An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. What is the initial event called in the NIST SP800-61?
A precursor is a sign that a cyber-attack is about to occur on a system or network. An indicator is the actual alerts that are generated as an attack is happening. Therefore, as a security professional, it's important to know where you can find both precursor and indicator sources of information.
The following are common sources of precursor and indicator information:
Security Information and Event Management (SIEM)
Anti-virus and anti-spam software
File integrity checking applications/software
Logs from various sources (operating systems, devices, and applications)
People who report a security incident
"B" is correct.
Precursors is the way the document name the method/event. The documento do not have the other words in the alternatives.
3.2.3 Sources of Precursors and Indicators
Precursors and indicators are identified using many different sources, with the most common being computer security software alerts, logs, publicly available information, and people
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Eng_ahmedyoussef
8 months agoeggheadsv
1 year, 6 months agoanonymous1966
1 year, 9 months agoanonymous1966
1 year, 9 months ago