================================================= CIS 359 Midterm Exam Set 3
42 . The announcement of an operational CSIRT should minimally include ____.
43 . A key step in the ____ approach to incident response is to discover the identify of the intruder while documenting his or her activity .
44 . Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way .
45 . The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications .
46 . The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place .
47 . A ( n ) ____ , a type of IDPS that is similar to the NIDPS , reviews the log files generated by servers , network devices , and even other IDPSs .
48 . ____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network ; can provide early warning about new attack and exploitation trends ; and can allow in-depth examination of adversaries during and after exploitation .
49 . In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers ’ answers to routine DNS queries from other systems on that network .
50 . A ( n ) ____ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization .
================================================= CIS 359 Midterm Exam Set 3