Home » Cisco » 200-201 v.2 » What is the initial event called in the NIST SP800-61?
An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group.
What is the initial event called in the NIST SP800-61?
A. online assault
B. precursor
C. trigger
D. instigator
Correct Answer: B
Explanation/Reference:
Explanation:
A precursor is a sign that a cyber-attack is about to occur on a system or network. An indicator is the actual alerts that are generated as an attack is happening. Therefore, as a security professional, it’s important to know where you can find both precursor and indicator sources of information.
The following are common sources of precursor and indicator information:
Security Information and Event Management (SIEM)
Anti-virus and anti-spam software
File integrity checking applications/software
Logs from various sources (operating systems, devices, and applications) People who report a security incident
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf