Chapter 17: Preventing and Responding to Incidents Flashcards
an ____ is any event that has a negative effect on the confidentiality, integrity, or availability of an organization’s assets.
incident
Incident management steps
Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned
A ____control attempts to thwart or stop unwanted or unauthorized activity from occurring.
preventive
A ____ control attempts to discover or detect unwanted or unauthorized activity.
detective
A ___ attack is another type of flood attack, but it floods the victim with Internet Control Message Protocol (ICMP) echo packets instead of with TCP SYN packets.
smurf
____ attacks are similar to smurf attacks. However, instead of using ICMP, it attack uses UDP packets over UDP ports 7 and 19.
Fraggle
A ___ flood attack floods a victim with ping requests.
ping
A _____ attack used oversized ping packets. Some operating systems couldn’t handle them. In some cases, the systems crashed, and in other cases, the attack caused a buffer overflow error.
ping-of-death
A ____ attack fragments data packets, making them difficult or impossible to be put back together by the receiving system. This often caused systems to crash.
teardrop
A ____ exploit refers to an attack on a system exploiting a vulnerability that is unknown to others.
zero-day
This IDS method uses a database of known attacks developed by the IDS vendor.
This IDS method starts by creating a baseline of normal activities and events on the system.
The most important protection against malicious code is the use of ____ software with up-to-date signature files and heuristic capabilities.
antimalware
_____ is a form of nonstatistical sampling. It selects only events that exceed a clipping level, which is a predefined threshold for the event.
Clipping
It’s also important to monitor traffic leaving a network to the internet, also called ____ monitoring. This can detect the unauthorized transfer of data outside the organization, often referred to as data exfiltration.
egress
