ________ table-top exercises.

A) better than
B) just as good as
C) worse than
D) the same thing as
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
12
A walkthrough is also called a ________.

A) table-top exercise
B) live test
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
13
Incident response is defined as reacting to incidents according to plan.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
14
Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________.

A) detailed business continuity plans
B) a full-time director of business continuity
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
15
False positives are legitimate activities that are flagged as suspicious.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
16
Successful attacks are commonly called ________.

A) security incidents
B) countermeasures
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
17
________ is concerned with the restarting of the day-to-day revenue generating operations of the firm.

A) Business continuity planning
B) IT disaster recovery
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
18
________ is the act of passing an incident to the CSIRT or business continuity team.

A) Transference
B) Escalation
C) Delegation
D) Acceleration
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
19
________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery.

A) Detection
B) Analysis
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
20
Incident response is defined as reacting to incidents impromptu.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
21
Once an attack has begun, a company should never allow the attacker to continue.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
22
If it can be applied, the least-damaging recovery option is ________.

A) restoration from backup tapes
B) total reinstallation
C) repair during continuing server operation
D) All of the above are about equally damaging
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
23
________ is the act of actually stopping an incident's damage.

A) Disconnection
B) Gapping
C) Containment
D) Termination
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
24
Restoration of data files from tape ________.

A) is the fastest recovery method
B) always results in data loss
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
25
Repair during ongoing server operation is ________.

A) desirable
B) dangerous
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
26
The decision to let an attack continue should be made by ________.

A) IT
B) IT security
C) senior business executives
D) public relations
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
27
Black holing is an effective long-term containment solution.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
28
________ eliminates the problem of having to re-baseline the system to proper security levels.

A) Using a disk image
B) Total software reinstallation
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
29
________ deals with interpretations of rights and duties that companies or individuals have relative to each other.

A) Criminal law
B) Civil law
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
30
The only person who should speak on behalf of a firm should be ________.

A) the public relations director
B) the firm's legal counsel
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following should the CSIRT include?

A) senior manager
B) PR director
C) firm's legal counsel
D) All of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
32
It is easier to punish employees than to prosecute outside attackers.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
33
Disconnection ________.

A) is the most decisive way to do termination
B) harms legitimate users
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
34
Which of the following is not one of the three rules for apologies?

A) Explain what happened.
B) Acknowledge responsibility and harm.
C) Use wording aimed at reducing lawsuits.
D) Explain what action will be taken to compensate victims, if any.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
35
________ investigate(s) most violations of local and state computer laws.

A) Local police
B) The FBI
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
36
Who should head the CSIRT?

A) IT
B) IT security
C) A senior manager
D) None of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
37
Total software reinstallation effectively addresses data loss.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
38
________ evidence is evidence that is acceptable for court proceedings.

A) Title 18
B) Title 11
C) Forensic
D) Expert
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
39
Dropping all future packets from a particular IP address is called ________.

A) black holing
B) disconnection
C) IP address spoofing
D) damaging
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
40
Allowing an attacker to continue working in a system after the attack has been discovered ________.

A) may allow the company to collect evidence for prosecution
B) can be dangerous by allowing the attacker to do more damage
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
41
Only an expert witness is allowed to interpret facts for juries.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
42
A(n) ________ is a professional who is trained to collect and evaluate computer evidence in ways that are likely to be admissible in court.

A) expert witness
B) computer forensics expert
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
43
________ punishments may result in fines.

A) Criminal
B) Civil
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
44
A ________ is law dealing with information technology.

A) cyberlaw
B) Title 13
C) Title 17
D) All of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
45
The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial.

A) reasonable doubt
B) mens rea
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
46
Plaintiffs initiate legal proceedings in ________ cases.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
47
Which of the following is not one of the three levels of U.S. federal courts?

A) U.S. District Courts
B) U.S. Circuit Courts of Appeal
C) U.S. State Courts
D) The U.S. Supreme Court
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
48
Courts will often admit unreliable evidence if judges believe that juries can be trusted to evaluate it properly.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
49
If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
50
Mens Rea usually is important is ________ trials.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
51
Federal jurisdiction typically does not extend to computer crimes that are committed entirely within a state and that do not have a bearing on interstate commerce.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
52
Past judicial precedents constitute ________.

A) case law
B) statutes
C) criminal law
D) All of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
53
The normal standard for deciding a case in ________ trials is a preponderance of the evidence.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
54
Precedents can be created by ________.

A) U.S. Circuit Courts of Appeal.
B) U.S. District Courts
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
55
________ punishments may result in jail time.

A) Criminal
B) Civil
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
56
________ are areas of responsibility within which different government bodies can make and enforce laws but beyond which they cannot.

A) Mens rea
B) Jurisdictions
C) Statutes
D) Precedents
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
57
Prosecutors initiate legal proceedings in ________ cases.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
58
The normal standard for deciding a case in ________ trials is guilt beyond a reasonable doubt.

A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
59
________ deals with the violation of criminal statutes.

A) Criminal law
B) Civil law
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
60
International laws about cybercrime are fairly uniform.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
61
Communication between IDS ________ must be secure.

A) managers and agents
B) vendors and managers
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
62
Interactive log file analysis can filter out irrelevant entries.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
63
In ________ transfers, the agent waits until it has several minutes or several hours of data and then sends a block of log file data to the manager.

A) batch
B) real-time
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following is a function of IDSs?

A) Strike-back
B) Automated analysis
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
65
False alarms in an IDS are known as ________.

A) false positives
B) false negatives
C) pranks
D) noise
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
66
In ________ transfers, each event's data goes to the manager immediately.

A) batch
B) real-time
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
67
What information should alarms give the security staff?

A) A way to test the alarm for accuracy
B) Advice about what the security administrator should do
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
68
18 U.S.C. § 1030 prohibits hacking.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
69
18 U.S.C. § 2511 prohibits ________.

A) the interception of electronic messages
B) hacking
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
70
IDS false alarms cause ________.

A) companies to ignore IDS alerts
B) companies to install multiple IDSs using different methods
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
71
The ________ is responsible for integrating the information from the multiple agents that run on multiple monitoring devices.

A) manager
B) agent
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
72
An IDS provides query and reporting tools to help administrators analyze the data interactively during and after an incident.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
73
The ________ collects event data and stores them in log files on the monitoring devices.

A) manager
B) agent
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
74
NIDs look at ________.

A) all host traffic in a network
B) all network traffic in a network
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
75
18 U.S.C. § 1030 protects ________.

A) all computers
B) "protected computers" such as government computers
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
76
An IDS is a ________ control.

A) preventative
B) detective
C) restorative
D) All of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
77
A router can be a NIDS.
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
78
Which type of analysis do IDSs usually do?

A) Attack signature detection
B) Anomaly detection
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
79
A ________ IDS sends data from many devices at a central management console.

A) centralized
B) distributed
C) fragmented
D) decentralized
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
80
18 U.S.C. § 1030 prohibits ________.

A) hacking
B) malware attacks
C) denial-of-service attacks
D) All of the above
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 107 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree