CHAPTER SUMMARY

This chapter covers a wide range of related topics—from monitoring and auditing networks to identifying and handling incidents. Understanding your network’s current state and its ability to recover from incidents is an important skill for technicians and management.

It isn’t enough to simply sample performance data. You need to have a deep enough understanding of your network’s normal operation to recognize when things aren’t right and have well-thought out plans to follow to respond in such cases. Restoring normal operation demands awareness to identify abnormal behavior and plans to react.

KEY CONCEPTS AND TERMS

Alarm

Alert

Baseline

Clipping level

Computer security incident response plan (CSIRP)

Computer security incident response team (CSIRT)

Disaster recovery plan (DRP)

Event

False negative

False positive

Host intrusion detection system (HIDS)

Incident

Incident response plan (IRP)

Monitoring

Qualitative risk analysis

Quantitative risk analysis

Real-time monitoring

Risk

Risk management

Security information and event management (SIEM) system

Trend

CHAPTER 13 ASSESSMENT

  1. Which of the following was first released in 2014 in response to a U.S. Presidential Executive Order calling for increased cybersecurity?
    1. NIST CSF
    2. ISO 27002
    3. ITIL
    4. COSO
  2. Which of the following uses business rules to classify sensitive information to prevent unauthorized end users from sharing information?
    1. DLP
    2. IDS
    3. Logging
    4. Clipping
  3. Which of the following is a type of wireless encryption you should not use on a wireless network due to its lack of security?
    1. WPA
    2. IPSEC
    3. PPP
    4. WEP
  4. What type of error triggers an alert when a threat really doesn’t exist?
    1. False negative
    2. True negative
    3. False positive
    4. True positive
  5. What configuration setting can you adjust to avoid Type I errors?
    1. Clipping level
    2. Heuristic ruleset
    3. Encryption technique
    4. Logging level
  6. Which industry standard requires that organizations keep logs for at least one year?
    1. HIPAA
    2. SOX
    3. NIST
    4. PCI DSS
  7. What management software provides a common platform to capture and analyze log entries?
    1. ERP
    2. SIEM
    3. Monitor
    4. HIDS
  8. Which of the following is any action that results in a violation of, or threatened violation of, the security policy?
    1. Event
    2. Threat
    3. Vulnerability
    4. Incident
  9. What is the first step in properly responding to an incident?
    1. Identification
    2. Containment
    3. Eradication
    4. Communication
  10. What type of plan defines how an organization would respond to a power outage that lasts two days?
    1. BIA
    2. BCP
    3. DRP
    4. IPS
  11. What type of plan defines how an organization would respond to a fire that destroys the building housing the organization’s data center?
    1. BIA
    2. BCP
    3. DRP
    4. IPS
  12. Which activity identifies processes that are critical to a business’s ability to carry out its core operations?
    1. BIA
    2. BCP
    3. DRP
    4. IPS
  13. BCP stands for:
    1. Business continuity planning
    2. Business career planning
    3. Business continuity policy
    4. Business continuity practices
  14. DRP stands for:
    1. Disaster recovery planning
    2. Disaster recovery procedures
    3. Design recommendation policy
    4. Design review policy
  15. An organization must choose between BCP and DRP as an approach for dealing with unplanned events affecting their telecommunications infrastructure.
    1. True
    2. False
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.133.54