168 Chapter 7 ■ Security Operations (Domain 7)
- Allie is responsible for reviewing authentication logs on her organization’s network. She
does not have the time to review all logs, so she decides to choose only records where there
have been four or more invalid authentication attempts. What technique is Allie using to
reduce the size of the pool?
A. Sampling
B. Random selection
C. Clipping
D. Statistical analysis - You are performing an investigation into a potential bot infection on your network and
wish to perform a forensic analysis of the information that passed between different sys-
tems on your network and those on the Internet. You believe that the information was
likely encrypted. You are beginning your investigation after the activity concluded. What
would be the best and easiest way to obtain the source of this information?
A. Packet captures
B. Netflow data
C. Intrusion detection system logs
D. Centralized authentication records - Which one of the following tools helps system administrators by providing a standard,
secure template of configuration settings for operating systems and applications?
A. Security guidelines
B. Security policy
C. Baseline configuration
D. Running configuration - What type of disaster recovery test activates the alternate processing facility and uses it to
conduct transactions but leaves the primary site up and running?
A. Full interruption test
B. Parallel test
C. Checklist review
D. Tabletop exercise - During which phase of the incident response process would an analyst receive an intrusion
detection system alert and verify its accuracy?
A. Response
B. Mitigation
C. Detection
D. Reporting