1. A computer incident is a violation of a security policy or security practice. P 393 2. All events on a system or network are considered computer security incidents. P 394 b. false 3. An administrator has discovered that a Web server is responding very slowly. Investigation shows that the processor, memory, and network resources are being consumed by outside attackers. This is a DoS or DDoS attack. P 402-403 4. A user has installed P2P software on a system. The organization’s policy specifically states this is unauthorized. An administrator discovered the software on the user’s system. Is this a computer security incident? If so, what type? P 394 c. this is a form of inappropriate usage 5. Some malware can execute on a user’s system after the user accesses a Web site. The malware executes from within the Web browser. What type of malware is this? P 404 d. e. f. mobile code 6. A malicious virus is replicating and causing damage to computers. How do security professionals refer to the virus? P 407 d. in the wild 7. What is the greatest risk to an organization when peer-to-peer software is installed on a user’s system? P 408 c. data leakage 8. Only police or other law enforcement personnel are allowed to do computer forensic investigations. P 400 g. false 9. A log has shown that a user has copied proprietary data to his computer. The organization wants to take legal action against the user. You are tasked with seizing the computer as evidence. What should you establish as soon as you seize the computer? P 399 d. chain of custody 10. Many steps are taken before, during, and after an incident. Of the following choices, what accurately identifies the incident response life cycle? P 402 c. preparation, detection and analysis, containment, eradication and recovery, and