166 Chapter 7 ■ Security Operations (Domain 7)
- At this point in the incident response process, what term best describes what has occurred
in Ann’s organization?
A. Security occurrence
B. Security incident
C. Security event
D. Security intrusion - Ann continues her investigation and realizes that the traffic generating the alert is abnor-
mally high volumes of inbound UDP traffic on port 53. What service typically uses
this port?
A. DNS
B. SSH/SCP
C. SSL/TLS
D. HTTP - As Ann analyzes the traffic further, she realizes that the traffic is coming from many dif-
ferent sources and has overwhelmed the network, preventing legitimate uses. The inbound
packets are responses to queries that she does not see in outbound traffic. The responses
are abnormally large for their type. What type of attack should Ann suspect?
A. Reconnaissance
B. Malicious code
C. System penetration
D. Denial of service - Now that Ann understands that an attack has taken place that violates her organization’s
security policy, what term best describes what has occurred in Ann’s organization?
A. Security occurrence
B. Security incident
C. Security event
D. Security intrusion - Frank is seeking to introduce a hacker’s laptop in court as evidence against the hacker. The
laptop does contain logs that indicate the hacker committed the crime, but the court ruled
that the search of the apartment that resulted in police finding the laptop was unconstitu-
tional. What admissibility criteria prevents Frank from introducing the laptop as evidence?
A. Materiality
B. Relevance
C. Hearsay
D. Competence