CND Categories
Incident or Event
Counter-measures
Tactics (Active)
100
This is an unauthorized non-privileged access to an IS.
What is User Level intrusion?
100
"Distributed Denial-of-Service" is this type of incident/event.
What is Denial of Service.
100
This provides a barrier to intruders at a selected boundary.
What is a Firewall?
100
Establish awareness of unauthorized network activity/intruder to support defense of resources
What is "detect"?
200
These are activities that deny, degrade, or disrupts normal functionality of an IS or information network
What is Denial of Service
200
"Trojan Horse" that doesn't grant the attacker administrative access is this type of incident/event.
What is User Level Intrusion.
200
These provide filters and rules for allowing or blocking entry
What are Access controls?
200
Segregate suspected activity/intruder from authorized users to contain and limit access.
What is "Isolate"?
300
This is activity that potentially exposes ISs to increased risk as a result of action or inaction of authorized users
What is Non-compliance activity?
300
A "Virus" that is detected and deleted before any damage is done to an IS is this type of incident/event.
What is Unsuccessful Attempt.
300
Establish mechanism to determine the identity of a user or device
What are Authentication controls?
300
Watch intruder to determine purpose or operating procedures
What is "Monitor"?
400
This is an installation of software that is designed and/or deployed by adversaries with malicious intentions
What is Malicious Logic?
400
A "worm" is this type of incident/event.
What is Malicious Logic.
400
This is a Proxy or other server this is robust enough to resist malicious activity or intrusion.
What is a Hardened OS?
400
End intruder session in order to deny network access.
What is "Terminate"?
500
These are suspicious events that after further investigation are determined to be non-malicious activity and do not fit any other category.
What is an Explained Anomaly?
500
A "Rootkit" is this type of incident/event.
What is Root Level Intrusion.
500
Used to detect unauthorized access to sensitive data
What is Intrusion Detection?
500
Used to avoid the enemy's attempt to engage or monitor.
What is "Evade"?
Continue
ESC
Reveal Correct Response
Spacebar
M
e
n
u
Team 1
0
+
-
AIR: Computer Network Defense
No teams
1 team
2 teams
3 teams
4 teams
5 teams
6 teams
7 teams
8 teams
9 teams
10 teams
Custom
Press
F11
Select menu option
View > Enter Fullscreen
for full-screen mode
Edit
•
Print
•
Download
•
Embed
•
Share
JeopardyLabs