Risk Management Quiz
The following role is responsible for the BCP Plan:
|
|
|
EMT Lead
|
|
|
|
DAT Lead
|
|
|
|
BCP Manager
|
|
|
|
BCP Coordinator |
2. Is there a difference between Fault Tolerance and Disaster Recovery?
3. What document outlines the purpose of the response effort?
|
|
|
Risk Management Plan
|
|
|
|
Disaster Recovery Plan
|
|
|
|
CIRT Plan
|
|
|
|
Business Continuity Plan
|
4. The overall objective of the BIA is to:
|
|
|
Gather required data
|
|
|
|
Identify the impact of outages. |
|
|
|
Address threats and vulnerabilities. |
|
|
|
Justify funding. |
5. Which of the following is NOT Malware?
|
|
|
Trojan Horse
|
|
|
|
Spam
|
|
|
|
Worm
|
|
|
|
Virus |
6. Threats are often considered in what categories, explain each?
7. What primary methods can be used to identify threats? (Check all that apply)
|
|
|
Researching quantitative assessments.
|
|
|
|
Ask employees using survey forms. |
|
|
|
Reviewing historical data
|
|
|
|
Performing threat modeling
|
|
|
|
Collect data from threat mitigation websites. |
8. List and describe the three phases in a computer forensics investigation.
9. What are the NIST SP 800-34 Rev 1 seven steps of contingency planning?
10. A business impact analysis (BIA) identifies the:
|
|
|
Maximum Tolerable Period Of Disruption (MTPOD)
|
|
|
|
Network Access Controls (NAC)
|
|
|
|
Critical Success Factors (CSFs)
|
|
|
|
Loss Of Integrity (LOI) |
11. What are the typical sections of a BCP?
12. Concerning the DRP the primary resource that management provides is:
|
|
|
Directive
|
|
|
|
Oversight
|
|
|
|
Understanding |
|
|
|
Labor |
13. One of the important steps when handling an incident is to identify the impact and priority of the incident. Describe how to determine the criticality of an attack.
14. Disaster recovery (DR) occurs
|
|
|
Around a disaster
|
|
|
|
During a disaster
|
|
|
|
After a disaster
|
|
|
|
Before a disaster |
15. Which of the following is true concerning a Service Level Agreement? (Select all that apply)
|
|
|
Identifies monetary penalties if the terms aren’t met.
|
|
|
|
Used as a contract between a service provider and a customer.
|
|
|
|
Identifies an expected level of performance
|
|
|
|
Identifies the minimum uptime or the maximum downtime
|
|
|
|
Indicates your area of concern |
16. Explain the following DRP-related terms.
• Critical business function (CBF)
• Maximum acceptable outage (MAO)
• Recovery time objectives (RTO)
• Business impact analysis (BIA)
• Business continuity plan (BCP)
17. Discuss the limitations in disaster recovery for an organization without a BIA.
18. What is the definition of mitigation techniques?
|
|
|
Any attempt to manage risk.
|
|
|
|
Individual steps you need to take to protect any system that is vulnerable.
|
|
|
|
Risk that remains after you apply controls.
|
|
|
|
Reducing the impact of a threat. |
19. When considering risk management scope within your organization, what items should be considered?
20. Explain how a CIRT Plan Mitigates an Organization’s Risk?