Chapter 7 ■ Security Operations (Domain 7) 165
C. Restoring operations in the primary facility
D. Standing down first responders
- Melanie suspects that someone is using malicious software to steal computing cycles from
her company. Which one of the following security tools would be in the best position to
detect this type of incident?
A. NIDS
B. Firewall
C. HIDS
D. DLP - Brandon observes that an authorized user of a system on his network recently misused his
account to exploit a system vulnerability against a shared server that allowed him to gain
root access to that server. What type of attack took place?
A. Denial of service
B. Privilege escalation
C. Reconnaissance
D. Brute force - Carla has worked for her company for 15 years and has held a variety of different posi-
tions. Each time she changed positions, she gained new privileges associated with that
position, but no privileges were ever taken away. What concept describes the sets of privi-
leges she has accumulated?
A. Entitlement
B. Aggregation
C. Transitivity
D. Isolation - During what phase of the incident response process do administrators take action to limit
the effect or scope of an incident?
A. Detection
B. Response
C. Mitigation
D. Recovery
For questions 65–68, please refer to the following scenario:
Ann is a security professional for a midsized business and typically handles log analysis
and security monitoring tasks for her organization. One of her roles is to monitor alerts
originating from the organization’s intrusion detection system. The system typically gen-
erates several dozen alerts each day, and many of those alerts turn out to be false alarms
after her investigation.
This morning, the intrusion detection system alerted because the network began to receive
an unusually high volume of inbound traffic. Ann received this alert and began looking
into the origin of the traffic.