nerdexam
Exams210-255Questions#16
Cisco

210-255 · Question #16

210-255 Question #16: Real Exam Question with Answer & Explanation

The correct answer is B: precursor. NIST SP 800-61 r2 uses the term 'precursor' to describe a sign that an incident may occur in the future, which fits the scenario of online threats made before any actual attack. The other terms do not appear in NIST SP 800-61 r2 terminology.

Question

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?

Options

  • Ainstigator
  • Bprecursor
  • Conline assault
  • Dtrigger

Explanation

NIST SP 800-61 r2 uses the term 'precursor' to describe a sign that an incident may occur in the future, which fits the scenario of online threats made before any actual attack. The other terms do not appear in NIST SP 800-61 r2 terminology.

Common mistakes.

  • A. Instigator is not a defined term in the NIST SP 800-61 r2 incident response lifecycle or detection taxonomy.
  • C. Online assault is not a term used in NIST SP 800-61 r2; the framework categorizes events as precursors or indicators, not assaults.
  • D. Trigger is not defined in NIST SP 800-61 r2 terminology; the standard uses precursor and indicator to classify signs of potential or active incidents.

Concept tested. NIST SP 800-61 r2 precursor definition and detection

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice