Post-Incident Activity and Confidentiality

Questions and Answers

Which of the following actions might an intrusion prevention system (IPS) take when it detects unusual levels of activity?

Send an alert to a system administrator

What is the purpose of using digital certificates in message signing?

To sign messages

Which cybersecurity tool examines network traffic to identify potential threats and automatically takes action against them?

IPS

What is the purpose of a firewall?

To maintain control over network traffic

Which action can be taken by an IPS to prevent further damage in a network?

Block malicious software

What does IPS stand for?

Intrusion Prevention System

What is the purpose of encrypting network traffic with a virtual private network (VPN) connection?

To protect data in motion

Which action might be triggered by a monitoring system when it detects unusual levels of activity?

Send an alert to a system administrator

What does VPN stand for?

Virtual Private Network

What is the purpose of using hashes and digital signatures in message signing?

To ensure message integrity

Which term refers to our ability to protect our data from unauthorized access?

Confidentiality

What is the purpose of the post-incident activity phase?

To lessen the impact of future incidents

What does RBAC stand for?

Role-Based Access Control

What does an IPS do in response to an attack over the network?

Refuse traffic from the source of the attack

What is the Latin term for the post-incident activity phase?

Post-Mortem

What are the three key elements to consider when assessing the impact of an attack?

Threats, vulnerabilities, risk

What is the purpose of mutual authentication?

To circumvent the normal pattern of traffic

What is the main focus of RBAC?

To allow access based on the role of the individual

What should be done in the post-incident activity phase?

Determine what happened and why

What does an IPS often work from to take action?

Information sent by the IDS