11. What application monitors system activity, then produces alerts about possible intrusions?
- Intrusion detection system
- Playbook
- Product manual
- Word processor
12. What actions does an intrusion prevention system (IPS) perform? Select three answers.
- Detect abnormal activity
- Stop intrusive activity
- Monitor activity
- Manage security incidents
Weekly challenge 1
13. Which of the following is an example of a security incident?
- Multiple unauthorized transfers of sensitive documents to an external system.
- A company’s experiences increased traffic volumes on their website because of a new product release.
- An extreme weather event causes a network outage.
- An authorized user emails a file to a customer.
14. What is the NIST Incident Response Lifecycle?
- The method of closing an investigation
- A framework that provides a blueprint for effective incident response
- A system that only includes regulatory standards and guidelines
- The process used to document events
15. Which of the following are phases of the NIST Incident Response Lifecycle? Select three answers.
- Containment, Eradication, and Recovery
- Preparation
- Detection and Analysis
- Protection
16. What are some roles included in a computer security incident response team (CSIRT)? Select three answers.
- Security analyst
- Incident coordinator
- Technical lead
- Incident manager
17. What is an incident response plan?
- A document that outlines the procedures to take in each step of incident response
- A document that outlines a security team’s contact information
- A document that details system information
- A document that contains policies, standards, and procedures
18. A cybersecurity analyst receives an alert about a potential security incident. Which type of tool should they use to examine the alert's evidence in greater detail?
- A recovery tool
- A documentation tool
- An investigative tool
- A detection tool
Shuffle Q/A 2
19. Which of the following methods can a security analyst use to create effective documentation? Select two answers.
- Provide clear and concise explanations of concepts and processes.
- Write documentation in a way that reduces confusion.
- Provide documentation in a paper-based format.
- Write documentation using technical language.
20. What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?
- An IDS stops intrusive activity whereas an IPS monitors system activity and alerts on intrusive activity.
- An IDS monitors system activity and alerts on intrusive activity whereas an IPS stops intrusive activity.
- An IDS automates response and an IPS generates alerts.
- An IDS and an IPS both have the same capabilities.