CIS 359 Midterm Exam Set 2 CIS 359 Midterm Exam Set 2 | Page 4

39. When an organization completely outsources its IR work, typically to an on-site contractor,
it is called a(n) ____ model.
40. The champion for the CSIRT may be the same person as the champion for the entire IR
function—typically, the ____.
41. A CSIRT model that is effective for large organizations and for organizations with major
computing resources at distant locations is the ____.
42. The announcement of an operational CSIRT should minimally include ____.
43. A key step in the ____ approach to incident response is to discover the identify of the
intruder while documenting his or her activity.
44. Using a process known as ____, network-based IDPSs look for attack patterns by comparing
measured activity to known signatures in their knowledge base to determine whether or not an
attack has occurred or may be under way.
45. The ____ is a federal law that creates a general prohibition on the realtime monitoring of
traffic data relating to communications.
46. The ____ approach for detecting intrusions is based on the frequency with which certain
network activities take place.
47. A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by
servers, network devices, and even other IDPSs.
48. ____ are closely monitored network decoys serving that can distract adversaries from more
valuable machines on a network; can provide early warning about new attack and exploitation
trends; and can allow in-depth examination of adversaries during and after exploitation.
49. In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to
inject false information to corrupt the servers’ answers to routine DNS queries from other
systems on that network.
A(n) ____ is the set of rules and configuration guidelines governing the implementation and
operation of IDPSs within the organization.