nerdexam
Cisco

210-255 · Question #161

Which example of a precursor is true?

The correct answer is B. A log indicating a port scan was run against a host.. A precursor signals that an attack may occur in the future, while an indicator shows an attack is occurring or has already happened. A port scan log represents reconnaissance activity that precedes an attack.

Security Monitoring

Question

Which example of a precursor is true?

Options

  • AAn admin finds their password has been changed.
  • BA log indicating a port scan was run against a host.
  • CA notification that a host is infected with malware.
  • DA device configuration changed from the baseline without an audit log entry.

How the community answered

(30 responses)
  • A
    3% (1)
  • B
    87% (26)
  • C
    3% (1)
  • D
    7% (2)

Why each option

A precursor signals that an attack may occur in the future, while an indicator shows an attack is occurring or has already happened. A port scan log represents reconnaissance activity that precedes an attack.

AAn admin finds their password has been changed.

A changed admin password indicates an attack has already succeeded, making it an indicator rather than a precursor.

BA log indicating a port scan was run against a host.Correct

A port scan is a classic precursor because it is reconnaissance an attacker performs before launching an attack. Detecting it in logs warns that a threat actor may be mapping the network for vulnerabilities, signaling a potential future attack rather than one already in progress.

CA notification that a host is infected with malware.

A malware infection notification is an indicator because it confirms a security event has already taken place on the host.

DA device configuration changed from the baseline without an audit log entry.

An unauthorized configuration change without an audit log entry is an indicator of a completed intrusion or policy violation, not a warning of a future attack.

Concept tested: Distinguishing precursors from indicators of compromise

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#precursors#indicators of compromise#port scan#incident detection

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice