nerdexam
Cisco

210-255 · Question #111

Which option is unnecessary for determining the appropriate containment strategy according to NIST.SP800-61 r2?

The correct answer is D. attack vector used to compromise the system. NIST SP 800-61 r2 defines specific criteria for choosing a containment strategy, and the attack vector used is not among them - the focus is on impact, resources, and legal considerations rather than how the attacker gained access.

Security Policies and Procedures

Question

Which option is unnecessary for determining the appropriate containment strategy according to NIST.SP800-61 r2?

Options

  • Aeffectiveness of the strategy
  • Btime and resource needed to implement the strategy
  • Cneed for evidence preservation
  • Dattack vector used to compromise the system

How the community answered

(42 responses)
  • A
    2% (1)
  • B
    5% (2)
  • C
    10% (4)
  • D
    83% (35)

Why each option

NIST SP 800-61 r2 defines specific criteria for choosing a containment strategy, and the attack vector used is not among them - the focus is on impact, resources, and legal considerations rather than how the attacker gained access.

Aeffectiveness of the strategy

The effectiveness of the containment strategy is explicitly listed by NIST SP 800-61 r2 as a relevant factor in selecting among containment options.

Btime and resource needed to implement the strategy

Time and resources required to implement a strategy are explicitly listed by NIST SP 800-61 r2 as factors that influence the containment decision.

Cneed for evidence preservation

The need for evidence preservation is explicitly identified by NIST SP 800-61 r2 as a key criterion because some containment actions may destroy forensic evidence.

Dattack vector used to compromise the systemCorrect

According to NIST SP 800-61 r2 Section 3.3.1, the criteria for selecting a containment strategy include: potential damage and theft, need for evidence preservation, service availability requirements, time and resources needed to implement the strategy, and the effectiveness of the strategy. The attack vector used to compromise the system is not listed as a factor because containment decisions are driven by operational and legal needs, not by the method of compromise.

Concept tested: NIST SP 800-61 r2 containment strategy criteria

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#NIST SP800-61#containment strategy#incident response#evidence preservation

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice