Which term defines the initial event in the NIST SP800- 61 r2?

– by 12

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800- 61 r2?
A. instigator
B. precursor
C. online assault
D. trigger

cisco-exams

12 thoughts on “Which term defines the initial event in the NIST SP800- 61 r2?

  2. as per NIST the answer is B…apparently the one going to mark our exams are CISCO who referenced all in thier trainings and guidelines and NIST also…so what is in the marking scheme is B…I choose B!!

    #my_thoughts

    Reply

  3. Signs of an incident fall into one of two categories: precursors and indicators. A precursor is a sign that an incident may occur in the future. An indicator is a sign that an incident may have occurred or may be occurring now.
    Answer = B

    Reply

  5. Most attacks do not have any identifiable or detectable precursors from the target’s perspective. If
    precursors are detected, the organization may have an opportunity to prevent the incident by altering its
    security posture to save a target from attack

    SO B

    Reply

  6. @T-ro: I’ve literally searched the word “trigger” in the NIST document and there’s nothing as such. @Cornholio gives the exact content of the document. Answer should be B.

    Reply

  7. ok, after reviewing and researching I’ve determined that this question is a little tricky. NIST only lists two events. It suggests that PRECURSORS are the start of a malicious event. However, cyber security reports and documents that I’ve read all state that an initial event is called a TRIGGER.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.