Chat with AI
Deck 11: Contingency Planning and Networking Incident Response
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 11: Contingency Planning and Networking Incident Response
1
NAS works well with real-time applications because of the latency of the communication methods.
False
2
____ planning ensures that critical business functions can continue if a disaster occurs.
A) Business response
C) Incident response
B) Business continuity planning
D) Disaster recovery
A) Business response
C) Incident response
B) Business continuity planning
D) Disaster recovery
B
3
A(n) ____ backup is the storage of all files that have changed or have been added since the last full backup.
A) full
C) incremental
B) half
D) differential
A) full
C) incremental
B) half
D) differential
D
4
The actions an organization should take while an incident is in progress are defined in a document referred to as the ____ plan.
A) business response (BR)
C) incident response (IR)
B) business impact analysis (BIA)
D) disaster recovery (DR)
A) business response (BR)
C) incident response (IR)
B) business impact analysis (BIA)
D) disaster recovery (DR)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
____ are the representative collection of individuals with a stake in the successful and uninterrupted operation of the organization's information infrastructure.
A) Product developers
C) Incident responders
B) Stakeholders
D) Vendors
A) Product developers
C) Incident responders
B) Stakeholders
D) Vendors
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Incident response focuses on immediate response to small-scale events.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
Which backup method allows for easy full-system restorations (no shuffling through tapes with partial backups on them)?
A) RAID
C) Grandfather-Father-Son (GFS)
B) The Towers of Hanoi
D) Six-tape rotation
A) RAID
C) Grandfather-Father-Son (GFS)
B) The Towers of Hanoi
D) Six-tape rotation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
The key role of a(n) ____ is defining how to reestablish operations at the location where the organization usually operates.
A) business response (BR)
C) incident response (IR)
B) business impact analysis (BIA)
D) disaster recovery (DR)
A) business response (BR)
C) incident response (IR)
B) business impact analysis (BIA)
D) disaster recovery (DR)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
RAID is a replacement for backup and recovery processes.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
The bulk transfer of data in batches to an off-site facility is called ____.
A) electronic vaulting
C) bare metal recovery
B) server clustering
D) remote journaling
A) electronic vaulting
C) bare metal recovery
B) server clustering
D) remote journaling
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
A) event
C) trigger
B) incident
D) RAID occurrence
A) event
C) trigger
B) incident
D) RAID occurrence
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
The business impact analysis (BIA) is the first major component of the CP process.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
____ techniques are generally used by organizations needing immediate data recovery after an incident or disaster.
A) Shadowing
C) Bare metal recovery
B) Clustering
D) Journaling
A) Shadowing
C) Bare metal recovery
B) Clustering
D) Journaling
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
In some organizations, which two plans are considered to be one plan, known as the Business Resumption Plan?
A) BIA plan and BC plan
C) DR plan and IR plan
B) IR plan and BC plan
D) DR plan and BC plan
A) BIA plan and BC plan
C) DR plan and IR plan
B) IR plan and BC plan
D) DR plan and BC plan
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
____ clustering is a more complex model in which all members of a cluster simultaneously provide application services.
A) Passive/active
C) Active/passive
B) Passive/passive
D) Active/active
A) Passive/active
C) Active/passive
B) Passive/passive
D) Active/active
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
The final phase of the IR planning function is plan maintenance.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
____ is the transfer of live transactions to an off-site facility.
A) Electronic vaulting
C) Bare metal recovery
B) Server clustering
D) Remote journaling
A) Electronic vaulting
C) Bare metal recovery
B) Server clustering
D) Remote journaling
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
What is a drawback of tape backups?
A) Time required to store and retrieve information
B) Cost of the media
C) Limited selection of the media
D) Small size of the tape media capacity
A) Time required to store and retrieve information
B) Cost of the media
C) Limited selection of the media
D) Small size of the tape media capacity
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Which team is responsible for conducting the BIA?
A) CP Management Team (CPMT)
C) Incident response (IR) team
B) Business continuity (BC) team
D) Disaster recovery (DR) team
A) CP Management Team (CPMT)
C) Incident response (IR) team
B) Business continuity (BC) team
D) Disaster recovery (DR) team
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Which cloud type acts as a collaboration between a few entities for the sole benefit of those entities?
A) Common clouds
C) Public clouds
B) Community clouds
D) Private clouds
A) Common clouds
C) Public clouds
B) Community clouds
D) Private clouds
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
A(n) ____________________ backup only archives the data that have been modified since the last backup (regardless of type), and thus requires less space and time than a differential backup.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Incident ____ is the process of evaluating organizational events, determining which events are possible incidents, also called incident candidates, and then determining whether or not the incident candidate is an actual incident or a nonevent, also called a false positive incident candidate.
A) identification
C) vulnerability
B) journal
D) classification
A) identification
C) vulnerability
B) journal
D) classification
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
The ____, which is also known as the Security Incident Response Team (SIRT), is the group of individuals who would be expected to respond to a detected incident.
A) CP Management Team (CPMT)
B) disaster recovery (DR) team
C) Computer Security Incident Response Team (CSIRT)
D) business continuity (BC) team
A) CP Management Team (CPMT)
B) disaster recovery (DR) team
C) Computer Security Incident Response Team (CSIRT)
D) business continuity (BC) team
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Is most commonly used in organizations that balance safety and redundancy against the costs of acquiring and operating the systems.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Is most commonly used in organizations that balance safety and redundancy against the costs of acquiring and operating the systems.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
A specialized form of disk striping with parity; is not widely used
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
A specialized form of disk striping with parity; is not widely used
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
According to D. L. Pipkin, ____ is a definite indicator of an actual incident.
A) notification from intrusion detection system (IDS)
B) activities at unexpected times
C) use of dormant accounts
D) presence of new accounts
A) notification from intrusion detection system (IDS)
B) activities at unexpected times
C) use of dormant accounts
D) presence of new accounts
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
The identification of an incident begins with the ____________________ - that is, the circumstances that cause the IR team to be activated and the IR plan to be initiated.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
The ____ review entails a detailed examination of the events that occurred from first detection to final recovery.
A) after-action
C) desk check
B) incident classification
D) structured walk-through
A) after-action
C) desk check
B) incident classification
D) structured walk-through
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
____________________ are the contractual documents guaranteeing certain minimum levels of service provided by vendors.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Commonly called disk mirroring
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Commonly called disk mirroring
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Uses block-level striping of data
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Uses block-level striping of data
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Which strategy to test contingency plans involves team members acting as defenders, using their own equipment or a duplicate environment, against realistic attacks executed by external information security professionals?
A) Parallel testing
C) Simulation
B) War gaming
D) Structured walk-through
A) Parallel testing
C) Simulation
B) War gaming
D) Structured walk-through
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Often called disk striping without parity
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Often called disk striping without parity
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Uses byte-level striping of data
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Uses byte-level striping of data
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
____________________ is the process by which the information technology and information security teams position their organizations to prepare for, detect, react to, and recover from man-made or natural events that threaten the security of information resources and assets.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Is very similar to RAID 5; however, this level adds another layer of parity data striped across the drives
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Is very similar to RAID 5; however, this level adds another layer of parity data striped across the drives
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Database ____________________ is the propagation of transactions to a remote copy of the database.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
A(n) ____ is a detailed description of the activities that occur during an attack, including the preliminary indications of the attack as well as the actions taken and the outcome.
A) trigger
C) event
B) database journal
D) attack profile
A) trigger
C) event
B) database journal
D) attack profile
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
A proprietary variation on RAID 5 in which the array works as a single virtual drive
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
A proprietary variation on RAID 5 in which the array works as a single virtual drive
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Match each item with a statement below.
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Referred to as RAID 1+0, which combines the benefits of RAID 0 and RAID 1
a.RAID Level 0
f.RAID Level 5
b.RAID Level 1
g.RAID Level 6
c.RAID Level 2
h.RAID Level 7
d.RAID Level 3
i.RAID Level 10
e.RAID Level 4
Referred to as RAID 1+0, which combines the benefits of RAID 0 and RAID 1
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
List five good information security practices that prevent attacks on the desktop.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Describe the two criteria that may cause a disaster occurrence.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Describe the Grandfather-Father-Son (GFS) backup method.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
List the four integrated contingency planning (CP) components.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
According to NIST Special Publication 800-34 Rev.1, what are the three distinct phases an organization goes through when reacting to an event that is determined to pose a threat to the organization?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Compare the protect and forget strategy with the apprehend and prosecute strategy.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What are the two key facets of incident detection?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Describe a strategy for implementing server recovery and redundancy through mirroring servers.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Compare a sequential roster to a hierarchical roster.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Describe the three forms of cloud computing.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
