Outcomes addressed in this activity:
Unit Outcomes:
- Break apart incident response.
- Choose preventative measures.
- Examine logging, monitoring, and auditing.
Course Outcome:
IT410-4: Determine incident prevention and response strategies.
Purpose
In this assignment, you will examine various incident response steps such as incident detection, investigating alerts, incident mitigation, and recovery.
Assignment Instructions
Answer the following 12 questions by selecting the single best answer for each. Using your course materials and/or other credible resources, provide a 50- to 100-word explanation of why you chose your answer for each question. Please cite your sources for your answers from your course materials or other credible resources.
- Your company has implemented a host-based intrusion detection system (HIDS). You have recently become concerned with problems when these systems are implemented. What is a major problem when deploying this type of system?
- It is hard to discover the files that have been altered by an attack.
- It must be deployed on each computer that needs it.
- All incoming network traffic to the host is monitored.
- During a recent security audit of your company’s network, contractors suggested that the operating systems on client computers are not sufficiently hardened. Which steps are crucial to ensure that an operating system is hardened?
- Disable unnecessary services.
- Install appropriate monitoring software.
- Install appropriate administrative tools.
- During a recent incident investigation, you extracted hidden data from the data image that was created. In which step of the incident investigation process were you involved?
- preservation
- collection
- examination
- Which U.S. government entity is responsible for dealing with federal computer security incidents that occur in civilian agencies?
- Federal Computer Incident Response Center (FedCIRC)
- Secret Service
- Federal Bureau of Investigation (FBI)
- Match the best description (number) on the second table with the type of intrusion detection system (IDS) on the first table (letter).
| A | Behavior-based | |
| B | Signature-based | |
| C | Host-based | |
| D | Network-based | |
| 1 | an IDS that maintains an attack profile database to identify intrusion attempts | |
| 2 | an IDS that monitors an entire network segment for intrusion attempts | |
| 3 | an IDS that only monitors a single particular device for intrusion attempts | |
| 4 | an IDS that uses a learned activity baseline to identify intrusion attempts |
- Match the best description (number) on the second table with the malware type on the first table (letter).
| A | Adware | |
| B | Botnet | |
| C | Rootkit | |
| D | Worm | |
| 1 | a computer that is hacked when a malicious program is installed on it and remotely triggered | |
| 2 | a program that spreads itself through network connections | |
| 3 | a software application that displays advertisements while the application is executing | |
| 4 | a collection of programs that grants a hacker administrative access to a computer or network |
- As part of your organization’s security policy, you must monitor access control violations. Which method(s) should you use?
- ACLs
- IDSs
- backups
- audit logs
- option a
- option b
- option c
- option d
- options b and d
- options b, c, and d
- all of the options
- You have decided to utilize a host-based intrusion detection system (HIDS) to provide added security on your company’s network. Which sources of information are not utilized by this system to analyze an intrusion attempt?
- system logs
- network packets
- operating system alarms
- operating system audit trails
- option a
- option b
- option c
- option d
- options a and b
- Which of the following security mechanisms is most effective in protecting rent disclosure and transmission outside the organization’s network?
- safeguards over keys
- configuration of firewalls
- authentication within application
- The most important reason that statistical anomaly-based intrusion detection systems (stat IDSs) are less commonly used than signature-based IDSs is that stat IDSs:
- create more overhead than signature-based ideas
- generate false alarms from varying user or system actions
- cause false positives from minor changes to system variables
- Which of the following is the most relevant metric to include in any information security quarterly report to the executive committee?
- percentage of security compliance servers
- security compliant servers trend report
- number of security patches applied
- Why is it important to develop an information security baseline? The security baseline helps define:
- a security policy for the entire organization
- a critical information resource that is needing protection
- the minimum acceptable security to be implemented
Assignment Requirements
Only the title page, in-text citations, and reference page are required to be formatted according to APA standards for this assignment.
