A company is applying the NIST.SP800-61 r2 incident handling process to security events. What are two examples of incidents that are in the category of precursor? (Choose two.)
- multiple failed logins from an unknown source
- log entries that show a response to a port scan
- an IDS alert message being sent
- a newly-discovered vulnerability in Apache web servers
- a host that has been verified as infected with malware
Explanation: As an incident category, the precursor is a sign that an incident might occur in the future. Examples of precursors are log entries that show a response to a port scan or a newly-discovered vulnerability in web servers using Apache.