Chapter 17 – Preventing and Responding To Incidents

Question 1

1. Which of the following is the best response after detecting and verifying an incident?
   Contain it

Answer 1

Contain it

Question 2

2. Which of the following would security personnel do during the remediation stage of an incident response?
   Root cause analysis

Answer 2

Root cause analysis

Question 3

3. Which of the following are DoS attack? (Choose three.)

Teardrop, Smurf, Ping of death

Answer 3

Teardrop, Smurf, Ping of death

Question 4

4. How does a SYN flood attack work?

Disrupts the three-way handshake used by TCP

Answer 4

Disrupts the three-way handshake used by TCP

Question 5

5. A web server hosted on the internet was recently attacked, exploiting a vulnerability in the operating system. The operating system vendor assisted in the incident investigation and verified that the vulnerability was not previously known. What type of attack was this?
   Zero-day exploit

Answer 5

Zero-day exploit

Question 6

6. Of the following choices, which is the most common method of distributing malware?
   Drive-by downloads

Answer 6

Drive-by downloads

Question 7

7. Of the following choices, what indicates the primary purpose of an intrusion detection system (IDS)?
   Detect abnormal activity

Answer 7

Detect abnormal activity

Question 8

8. Which of the following is true for a host-based intrusion detection system (HIDS)?
   It monitors a single system.

Answer 8

It monitors a single system.

Question 9

9. Which of the following is a fake network designed to temp intruders with unpatched and unprotected security vulnerabilities and false data?
   Honeynet

Answer 9

Honeynet

Question 10

10. Of the following choices, what is the best form of anti-malware protection?
    Anti-malware protection at several locations

Answer 10

Anti-malware protection at several locations