Question 1

Which is the first step in the contingency planning process among the options listed here?

Accepted Answer

A)  Business continuity training 
B)  Disaster recovery planning 
C)  Business impact analysis 
D)  Incident response planning 
A)  Business continuity training 
B)  Disaster recovery planning 
C)  Business impact analysis 
D)  Incident response planning C

Question 2

Which document must be changed when evidence changes hands or is stored?

Accepted Answer

A)  Chain of custody 
B)  Search warrant 
C)  Affidavit 
D)  Evidentiary material 
A)  Chain of custody 
B)  Search warrant 
C)  Affidavit 
D)  Evidentiary material A

Question 3

At what point in the incident lifecycle is the IR plan initiated?

Accepted Answer

A)  Before an incident takes place 
B)  Once the DRP is activated 
C)  When an incident is detected that affects it 
D)  Once the BCP is activated 
A)  Before an incident takes place 
B)  Once the DRP is activated 
C)  When an incident is detected that affects it 
D)  Once the BCP is activated C

Question 4

Which of the following is a possible indicator of an actual incident?

Accepted Answer

A)  Unusual consumption of computing resources 
B)  Activities at unexpected times 
C)  Presence of hacker tools 
D)  Reported attacks 
A)  Unusual consumption of computing resources 
B)  Activities at unexpected times 
C)  Presence of hacker tools 
D)  Reported attacks

Question 5

In which type of site are no computer hardware or peripherals provided?

Accepted Answer

A)  Cold site 
B)  Warm site 
C)  Timeshare 
D)  Hot site 
A)  Cold site 
B)  Warm site 
C)  Timeshare 
D)  Hot site

Question 6

In a warm site,all services and communications links are fully configured and the site can be fully functional within minutes.

Accepted Answer

A) True 
 B)False

Question 7

Which of the following is an approach available to an organization as an overall philosophy for contingency planning reactions?

Accepted Answer

A)  Protect and forget 
B)  after-action review 
C)  Transfer to local/state/federal law enforcement 
D)  Track, hack and prosecute 
A)  Protect and forget 
B)  after-action review 
C)  Transfer to local/state/federal law enforcement 
D)  Track, hack and prosecute

Question 8

The ____________________ plan is a detailed set of processes and procedures that anticipate,detect,and mitigate the effects of an unexpected event that might compromise information resources and assets.

Accepted Answer

incident r

Question 9

After an incident,but before returning to its normal duties,the CSIRT must do which of the following?

Accepted Answer

A)  Create the incident damage assessment 
B)  Conduct an after-action review 
C)  Restore data from backups 
D)  Restore services and processes in use 
A)  Create the incident damage assessment 
B)  Conduct an after-action review 
C)  Restore data from backups 
D)  Restore services and processes in use

Question 10

Which of the following is a definite indicator of an actual incident?

Accepted Answer

A)  Unusual system crashes 
B)  Reported attack 
C)  Presence of new accounts 
D)  Use of dormant accounts 
A)  Unusual system crashes 
B)  Reported attack 
C)  Presence of new accounts 
D)  Use of dormant accounts

Question 11

Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received?.

Accepted Answer

A)  Database shadowing 
B)  Timesharing 
C)  Traditional backups 
D)  Electronic vaulting 
A)  Database shadowing 
B)  Timesharing 
C)  Traditional backups 
D)  Electronic vaulting

Question 12

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

Accepted Answer

A)  Identify resource requirements 
B)  Identify business processes 
C)  Determine mission/business processes and recovery criticality 
D)  Identify recovery priorities for system resources 
A)  Identify resource requirements 
B)  Identify business processes 
C)  Determine mission/business processes and recovery criticality 
D)  Identify recovery priorities for system resources

Question 13

A(n)____________________ occurs when an attack affects information resources and/or assets,causing actual damage or other disruptions.

Accepted Answer

The answer of A(n)____________________ occurs when an attack affects information...

Question 14

In digital forensics,all investigations follow the same basic methodology.Which of the following should be performed first in a digital forensics investigation?

Accepted Answer

A)  Report the findings to the proper authority 
B)  Acquire (seize) the evidence without alteration or damage 
C)  Identify relevant items of evidentiary value (EM) 
D)  Analyze the data without risking modification or unauthorized access 
A)  Report the findings to the proper authority 
B)  Acquire (seize) the evidence without alteration or damage 
C)  Identify relevant items of evidentiary value (EM) 
D)  Analyze the data without risking modification or unauthorized access

Question 15

In most organizations,the COO is responsible for creating the IR plan.

Accepted Answer

A) True 
 B)False

Question 16

____________________ planning ensures that critical business functions can continue if a disaster occurs.

Accepted Answer

Business c

Question 17

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution.

Accepted Answer

A) True 
 B)False

Question 18

​A(n)wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster,from first detection to final recovery.

Accepted Answer

A) True 
 B)False

Question 19

What are the major components of contingency planning?

Accepted Answer

Business impact analysis (BIA)

Question 20

Compare and contrast a hot site,a warm site,and a cold site.

Accepted Answer

Hot site-A hot site is a fully configure

Which is the first step in the contingency planning process among the options listed here?

Which document must be changed when evidence changes hands or is stored?

At what point in the incident lifecycle is the IR plan initiated?

Which of the following is a possible indicator of an actual incident?

In which type of site are no computer hardware or peripherals provided?

In a warm site,all services and communications links are fully configured and the site can be fully functional within minutes.

Which of the following is an approach available to an organization as an overall philosophy for contingency planning reactions?

The ____________________ plan is a detailed set of processes and procedures that anticipate,detect,and mitigate the effects of an unexpected event that might compromise information resources and assets.

After an incident,but before returning to its normal duties,the CSIRT must do which of the following?

Which of the following is a definite indicator of an actual incident?

Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received?.

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

A(n)____________________ occurs when an attack affects information resources and/or assets,causing actual damage or other disruptions.

In digital forensics,all investigations follow the same basic methodology.Which of the following should be performed first in a digital forensics investigation?

In most organizations,the COO is responsible for creating the IR plan.

____________________ planning ensures that critical business functions can continue if a disaster occurs.

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution.

A(n)wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster,from first detection to final recovery.

What are the major components of contingency planning?

Compare and contrast a hot site,a warm site,and a cold site.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Personnel and Security

Protection Mechanisms

Filters

Exam 10: Planning for Contingencies

Which is the first step in the contingency planning process among the options listed here?

Which document must be changed when evidence changes hands or is stored?

At what point in the incident lifecycle is the IR plan initiated?

Which of the following is a possible indicator of an actual incident?

In which type of site are no computer hardware or peripherals provided?

In a warm site,all services and communications links are fully configured and the site can be fully functional within minutes.

Which of the following is an approach available to an organization as an overall philosophy for contingency planning reactions?

The ____________________ plan is a detailed set of processes and procedures that anticipate,detect,and mitigate the effects of an unexpected event that might compromise information resources and assets.

After an incident,but before returning to its normal duties,the CSIRT must do which of the following?

Which of the following is a definite indicator of an actual incident?

Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received?.

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

A(n)____________________ occurs when an attack affects information resources and/or assets,causing actual damage or other disruptions.

In digital forensics,all investigations follow the same basic methodology.Which of the following should be performed first in a digital forensics investigation?

In most organizations,the COO is responsible for creating the IR plan.

____________________ planning ensures that critical business functions can continue if a disaster occurs.

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution.

​A(n)wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster,from first detection to final recovery.

What are the major components of contingency planning?

Compare and contrast a hot site,a warm site,and a cold site.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Personnel and Security

Protection Mechanisms

Filters

A(n)wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster,from first detection to final recovery.