To view this notification widget you need to have JavaScript enabled. This notification widget was easily created with NotifySnack.
  Loading... Please wait...

The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called


Product Description

  1. The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.
  2. Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.

  3. The ____ of a hub, switch or other networking device is a specially configured connection that is capable of viewing all the traffic that moves through the entire device.

  4. The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

  5. ___ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.

  6. New systems can respond to an incident threat autonomously, based on preconfigured options that go beyond simple defensive actions usually associated with IDPS and IPS systems. These systems, referred to as ____, use a combination of resources to detect an intrusion and then to trace the intrusion back to its source.

  7. A(n) ____ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization.

  8. A ____ is a synonym for a virtualization application

  9. A backup plan using WAN/VLAN replication and a recovery strategy using a warm site is most suitable for information systems that have ____ priority within an organization

  10. A ____ is an agency that provides physical facilities in the event of a disaster for a fee.

  11. Considered to be the traditional “lock and copy” approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.

  12. An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.

  13. A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.

  14. A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice.

  15. Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead of, performing backups of data.

  16. A ____ is commonly a single device or server that attaches to a network and uses TCP/IP-based protocols and communications methods to provide an online storage environment.

  17. The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.

  18. ____ is a risk control approach that attempts to shift the risk to other assets, other processes, or other organizations.

  19. A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.

  20. __ hack systems to conduct terrorist activities through network or Internet pathways.

  21. ___ is the process of examining, documenting, and assessing the security posture of an organization’s information technology and the risks it faces.

  22. A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.

  23. ___ (sometimes referred to as avoidance) is the risk control strategy that attempts to prevent the exploitation of a vulnerability.

  24. Information assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction.

  25. The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.

  26. An manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.

  27. Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?

  28. To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of  ____.

  29. The ____ is the period of time within which systems, applications, or functions must be recovered after an outage.

  30. The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.

  31. The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.

  32. The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and  reestablishment of operations for continuity.

  33. The final component to the CPMT planning process is to deal with ____.

  34. The elements required to begin the ____ process are a planning methodology; a policy environment to enable the planning process; an understanding of the causes and effects of core precursor activities, and access to financial and other resources.

  35. The focus during a(n) ____ is on learning what worked, what didn’t, and where communications and response procedures may have failed.

  36. The first group to communicate the CSIRT’s vision and operational plan is the managerial team or individual serving as the ____.

  37. A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____.

  38. In the absence of the assigned team manager, the ____ should assume authority for overseeing and evaluating a provided service.

  39. Those services undertaken to prepare the organization or the CSIRT constituents to protect and secure systems in anticipation of problems, attacks, or other events are called ____.

  40. The CSIRT should be available for contact by anyone who discovers or suspects that an incident involving the organization has occurred. Some organizations prefer that employees contact a ____, which then makes the determination as to whether to contact the CSIRT or not.

  41. When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.

  42. A key step in the ____ approach to incident response is to discover the identify of the intruder while documenting his or her activity.

  43. A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems.

  44. The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

  45. A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

  46. Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.

  47. The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. Unlike “capture-the-flag ” exercises, this competition is exclusively a real-world ____ competition.

  48. ____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.

  49. The responsibility for creating an organization’s IR plan often falls to the ____.

  50. A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

Products by Category

Add to Wish List

Click the button below to add the The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called to your wish list.

You Recently Viewed...