210-255 · Question #16
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?
The correct answer is B. precursor. NIST SP 800-61 r2 uses the term 'precursor' to describe a sign that an incident may occur in the future, which fits the scenario of online threats made before any actual attack. The other terms do not appear in NIST SP 800-61 r2 terminology.
Question
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?
Options
- Ainstigator
- Bprecursor
- Conline assault
- Dtrigger
How the community answered
(23 responses)- A4% (1)
- B96% (22)
Why each option
NIST SP 800-61 r2 uses the term 'precursor' to describe a sign that an incident may occur in the future, which fits the scenario of online threats made before any actual attack. The other terms do not appear in NIST SP 800-61 r2 terminology.
Instigator is not a defined term in the NIST SP 800-61 r2 incident response lifecycle or detection taxonomy.
NIST SP 800-61 r2 defines a precursor as a sign that an incident may occur in the future, distinguishing it from an indicator which signals an incident may already be happening or has occurred. Online threats from a hacktivist group constitute a precursor, prompting the organization to adjust its security posture proactively.
Online assault is not a term used in NIST SP 800-61 r2; the framework categorizes events as precursors or indicators, not assaults.
Trigger is not defined in NIST SP 800-61 r2 terminology; the standard uses precursor and indicator to classify signs of potential or active incidents.
Concept tested: NIST SP 800-61 r2 precursor definition and detection
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.