2 tries left Which step should happen first as part of the incident response process? A. Recognition of an attack B. Recovery from backups C. Containment of the problem by the incident response team D. Analysis of the root cause of the incident That's incorrect. Which of the following statements are true? (Check all that apply.) A. The CIRT should include technical specialists. B. Members of the CIRT must have multiple methods of communicating with one another (e.g., e-mail, landlines, cellphones, etc.). C. The CIRT should include members of senior management. D. None of these are correct Which of the following statements are true? (Check all that apply.) A. Ideally, the CISO should report to a member of senior management, such as the COO or CEO, rather than to the CIO. B. The CIO needs to work closely with the person in charge of physical security because unauthorized physical access enables an attacker to bypass logical access controls. C. Organizations that have a CISO are more likely to have welltrained CIRT. D. The ClO has responsibility that vulnerability risk assessments and security audits are periodically conducted. One way to improve the efficiency and effectiveness of log analysis is to use a(n): A. Intrusion Detection System (IDS) B. DMZ C. SIEM D. None of these are correct That's incorrect. 3 tries left Which of the following statements is(are) true? (Check all that apply.) A. Creating the position of CISO is one way to satisfy the time-based model of security by reducing the value of R. B. A CIRT can improve the time-based model of security by increasing the value of R. C. Creating the position of CISO is one way to satisfy the time-based model of security by increasing the value of R. D. A CIRT can improve the time-based model of security by reducing the value of R. Which of the following statements are true? (Check all that apply.) A. The goal of log analysis is to determine the reasons for events such as a failed login attempt. B. Log analysis can be automated by installing a SIEM. C. Log analysis should be done once a year. D. Finding changes in log records is an indication that a system has been compromised. Which activity are accountants most likely to participate in? A. Continuous monitoring B. Installing and monitoring a honeypot C. Log analysis D. Running an IDS That's incorrect. A. Length (number of characters) is more important than complexity (number of different types of characters) in determining the strength of a password or passphrase. B. The authorization process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authentication process determines whether to grant an employee access to the system. C. Complexity (number of different types of characters) is more important than length (number of characters) in determining the strength of a password or passphrase. D. The authentication process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authorization process determines whether to grant an employee access to the system. That's incorrect. Which of the following statements is true? A. A DMZ is a separate network located outside the organization's internal information system. B. Firewalls protect a network by looking for patterns in incoming traffic to identify and automatically block attacks. C. A firewall that inspects the data portion of a TCP packet is performing a process referred to as packet-filtering. D. Routers should be configured to perform deep packet inspection. Try again