210-255 · Question #161
Which example of a precursor is true?
The correct answer is B. A log indicating a port scan was run against a host.. A precursor signals that an attack may occur in the future, while an indicator shows an attack is occurring or has already happened. A port scan log represents reconnaissance activity that precedes an attack.
Question
Which example of a precursor is true?
Options
- AAn admin finds their password has been changed.
- BA log indicating a port scan was run against a host.
- CA notification that a host is infected with malware.
- DA device configuration changed from the baseline without an audit log entry.
How the community answered
(30 responses)- A3% (1)
- B87% (26)
- C3% (1)
- D7% (2)
Why each option
A precursor signals that an attack may occur in the future, while an indicator shows an attack is occurring or has already happened. A port scan log represents reconnaissance activity that precedes an attack.
A changed admin password indicates an attack has already succeeded, making it an indicator rather than a precursor.
A port scan is a classic precursor because it is reconnaissance an attacker performs before launching an attack. Detecting it in logs warns that a threat actor may be mapping the network for vulnerabilities, signaling a potential future attack rather than one already in progress.
A malware infection notification is an indicator because it confirms a security event has already taken place on the host.
An unauthorized configuration change without an audit log entry is an indicator of a completed intrusion or policy violation, not a warning of a future attack.
Concept tested: Distinguishing precursors from indicators of compromise
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.