Which containment/active defense phrase emphasizes not tipping off the attacker?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which containment/active defense phrase emphasizes not tipping off the attacker?

Explanation:
Not tipping off the attacker is about keeping your defensive posture stealthy and unpredictable while you contain and study the intrusion. In containment and active defense, you want to observe how the adversary moves, what they attempt, and how they respond to your controls without revealing exactly how you’re monitoring or defending. That keeps the attacker from adjusting their tactics in ways that render your defenses useless and buys you time to respond. Framing this as adversary network segmentation and explicitly stating “avoid playing your hand” captures that idea. By segmenting the network in a way that constrains the attacker and confines their movement, you can monitor and trap behavior within controlled areas. This approach lets you gather intelligence and respond without signaling the full extent of your defenses or the precise monitoring in place, which is exactly what not tipping off the attacker aims to achieve. The other options focus more on detection, data deception, or data integrity rather than maintaining concealment. Data decoys and honeytokens are forms of deception, but they can alert the attacker to the deception or influence their behavior in predictable ways. Full-scale host/network monitoring emphasizes visibility and detection rather than stealth, and bit mangling centers on corrupting data to catch exfiltration, not on keeping defenses hidden.

Not tipping off the attacker is about keeping your defensive posture stealthy and unpredictable while you contain and study the intrusion. In containment and active defense, you want to observe how the adversary moves, what they attempt, and how they respond to your controls without revealing exactly how you’re monitoring or defending. That keeps the attacker from adjusting their tactics in ways that render your defenses useless and buys you time to respond.

Framing this as adversary network segmentation and explicitly stating “avoid playing your hand” captures that idea. By segmenting the network in a way that constrains the attacker and confines their movement, you can monitor and trap behavior within controlled areas. This approach lets you gather intelligence and respond without signaling the full extent of your defenses or the precise monitoring in place, which is exactly what not tipping off the attacker aims to achieve.

The other options focus more on detection, data deception, or data integrity rather than maintaining concealment. Data decoys and honeytokens are forms of deception, but they can alert the attacker to the deception or influence their behavior in predictable ways. Full-scale host/network monitoring emphasizes visibility and detection rather than stealth, and bit mangling centers on corrupting data to catch exfiltration, not on keeping defenses hidden.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy