nerdexam
Cisco

210-255 · Question #16

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?

The correct answer is B. precursor. NIST SP 800-61 r2 uses the term 'precursor' to describe a sign that an incident may occur in the future, which fits the scenario of online threats made before any actual attack. The other terms do not appear in NIST SP 800-61 r2 terminology.

Security Policies and Procedures

Question

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?

Options

  • Ainstigator
  • Bprecursor
  • Conline assault
  • Dtrigger

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    96% (22)

Why each option

NIST SP 800-61 r2 uses the term 'precursor' to describe a sign that an incident may occur in the future, which fits the scenario of online threats made before any actual attack. The other terms do not appear in NIST SP 800-61 r2 terminology.

Ainstigator

Instigator is not a defined term in the NIST SP 800-61 r2 incident response lifecycle or detection taxonomy.

BprecursorCorrect

NIST SP 800-61 r2 defines a precursor as a sign that an incident may occur in the future, distinguishing it from an indicator which signals an incident may already be happening or has occurred. Online threats from a hacktivist group constitute a precursor, prompting the organization to adjust its security posture proactively.

Conline assault

Online assault is not a term used in NIST SP 800-61 r2; the framework categorizes events as precursors or indicators, not assaults.

Dtrigger

Trigger is not defined in NIST SP 800-61 r2 terminology; the standard uses precursor and indicator to classify signs of potential or active incidents.

Concept tested: NIST SP 800-61 r2 precursor definition and detection

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#NIST SP800-61#incident response#precursor#indicators of attack

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice