Information security and risk management
Chap -14
QUESTION 1
1. What occurs when steps and procedures are taken that are outside the scope of the DRP?
|
|
|
enhanced protection |
|
|
|
waste of resources |
|
|
|
slow recovery |
|
|
|
loss of CBFs |
0.10000 points
QUESTION 2
1. DR occurs after a ________.
|
|
|
disaster |
|
|
|
BIA |
|
|
|
BCP |
|
|
|
test |
0.10000 points
QUESTION 3
1. The goal of backing up data is to be able to store it at an off-site location in case something compromises the original data.
True
False
0.10000 points
QUESTION 4
1. A key difference between a BCP and a DRP is that a DRP does not need to be tested.
True
False
0.10000 points
QUESTION 5
1. RTOs identify when a system must be recovered.
True
False
0.10000 points
QUESTION 6
1. CBFs support _________.
|
|
|
CSFs |
|
|
|
mission-critical data |
|
|
|
DRPs |
|
|
|
mission-critical operations |
0.10000 points
QUESTION 7
1. A warm site is a compromise between a hot site and a cold site.
True
False
0.10000 points
QUESTION 8
1. When considering options and needs for your alternate location, you should consider and address access for all of the following, EXCEPT:
|
|
|
customer |
|
|
|
management |
|
|
|
user |
|
|
|
vendor |
0.10000 points
QUESTION 9
1. Changes in an organization cannot affect CBFs.
True
False
0.10000 points
QUESTION 10
1. By addressing CBFs, DRPs help ensure that critical servers and services continue.
True
False
0.10000 points
QUESTION 11
1. A phone tree is a(n) __________________________.
|
|
|
list of contacts that a DRP coordinator must inform in the event of a disaster or disruption |
|
|
|
alternate name for a cell tower, which may be damaged during a disaster and result in a loss of communication |
|
|
|
method to facilitate calling a large group of people |
|
|
|
alternate name for a landline service provider, which may be damaged during a disaster and result in a loss of communication |
0.10000 points
QUESTION 12
1. A redundant backup site is _______________.
|
|
|
hosted by a third-party vendor |
|
|
|
a compromise between a hot site and a cold site |
|
|
|
another term for the off-site storage of copies of backups |
|
|
|
an outdated type of site |
0.10000 points
QUESTION 13
1. A major tropical storm hits your area of business and creates a flood that destroys several servers containing vital data as well as all the backups of that data in that location. But, thanks to your DRP, you are able to restore the data. How is this possible?
|
|
|
DRP developers deploy a team of SMEs to re-create the data. |
|
|
|
The backup policy specified storing backups off-site. |
|
|
|
DRP developers are trained to re-create data based on their knowledge of the organization. |
|
|
|
The backup policy specified steps to restoring damaged servers in the event of a disaster. |
0.10000 points
QUESTION 14
1. What is the primary resource that management provides for the DRP?
|
|
|
an overall vision |
|
|
|
funds |
|
|
|
data |
|
|
|
labor |
0.10000 points
QUESTION 15
1. Sustaining business operations is a concern for BCPs and not DRPs, because BCPs focus on business continuity, while DRPs solely focus on the recovery process.
True
False
0.10000 points
QUESTION 16
1. What communication elements are important to the success of a DRP?
|
|
|
recovery, sustaining business operations, and normalization |
|
|
|
the reason for planning, recognition of disaster/disruption, reaction to disaster/disruption, recovery from disaster/disruption, restoration of CBFs, return to normal operations, rest and relaxation time for responders, and re-evaluation and re-documentation of how to improve the DRP in case of another incident |
|
|
|
hardware, software, data, and connectivity |
|
|
|
recall, users, customers, and a communication plan |
0.10000 points
QUESTION 17
1. The eight Rs of recovery planning are: reason for planning, recognition, reaction, recovery, restoration, return to normal, rest and relax, and re-evaluate and re-document.
True
False
0.10000 points
QUESTION 18
1. Performing backups of critical data is an integral part of any recovery plan.
True
False
0.10000 points
QUESTION 19
1. Choose the accurate list of alternate terms for a DRP.
|
|
|
continuity planning; business interruption planning; corporate contingency planning; business impact planning; fault tolerance; disaster preparedness |
|
|
|
contingency planning; business continuity planning; corporate continuity planning; fault tolerance; disaster preparedness; system recovery planning |
|
|
|
CBF; MAO; RTO; BIA; BCP; DAT; TRT; EMT |
|
|
|
contingency planning; business resumption planning; corporate contingency planning; business interruption planning; disaster preparedness |
0.10000 points
QUESTION 20
1. Electronic vaulting is a method that transfers the backup of data to an off-site location.
True
False
0.10000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Chap -15
QUESTION 1
1. Once you’ve identified how to calculate the impact and priority, you can then focus on checklists.
True
False
0.10000 points
QUESTION 2
1. As you enter the detection and analysis phase of the incident handling process, what is an action you might take?
|
|
|
running a virus scan |
|
|
|
creating a CIRT plan |
|
|
|
performing a backup |
|
|
|
launching a counter-attack against the source of the incident |
0.10000 points
QUESTION 3
1. CIRT stands for ____________.
|
|
|
computer information recovery technology |
|
|
|
critical information response teams |
|
|
|
critical information recovery technology |
|
|
|
computer incident response teams |
0.10000 points
QUESTION 4
1. New types of malware appear on a daily basis.
True
False
0.10000 points
QUESTION 5
1. Members of a CIRT team are usually identified by __________, rather than by ___________ within the plan.
|
|
|
title, CIRT duty |
|
|
|
title, name |
|
|
|
CIRT duty, title |
|
|
|
name, title |
0.10000 points
QUESTION 6
1. Incident response teams often ____________________.
|
|
|
rely on help from SMEs |
|
|
|
assess fees for violations in the chain of custody |
|
|
|
help create the CIRT plan |
|
|
|
work closely with the BCP coordinator |
0.10000 points
QUESTION 7
1. A Syn flood attack is an older kind of DoS attack and is no longer used.
True
False
0.10000 points
QUESTION 8
1. What is NOT an indication that a DoS attack is occurring?
|
|
|
if the IDS system alerts an attack |
|
|
|
if users report that they are receiving a large amount of popup ads |
|
|
|
if users report system unavailability |
|
|
|
if there are unexplained connection losses |
0.10000 points
QUESTION 9
1. Once attackers gain access, they try to __________.
|
|
|
use privilege escalation techniques to gain additional access |
|
|
|
exploit that access |
|
|
|
attack or deface a Web server |
|
|
|
view or copy sensitive data without authorization |
0.10000 points
QUESTION 10
1. One of the main problems with P2P software is data leakage.
True
False
0.10000 points
QUESTION 11
1. What is the purpose of a CIRT plan?
|
|
|
to help an organization prepare for computer incidents |
|
|
|
to help an organization respond to computer incidents |
|
|
|
to ensure that CBFs are not affected by computer attacks |
|
|
|
to facilitate an easy recovery in the event of an attack |
0.10000 points
QUESTION 12
1. The primary method of protecting against malware is education and training, although the secondary method of protection, antivirus software, is also quite helpful.
True
False
0.10000 points
QUESTION 13
1. Use of anonymizers is encouraged in most workplaces, because anonymizers encrypt data and make it harder for attackers to gain access.
True
False
0.10000 points
QUESTION 14
1. What is NOT a step in the process of hardening a server?
|
|
|
installing AVs |
|
|
|
reducing the attack surface |
|
|
|
enabling IDSs |
|
|
|
enabling firewalls |
0.10000 points
QUESTION 15
1. Defining a computer security incident is _______.
|
|
|
unnecessary because all members of a CIRT team should know what all the definitions are |
|
|
|
done by software |
|
|
|
a best practice when implementing your CIRT plan |
|
|
|
done collectively by all CIRT members |
0.10000 points
QUESTION 16
1. If, during the course of their investigation into the incident, CIRT members have a chance to launch a counter-attack on the attackers who first caused the incident, they should take the opportunity to do so. Launching a counter-attack is important to protecting CBFs.
True
False
0.10000 points
QUESTION 17
1. Worms are a type of malware that executes when a user visits a website or opens an e-mail.
True
False
0.10000 points
QUESTION 18
1. Generally, the three phases of a computer forensics investigation are to acquire the evidence, authenticate the evidence, and then analyze the evidence.
True
False
0.10000 points
QUESTION 19
1. A computer incident and a computer security incident are synonymous terms.
True
False
0.10000 points
QUESTION 20
1. What is not a consideration on a DoS checklist?
|
|
|
eradication |
|
|
|
recovery |
|
|
|
encryption |
|
|
|
containment |
0.10000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Lab 9
1.
2. True or False: When considering data backups, it is most important to verify that the integrity of the backup file or data is valid
True
False
0.25000 points
QUESTION 2
1. True or False: Testing is a crucial element to achieve a defined RTO.
True
False
0.25000 points
QUESTION 3
1. True or False: in a DRP, documented backup and recovery procedures help achieve RTO
True
False
0.25000 points
QUESTION 4
1. True or False: Data stored on shared e-mail servers is a viable backup and data storage solution.
True
False
0.25000 points
QUESTION 5
1. True or False: Disaster recovery backup and recovery documentation must be detailed enough that a third party can follow the steps and instructions.
True
False
0.25000 points
QUESTION 6
1. True or False: To achieve an RTO of 0, you need 100 percent redundant, hot-stand-by IT infrastructure.
True
False
0.25000 points
QUESTION 7
1. True or False: If you drive RTO lower, you can eliminate human steps and procedures that must be performed by the IT security specialist.
True
False
0.25000 points
QUESTION 8
1. True or False: the easier and faster it is to reload backup IT systems and applications and recover data, the longer the RTO.
True
False
0.25000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Lab 10
QUESTION 1
1. True or False: A protocol analyzer allows a CIRT team to capture the protocol interaction between IP host devices.
True
False
0.25000 points
QUESTION 2
1. Which step in the CIRT response methodology relates back to the RTO for critical IT system?
|
|
|
Identification |
|
|
|
Containment |
|
|
|
Post-mortem Review |
|
|
|
Recovery |
0.25000 points
QUESTION 3
1. What step in the CIRT response methodology requires security applications and tools readiness?
|
|
|
Preparation |
|
|
|
Identification |
|
|
|
Containment |
|
|
|
Recovery |
0.25000 points
QUESTION 4
1. True or False: A CIRT plan can direct an organization’s resources to handle critical incidents and real-time security breaches.
True
False
0.25000 points
QUESTION 5
1. What step in the CIRT response methodology requires review with executive management?
|
|
|
Recovery |
|
|
|
Containment |
|
|
|
Post-mortem review |
|
|
|
Identification |
0.25000 points
QUESTION 6
1. True or False: CIRT post-mortem reviews help organizations better prepare and learn how to prevent the incident from occurring again.
True
False
0.25000 points
QUESTION 7
1. True or False: a CIRT plan can direct an organization’s resources to handle critical incidents and real-time security breaches.
True
False
0.25000 points
QUESTION 8
1. What step in the CIRT response methodology requires proper handling of digital evidence?
|
|
|
:Post-mortem review |
|
|
|
Containment |
|
|
|
Recovery |
|
|
|
Identification |
0.25000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Project work
1. Using the 2nd Project Template and the weaknesses identified in the 1st column of the template complete the Threats, Risks, and Controls/Countermeasures that correspond to each weakness.
· More than one Threat and/or one Risk and/or one Control/Countermeasure can exist for each weakness.
· Do not include the Data Centers because they are owned by 3rd party vendors who maintain their own Risk Management plan.
Your grade will be based on the information provided in the 2nd Project Information document and 1st column of the template. You may be able to use the Risk Management items from the Group project that apply to this scenario but do not add any new weaknesses to the template.
NOTE: one of the issues I discovered in the Group project was that some Threats were listed as Risks; some Risks as Threat, etc. Make sure you understand these terms.
A Weakness is something that violates an existing (or potential) policy/procedures
A Threat is a danger that exploits the Weakness
A Risk involves the loss/impact of a tangible or intangible asset (Quantitative/Qualitative)
A Countermeasure reduces/eliminate the Threat/Loss